Winfixer 2005 ProblemThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
29.11.2005, 18:13
...neu hier
Beiträge: 6 |
||
|
||
29.11.2005, 20:38
Member
Beiträge: 17 |
#32
Hallo,
ich bin auch gerade durch Zufall auf dieses Forum gekommen. Vor knapp 2 Wochen habe ich mir den Winfixer eingefangen. Es wäre super, wenn Ihr mir helfen könntet. Hier ist mein aktuelles Logfile: Logfile of HijackThis v1.99.1 Scan saved at 20:30:55, on 29.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\runservice.exe C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\UAService7.exe C:\Programme\Winamp3\winampa.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Network Associates\Common Framework\UpdaterUI.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\QuickTime\qttask.exe C:\Programme\D-Tools\daemon.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe D:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\Razer\razerhid.exe C:\Programme\SurfAccuracy\SAcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\rundll32.exe D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\Razer\razerofa.exe D:\Common\Bin\WinCinemaMgr.exe C:\Programme\FRITZ!DSL\FritzDsl.exe C:\WINDOWS\system32\ntvdm.exe D:\Programme\HP\Digital Imaging\bin\hpqgalry.exe C:\OPLIMIT\ocrawr32.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Internet Explorer\iexplore.exe D:\Programme\Neuer Ordner\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paninicomics.de/forum/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HP Software Update] D:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe O4 - HKLM\..\Run: [180sa] c:\programme\180search assistant\180sa.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - Startup: FRITZ!web DSL.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Alles mit FlashGet laden - D:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Mit FlashGet laden - D:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open using &Advanced JPEG Compressor - D:\Programme\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://home.arcor.de/myst3ria/devilgirl/ThumbnailFrame.html O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://static.35mb.com/applet/applet_y.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{72C2A23D-1F8E-4CA8-B8B4-D2A8B2589F45}: NameServer = 192.168.122.252,192.168.122.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{754D387B-F1E3-4326-8837-FCA01F47BEBB}: NameServer = 194.25.0.69,194.25.0.70 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe Ich sage schon mal: Vielen Dank im Vorraus. |
|
|
||
30.11.2005, 00:37
Ehrenmitglied
Beiträge: 29434 |
#33
stadtbummel
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - D:\WINNT\nem220.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - D:\WINNT\wsem303.dll (file missing) O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - D:\Programme\YourSiteBar\ysb.dll (file missing) O4 - HKLM\..\Run: [Java] C:\wx.exe O4 - HKLM\..\Run: [SurfAccuracy] D:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Power Scan] D:\Programme\Power Scan\powerscan.exe O4 - HKLM\..\Run: [IST Service] D:\Programme\ISTsvc\istsvc.exe O4 - HKCU\..\Run: [WinFixer 2005] "D:\Programme\WinFixer 2005\wfx5.exe" O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Programme\SideFind\sidefind.dll D:\WINNT\web\related.htm O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab PC neustarten KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\wx.exe D:\Programme\WinFixer 2005\wfx5.exe D:\Programme\SurfAccuracy\SAcc.exe D:\Programme\Power Scan\powerscan.exe D:\Programme\SideFind\sidefind.dll D:\Programme\ISTsvc\istsvc.exe D:\WINNT\system32\loavtapi.exe PC neustarten Killbox DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. D:\Programme\YourSiteBar D:\Programme\WinFixer 2005 D:\Programme\SurfAccuracy D:\Programme\Power Scan D:\Programme\SideFind D:\Programme\ISTsvc PC neustarten Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu http://virus-protect.org/counterspy.html TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2005, 00:45
Ehrenmitglied
Beiträge: 29434 |
#34
nebsirob
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe O4 - HKLM\..\Run: [180sa] c:\programme\180search assistant\180sa.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe PC neustarten wende Cleanup an http://virus-protect.org/cleanup.html kopiere hier die 4 Textdateien (2 Monate genuegen...vom Datum her) http://virus-protect.org/datfindbat.html Killbox DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Programme\Razer C:\Programme\SurfAccuracy Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu http://virus-protect.org/counterspy.html KOPIERE BITTE DEN SCANREPORT HIER __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2005, 17:38
...neu hier
Beiträge: 2 |
#35
Hallo ich habe auch ein problem mit winfixer 2005 ich hab auch ein HijackThis log gemacht und wollte ma gerne fragen was ich nun machen muss!
Hoffentlich kann mir einer helfen weil mich das ziehmlich nervt!!! Logfile of HijackThis v1.99.1 Scan saved at 17:37:17, on 29.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\D-Link AirPlus\AirPlus.exe C:\Programme\OpenOffice.org1.1.4\program\soffice.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\eMule\emule.exe C:\Programme\Windows Media Player\wmplayer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\Admin\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1und1.de/Herzlich_Willkommen/b1/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWareD&VersionNum=5................ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll (file missing) O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programme\OpenOffice.org1.1.4\program\quickstart.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Office2K\Office\OSA9.EXE O4 - Global Startup: p6übersicht.lnk = C:\Programme\phase6\phase6\WinStart\WinStart.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/ O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe vielen dank für hilfe |
|
|
||
30.11.2005, 17:53
Ehrenmitglied
Beiträge: 29434 |
#36
Hallo@Stephan Steve_o
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=..... O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll (file missing) PC neustarten wende Cleanup an http://virus-protect.org/cleanup.html Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2005, 20:02
...neu hier
Beiträge: 2 |
#37
danke sabina bis jetzt (also 2std) is alles ok
Hoffen wa ma das das so anhält ..denn sowas geht einen echt aufm sack ^^ [/url] |
|
|
||
30.11.2005, 20:31
Ehrenmitglied
Beiträge: 29434 |
#38
Steve_o
wenn du bestimmt Seiten meiden wuerdest, haettest du nun nicht diese oben angefuehrten Beschwerden __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2005, 21:30
Member
Beiträge: 17 |
#39
Hallo Sabine,
erst einmal vielen Dank für die schnelle Antwort. Hier sind die Reporte: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 74CC-A7FD Verzeichnis von C:\WINDOWS\system32 30.11.2005 03:04 865 mmf.sys 27.11.2005 12:49 13.728 wpa.dbl 26.11.2005 05:28 167.936 dgsspack.exe 26.11.2005 05:28 45.056 pluverif.dll 21.11.2005 01:02 499.712 rematsrv.exe 10.11.2005 08:15 249.184 FNTCACHE.DAT 02.11.2005 06:34 2.377.568 MRT.exe 01.11.2005 20:53 53.352 jpicpl32.cpl 01.11.2005 20:53 28.768 javaw.exe 01.11.2005 20:53 24.670 java.exe 30.10.2005 12:55 380.486 perfh009.dat 30.10.2005 12:55 391.330 perfh007.dat 30.10.2005 12:55 52.900 perfc009.dat 30.10.2005 12:55 63.778 perfc007.dat 30.10.2005 12:55 897.954 PerfStringBackup.INI 13.10.2005 08:11 118.784 sirenacm.dll 06.10.2005 04:18 280.064 gdi32.dll 06.10.2005 04:08 1.839.616 win32k.sys 04.10.2005 16:26 3.013.120 mshtml.dll 29.09.2005 19:19 8 E736E7BAE0.sys 23.09.2005 04:06 8.491.520 shell32.dll 10.09.2005 02:54 2.067.968 cdosys.dll 08.09.2005 09:08 2 RICHTX.DEP 03.09.2005 00:53 664.064 wininet.dll 03.09.2005 00:53 55.808 extmgr.dll 03.09.2005 00:53 205.312 dxtrans.dll 03.09.2005 00:53 448.512 mshtmled.dll 03.09.2005 00:53 474.112 shlwapi.dll 03.09.2005 00:53 530.432 mstime.dll 03.09.2005 00:53 251.392 iepeers.dll 03.09.2005 00:53 39.424 pngfilt.dll 03.09.2005 00:53 1.484.288 shdocvw.dll 03.09.2005 00:53 605.696 urlmon.dll 03.09.2005 00:53 146.432 msrating.dll 03.09.2005 00:53 96.768 inseng.dll 03.09.2005 00:53 1.019.904 browseui.dll 03.09.2005 00:53 1.055.744 danim.dll 03.09.2005 00:53 152.064 cdfview.dll 01.09.2005 02:44 292.352 winsrv.dll 01.09.2005 02:44 19.968 linkinfo.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 74CC-A7FD Verzeichnis von C:\ 30.11.2005 03:09 0 systemtemp.txt 30.11.2005 03:09 115.299 system32.txt 30.11.2005 03:04 1.610.612.736 pagefile.sys 26.07.2005 23:34 184 Setup.log 13.07.2005 05:34 79 gputest.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 74CC-A7FD Verzeichnis von C:\WINDOWS 30.11.2005 03:09 24 psc2M 30.11.2005 03:05 159 wiadebug.log 30.11.2005 03:05 1.564.857 WindowsUpdate.log 30.11.2005 03:05 50 wiaservc.log 30.11.2005 03:04 0 0.log 30.11.2005 03:04 2.048 bootstat.dat 30.11.2005 03:03 32.592 SchedLgU.Txt 30.11.2005 03:02 1.822 oplimit.ini 25.11.2005 17:59 512 randseed.rnd 23.11.2005 02:26 530.475 setupapi.log 22.11.2005 00:26 183.156 wmsetup.log 15.11.2005 17:27 3.299 tm.ini 10.11.2005 05:48 125.501 ntdtcsetup.log 10.11.2005 05:48 96.959 iis6.log 10.11.2005 05:48 208.151 comsetup.log 10.11.2005 05:48 26.914 ocmsn.log 10.11.2005 05:48 1.393 imsins.log 10.11.2005 05:48 241.243 tsoc.log 10.11.2005 05:48 11.782 KB896424.log 10.11.2005 05:48 317.879 ocgen.log 10.11.2005 05:48 31.306 msgsocm.log 10.11.2005 05:48 616.112 FaxSetup.log 10.11.2005 05:48 22.122 updspapi.log 05.11.2005 05:17 87 setup.log 03.11.2005 20:29 200.005 setupact.log 03.11.2005 02:41 120.832 lcmmfu.cpl 03.11.2005 02:41 48.640 mmfs.dll 03.11.2005 02:41 2.560 Runservice.exe 21.10.2005 15:32 52 videodeLuxe.INI 20.10.2005 02:01 21.963 KB901017.log 20.10.2005 02:00 24.422 KB902400.log 20.10.2005 02:00 15.866 KB896688.log 20.10.2005 02:00 14.074 KB905414.log 20.10.2005 02:00 13.784 KB900725.log 20.10.2005 02:00 11.196 KB904706.log 20.10.2005 02:00 11.788 KB905749.log 04.10.2005 16:33 3.523 msnsetuplog.txt 04.10.2005 16:33 4.468 msnavpklog.txt 23.09.2005 16:46 35 tdf.dii 11.09.2005 16:06 263.203 Directx.log 08.09.2005 23:40 174.514 GXTranscoder v2 Uninstaller.exe 07.09.2005 01:52 3.752 cool.ini 27.08.2005 20:32 0 musicmaker.INI 16.08.2005 01:38 100.724 cpeins04.dat 14.08.2005 04:16 17.627 KB899587.log 14.08.2005 04:16 17.123 KB899591.log 14.08.2005 04:16 17.240 KB893756.log 14.08.2005 04:16 16.585 KB896423.log 14.08.2005 04:16 17.394 KB896727.log 14.08.2005 04:15 13.500 KB899588.log 14.08.2005 04:15 13.236 KB894391.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 74CC-A7FD Verzeichnis von C:\ 30.11.2005 03:10 0 sys.txt 30.11.2005 03:10 14.993 system.txt 30.11.2005 03:09 1.082 systemtemp.txt 30.11.2005 03:09 115.299 system32.txt 30.11.2005 03:04 1.610.612.736 pagefile.sys 26.07.2005 23:34 184 Setup.log 13.07.2005 05:34 79 gputest.txt ---------------------------------------------- Spyware Scan Details Start Date: 30.11.2005 19:38:35 End Date: 30.11.2005 21:22:21 Total Time: 1 hrs 43 mins 46 secs Detected spyware ViewPoint Beta Potential Privacy Risk more information... Details: ViewPoint Toolbar will hijack your search queries and also transmits non personally identifiable information back to their servers Status: Deleted Infected files detected c:\programme\viewpoint\viewpoint manager\viewcp.cpl c:\programme\viewpoint\viewpoint manager\viewmgr.exe c:\programme\viewpoint\viewpoint manager\viewmgrcore.dll c:\programme\viewpoint\viewpoint manager\viewmgrinstaller.exe c:\programme\viewpoint\viewpoint manager\viewcpdata\images\s.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_header_av.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_header_cp.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_header_up.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_inner_bg.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_inner_bottom.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab1_off.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab1_on.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab2_off.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab2_on.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab_bg.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vwpt_logo.gif c:\programme\viewpoint\viewpoint manager\viewcpdata\options.ini c:\programme\viewpoint\viewpoint manager\viewcpdata\viewpoint.ico c:\programme\viewpoint\viewpoint manager\viewcpdata\vmctrl.html Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager DisplayName Viewpoint Manager (Remove Only) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager UninstallString C:\Programme\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager DisplayIcon C:\Programme\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe,0 Cydoor Adware more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Deleted Infected files detected c:\windows\system32\cd_clint.dll Comet Systems Adware more information... Status: Deleted Infected files detected c:\windows\downloaded program files\dm.inf c:\windows\inf\dm.inf c:\windows\inf\dm.pnf YourSiteBar Spyware more information... Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar. Status: Deleted Infected files detected c:\windows\downloaded program files\ysbactivex.dll C:/WINDOWS/Downloaded Program Files/YSBactivex.dll Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ysbactivex.dll HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID YSBactivex.Installer HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} Installer Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer Installer Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\YSBactivex.dll HKEY_CLASSES_ROOT\Ysbactivex.installer HKEY_CLASSES_ROOT\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\Ysbactivex.installer Installer Class HKEY_CLASSES_ROOT\YSBactivex.Installer HKEY_CLASSES_ROOT\YSBactivex.Installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\YSBactivex.Installer Installer Class SurfAccuracy Adware more information... Status: Deleted Infected files detected C:\!KillBox\SurfAccuracy\SAccU.exe Infected registry entries detected HKEY_LOCAL_MACHINE\Software\SAcc HKEY_LOCAL_MACHINE\Software\SAcc accid 104 HKEY_LOCAL_MACHINE\Software\SAcc subaccid 1000940 HKEY_LOCAL_MACHINE\Software\SAcc Version 1118 HKEY_LOCAL_MACHINE\Software\SAcc InstallDate 1132531349 HKEY_LOCAL_MACHINE\Software\SAcc CfgReloadAttempts 1 HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1133350824 HKEY_LOCAL_MACHINE\Software\SAcc SAData uid:baf38e4df83c5b627f7d33833e204971-cnt:30-t:1133230102;1133231169;1133232595;11332 73348;1133277447;1133300256;-c:1517524;ce:1133316502|c:1517878;ce:1133317569|c:151 6775;ce:1133318995|c:1517255;ce:1133359748|c:151 HKEY_LOCAL_MACHINE\Software\SAcc Counter 24 HKEY_LOCAL_MACHINE\Software\SAcc NextInvoke 1133278357 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString C:\Programme\SurfAccuracy\SAccU.exe WindUpdates.MediaGateway Adware more information... Details: WindUpdates is responsible for downloading adware. Status: Deleted Infected files detected C:\Program Files\Media Gateway\Info.txt C:\Program Files\Media Gateway\MediaGateway.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains\Files C:\WINDOWS\Downloaded Program Files\MediaAccX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\DownloadInformation CODEBASE http://static.35mb.com/applet/applet_l.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion 0,0,0,1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion LastModified Thu, 25 Aug 2005 03:41:13 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} Installer MSICD NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Deleted Infected files detected D:\Programme\win2k_xp\deu\nt4\Disk1\nt4\hpfsplsh.exe KaZaA P2P more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa\Advanced HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 1 HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 0 HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\software\kazaa HKEY_CURRENT_USER\software\kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\software\kazaa\Advanced SuperNode 1 HKEY_CURRENT_USER\software\kazaa\Advanced ScanFolder 0 HKEY_CURRENT_USER\software\kazaa\Advanced Status Installed HKEY_CURRENT_USER\software\kazaa\DontShow SetDefaultHandler 1 HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoreAll 0 HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoredUsers HKEY_CURRENT_USER\software\kazaa\k-lite InstallSig 10 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 0 189 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 1 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 4 82 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 5 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 6 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 7 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 8 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 9 100 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 10 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 11 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 0 151 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 1 209 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 4 185 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 5 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 6 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 7 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 8 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 9 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 10 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 11 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Image 0,1,2,3,4,5,6,7,8,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Video 0,1,2,3,4,5,6,7,8,9,10, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Audio 0,1,2,3,4,5,6,7,8,9,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Other 0,1,2,3, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Document 0,1,2,3,4,5,6,7,8,9, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Software 0,1,2,3,4,5,6,7,8, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Image 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Video 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Audio 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Other 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Document 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Software 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Image 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Video 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Audio 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Other 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Document 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Software 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Image 153,57,98,70,75,70,70,70,75,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Video 153,57,98,75,70,52,70,78,75,70,245, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Audio 145,57,98,70,75,52,49,78,38,75,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Other 153,57,75,245, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Document 153,57,98,75,70,78,70,70,75,245, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Software 153,57,98,75,70,70,70,75,245, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Image -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Video -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Audio -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Other -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1,-1,-1 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Document -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 ,-1,-1,-1,-1,-1,-1,-1,-1 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Software -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 ,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1,-1 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 0 230 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 1 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 4 82 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 5 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 6 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 7 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 8 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 9 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 10 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 11 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 12 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 0 354 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 1 109 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 2 109 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 3 109 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 4 73 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 5 109 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 6 146 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 7 73 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 8 146 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 0 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 1 1 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 2 7 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 3 2 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 4 3 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 5 4 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 6 5 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 7 6 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 8 8 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 9 9 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 0 223 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 1 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 4 82 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 5 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 6 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 7 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 8 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 9 100 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 10 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 11 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 12 55 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 0 233 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 1 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 4 82 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 5 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 6 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 7 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 8 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 9 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 10 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 11 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 12 55 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 0 146 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 1 109 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 2 109 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 3 109 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 4 73 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 5 109 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 6 146 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 7 73 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 8 146 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 9 146 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 0 320 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 1 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 4 82 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 5 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 6 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 7 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 8 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 9 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 10 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 11 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 12 64 HKEY_CURRENT_USER\software\kazaa\LocalContent DisableSharing 0 HKEY_CURRENT_USER\software\kazaa\LocalContent DownloadDir D:\C HKEY_CURRENT_USER\software\kazaa\LocalContent Dir0 012345:\C HKEY_CURRENT_USER\software\kazaa\ResultsFilter adult_filter_level 0 HKEY_CURRENT_USER\software\kazaa\ResultsFilter showDisableAdultFilter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter virus_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter firewall_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter bogus_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter custom_filter_phrases .scr, .vbs, .jpg.exe, .jpg.vbs, .avi.exe, .avi.vbs, .mp3.exe, .mp3.vbs, -fulldownloader, 3-fulldwnloader, -full-downloader, -games-fulldownloader, divx-fulldownloader, 3-full-dwnloader- HKEY_CURRENT_USER\software\kazaa\Settings SetDefaultHandler 0 HKEY_CURRENT_USER\software\kazaa\Settings UseCount 0 HKEY_CURRENT_USER\software\kazaa\Skins SkinsDir D:\Programme\Kazaa Lite\Skins HKEY_CURRENT_USER\software\kazaa\SOCKS Enabled 0 HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentDownloads 5 HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentUploads 3 HKEY_CURRENT_USER\software\kazaa\Transfer UploadBandwidth 0 HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 0 HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0 HKEY_CURRENT_USER\software\kazaa\Transfer CacheHost 0 HKEY_CURRENT_USER\software\kazaa\Transfer CachePort 0 HKEY_CURRENT_USER\software\kazaa\Transfer CacheDiscoveryTime 1124672153 HKEY_CURRENT_USER\software\kazaa\Transfer DlDir1 D:\C HKEY_CURRENT_USER\software\kazaa\UserDetails UserName kazaalite HKEY_CURRENT_USER\software\kazaa\UserDetails Email someone@somewhere.abc HKEY_CURRENT_USER\software\kazaa\UserDetails Newsletter 0 HKEY_CURRENT_USER\software\kazaa\UserDetails AutoConnected 0 HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode DE HKEY_CURRENT_USER\software\kazaa LimitBitrate 0 HKEY_CURRENT_USER\software\kazaa LastSearchHash IST.PowerScan Adware more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan DisplayName Power Scan HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan UninstallString C:\Programme\Power Scan\uninstall.exe IST.SideFind Adware more information... Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807} WindUpdates.MediaAccess Adware more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} HKEY_CLASSES_ROOT\clsid\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\InprocServer32 C:\WINDOWS\Downloaded Program Files\MediaAccX.dll HKEY_CLASSES_ROOT\clsid\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\MediaAccX.Installer HKEY_CLASSES_ROOT\MediaAccX.Installer\CLSID {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} HKEY_CLASSES_ROOT\MediaAccX.Installer MediaAccX.Installer HKEY_LOCAL_MACHINE\Software\Media Gateway HKEY_LOCAL_MACHINE\Software\Media Gateway param 2f46ac713ad52164ef656dc1cd8a3ebb21a31b924006a5dd798cb7bd1e3522 6e7bd199de0bebafe018c8:33663434376565636632316435303237393834316639 31616137663966353237:Internet%20 Explorer:6.0%20SP2%28SV1%29:winxp:flash HKEY_LOCAL_MACHINE\Software\Media Gateway reqcount 5 HKEY_LOCAL_MACHINE\Software\Media Gateway track 0 HKEY_LOCAL_MACHINE\Software\Media Gateway DownloadPath \temp HKEY_LOCAL_MACHINE\Software\Media Gateway Language en HKEY_LOCAL_MACHINE\Software\Media Gateway SoftwareTable 436D8EB9402BABFFB0F49002FEB138DB7435F775768219FC3D53D89F85C8593AA A6A613F9D4E3B550F03A095DD9F2F078714D00F1497C12FA8D0C7ADC9D53CBEAB C7434B0936B2C4BF0C3CC164BD48EDE944E5E8BF67D3C6D3748BBA90709B707A177B HKEY_LOCAL_MACHINE\Software\Media Gateway LastUpdate 1132531156 HKEY_LOCAL_MACHINE\Software\Media Gateway Request 436C84AE4139B9F9EBADFB69AE8467A41F51F50E64D342A3536EE0A5D8E52836A9 6E6975B23C306E616998CAFAC82A51DC47810F19D9B171AE8CCB94F3EC03E3CCC64E12437AB0CAE4 2D37856FFA43EFE75DD2BAB46D918B8B7C82C99D609765227F41054394 RealVNC Commercial Remote Control more information... Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\RealVNC HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Password HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SecurityTypes VncAuth HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 ReverseSecurityTypes None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryConnect 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PortNumber 5900 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 IdleTimeout 3600 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 HTTPPortNumber 5800 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 LocalHost 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Hosts +, HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptKeyEvents 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptPointerEvents 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptCutText 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SendCutText 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableLocalInputs 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectClients 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AlwaysShared 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 NeverShared 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectAction None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemoveWallpaper 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemovePattern 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableEffects 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UpdateMethod 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PollConsoleWindows 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseCaptureBlt 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseHooks 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Protocol3.3 0 WinAD Adware more information... Details: WinAd open pop-up windows, displaying german language content. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll .Owner {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\mediaaccx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway DownloadPath \temp HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway Language en Zango Search Assistant Adware more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Count 39 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Time 180search Assistant Adware more information... Details: 180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\180sa HKEY_CURRENT_USER\Software\180sa last_conn_h 29748777 HKEY_CURRENT_USER\Software\180sa last_conn_l 760096758 HKEY_CURRENT_USER\Software\180sa we 5 HKEY_CURRENT_USER\Software\180sa cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2 b%2bHrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgT u%2fw%2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY516%2fRYAPdq4woflQ%2bRS6T 2a5tVuk89bGADwPruQ%2f%2fAh2fYeC HKEY_CURRENT_USER\Software\180sa TimeOffset -28801 HKEY_CURRENT_USER\Software\180sa geourl_current_version 12 HKEY_CURRENT_USER\Software\180sa geourl_last_full_version 12 HKEY_CURRENT_USER\Software\180sa cvf HKEY_CURRENT_USER\Software\180sa actionurl_current_version 367 HKEY_CURRENT_USER\Software\180sa actionurl_last_full_version 367 HKEY_CURRENT_USER\Software\180sa keyword_current_version 695 HKEY_CURRENT_USER\Software\180sa keyword_last_full_version 695 HKEY_LOCAL_MACHINE\SOFTWARE\180sa HKEY_LOCAL_MACHINE\SOFTWARE\180sa umt 016D32E6AC3B10C427F1A54938A8B799F26B33CCB04C315D030622940A65E926AC HKEY_LOCAL_MACHINE\SOFTWARE\180sa gma 1 HKEY_LOCAL_MACHINE\SOFTWARE\180sa gvi 1 HKEY_LOCAL_MACHINE\SOFTWARE\180sa gpi 1 HKEY_LOCAL_MACHINE\SOFTWARE\180sa boom HKEY_LOCAL_MACHINE\SOFTWARE\180sa boom_ver 1 HKEY_LOCAL_MACHINE\SOFTWARE\180sa did 7568 HKEY_LOCAL_MACHINE\SOFTWARE\180sa duid 6D32E6AC3B10C427F1A54938A8B799F26B33CCB04C315D030622940A65E926AC HKEY_LOCAL_MACHINE\SOFTWARE\180sa partner_id 453441041 HKEY_LOCAL_MACHINE\SOFTWARE\180sa product_id 7568 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180sa HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180sa DisplayName Search Assistant HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180sa UninstallString c:\programme\180search assistant\180sa.exe /uninst_simple_init=y HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180sa DisplayIcon c:\programme\180search assistant\180sa.exe,2 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\180sa HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\180sa DisplayName Search Assistant HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\180sa UninstallString c:\programme\180search assistant\180sa.exe /uninst_simple_init=y HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\180sa DisplayIcon c:\programme\180search assistant\180sa.exe,2 HKEY_LOCAL_MACHINE\Software\180sa HKEY_LOCAL_MACHINE\Software\180sa umt 016D32E6AC3B10C427F1A54938A8B799F26B33CCB04C315D030622940A65E926AC HKEY_LOCAL_MACHINE\Software\180sa gma 1 HKEY_LOCAL_MACHINE\Software\180sa gvi 1 HKEY_LOCAL_MACHINE\Software\180sa gpi 1 HKEY_LOCAL_MACHINE\Software\180sa boom HKEY_LOCAL_MACHINE\Software\180sa boom_ver 1 HKEY_LOCAL_MACHINE\Software\180sa did 7568 HKEY_LOCAL_MACHINE\Software\180sa duid 6D32E6AC3B10C427F1A54938A8B799F26B33CCB04C315D030622940A65E926AC HKEY_LOCAL_MACHINE\Software\180sa partner_id 453441041 HKEY_LOCAL_MACHINE\Software\180sa product_id 7568 Cok.AssasinTrojan2.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\ben & pam\cookies\ben & pam@statcounter[1].txt |
|
|
||
30.11.2005, 21:42
Ehrenmitglied
Beiträge: 29434 |
#40
nebsirob
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\mmf.sys C:\WINDOWS\system32\dgsspack.exe C:\WINDOWS\system32\pluverif.dll C:\WINDOWS\system32\rematsrv.exe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2005, 22:02
Member
Beiträge: 17 |
#41
So, 3 von den Dateien konnten gescannt werden:
C:\WINDOWS\system32\mmf.sys File size can't be more than 10 Megabytes. You can't try compressing it. Thanks you. (Größe laut Explorer: 865 Byte) -------------------------- C:\WINDOWS\system32\dgsspack.exe This is a report processed by VirusTotal on 11/30/2005 at 21:52:38 (CET) after scanning the file "dgsspack.exe" file. Antivirus Version Update Result AntiVir 6.32.0.6 11.30.2005 no virus found Avast 4.6.695.0 11.29.2005 no virus found AVG 718 11.29.2005 no virus found Avira 6.32.0.6 11.30.2005 no virus found BitDefender 7.2 11.30.2005 no virus found CAT-QuickHeal 8.00 11.30.2005 (Suspicious) - DNAScan ClamAV devel-20051108 11.29.2005 no virus found DrWeb 4.33 11.30.2005 Adware.Apropos eTrust-Iris 7.1.194.0 11.30.2005 no virus found eTrust-Vet 11.9.1.0 11.30.2005 Win32.Propo Fortinet 2.48.0.0 11.30.2005 no virus found F-Prot 3.16c 11.30.2005 no virus found Ikarus 0.2.59.0 11.30.2005 no virus found Kaspersky 4.0.2.24 11.30.2005 Trojan.Win32.Crypt.t McAfee 4640 11.30.2005 no virus found NOD32v2 1.1309 11.30.2005 no virus found Norman 5.70.10 11.30.2005 no virus found Panda 8.02.00 11.30.2005 no virus found Sophos 4.00.0 11.30.2005 no virus found Symantec 8.0 11.30.2005 no virus found TheHacker 5.9.1.046 11.29.2005 no virus found VBA32 3.10.5 11.30.2005 no virus found -------------------------- C:\WINDOWS\system32\pluverif.dll This is a report processed by VirusTotal on 11/30/2005 at 21:55:20 (CET) after scanning the file "pluverif.dll" file. Antivirus Version Update Result AntiVir 6.32.0.6 11.30.2005 no virus found Avast 4.6.695.0 11.29.2005 no virus found AVG 718 11.29.2005 no virus found Avira 6.32.0.6 11.30.2005 no virus found BitDefender 7.2 11.30.2005 no virus found CAT-QuickHeal 8.00 11.30.2005 no virus found ClamAV devel-20051108 11.29.2005 no virus found DrWeb 4.33 11.30.2005 Adware.Apropos eTrust-Iris 7.1.194.0 11.30.2005 no virus found eTrust-Vet 11.9.1.0 11.30.2005 Win32.Propo Fortinet 2.48.0.0 11.30.2005 no virus found F-Prot 3.16c 11.30.2005 no virus found Ikarus 0.2.59.0 11.30.2005 no virus found Kaspersky 4.0.2.24 11.30.2005 Trojan.Win32.Crypt.t McAfee 4640 11.30.2005 Apropos NOD32v2 1.1309 11.30.2005 no virus found Norman 5.70.10 11.30.2005 no virus found Panda 8.02.00 11.30.2005 no virus found Sophos 4.00.0 11.30.2005 no virus found Symantec 8.0 11.30.2005 no virus found TheHacker 5.9.1.046 11.29.2005 no virus found VBA32 3.10.5 11.30.2005 no virus found -------------------------- C:\WINDOWS\system32\rematsrv.exe This is a report processed by VirusTotal on 11/30/2005 at 21:56:36 (CET) after scanning the file "rematsrv.exe" file. Antivirus Version Update Result AntiVir 6.32.0.6 11.30.2005 no virus found Avast 4.6.695.0 11.29.2005 no virus found AVG 718 11.29.2005 no virus found Avira 6.32.0.6 11.30.2005 no virus found BitDefender 7.2 11.30.2005 no virus found CAT-QuickHeal 8.00 11.30.2005 (Suspicious) - DNAScan ClamAV devel-20051108 11.29.2005 no virus found DrWeb 4.33 11.30.2005 Adware.Apropos eTrust-Iris 7.1.194.0 11.30.2005 no virus found eTrust-Vet 11.9.1.0 11.30.2005 Win32.Propo Fortinet 2.48.0.0 11.30.2005 no virus found F-Prot 3.16c 11.30.2005 no virus found Ikarus 0.2.59.0 11.30.2005 no virus found Kaspersky 4.0.2.24 11.30.2005 Trojan.Win32.Crypt.t McAfee 4640 11.30.2005 no virus found NOD32v2 1.1309 11.30.2005 no virus found Norman 5.70.10 11.30.2005 no virus found Panda 8.02.00 11.30.2005 no virus found Sophos 4.00.0 11.30.2005 no virus found Symantec 8.0 11.30.2005 no virus found TheHacker 5.9.1.046 11.29.2005 no virus found VBA32 3.10.5 11.30.2005 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com |
|
|
||
30.11.2005, 22:37
Ehrenmitglied
Beiträge: 29434 |
#42
nebsirob
KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\dgsspack.exe C:\WINDOWS\system32\pluverif.dll C:\WINDOWS\system32\rematsrv.exe PC neustarten dann poste noch mal die datfindbat (nur das erste Log) --------------------------------------------------------------------------------------- was hast du am 30.11. geladen? Zitat C:\WINDOWS\system32\mmf.sys __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.12.2005, 20:22
Member
Beiträge: 17 |
#43
So, hier wäre das aktuellste Log:
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 74CC-A7FD Verzeichnis von C:\WINDOWS\system32 01.12.2005 18:02 865 mmf.sys 27.11.2005 12:49 13.728 wpa.dbl 10.11.2005 08:15 249.184 FNTCACHE.DAT 02.11.2005 06:34 2.377.568 MRT.exe 01.11.2005 20:53 53.352 jpicpl32.cpl 01.11.2005 20:53 28.768 javaw.exe 01.11.2005 20:53 24.670 java.exe 30.10.2005 12:55 380.486 perfh009.dat 30.10.2005 12:55 391.330 perfh007.dat 30.10.2005 12:55 52.900 perfc009.dat 30.10.2005 12:55 63.778 perfc007.dat 30.10.2005 12:55 897.954 PerfStringBackup.INI 20.10.2005 15:37 40.960 SDelete.dll 20.10.2005 15:37 24.924 openports.dll 13.10.2005 08:11 118.784 sirenacm.dll 06.10.2005 04:18 280.064 gdi32.dll 06.10.2005 04:08 1.839.616 win32k.sys 04.10.2005 16:26 3.013.120 mshtml.dll 29.09.2005 19:19 8 E736E7BAE0.sys 23.09.2005 04:06 8.491.520 shell32.dll 10.09.2005 02:54 2.067.968 cdosys.dll 08.09.2005 09:08 2 RICHTX.DEP 03.09.2005 00:53 664.064 wininet.dll 03.09.2005 00:53 96.768 inseng.dll 03.09.2005 00:53 530.432 mstime.dll |
|
|
||
01.12.2005, 20:44
Ehrenmitglied
Beiträge: 29434 |
#44
nebsirob
du hast mir meine Frage nicht beantwortet... die 01.12.2005 18:02 865 mmf.sys beunruhigt mich,. mache folgendes: Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ doppelklick: blbeta.exe nach dem Check klicke -- next nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.12.2005, 21:10
Member
Beiträge: 17 |
#45
Sorry,
also geladen habe ich da eigentlich nichts. Ich habe nur meine Mails bei web.de geprüft und meine Auktionen bei eBay angesehen. |
|
|
||
danke schon mal für die Hilfe, hab schonmal cleanup angewendet:
Die erste Datei:
Datentr„ger in Laufwerk D: ist Win2000
Datentr„gernummer: 48AE-9E31
Verzeichnis von D:\WINNT\system32
26.11.2005 05:50 167.936 loavtapi.exe
06.07.2005 17:17 1.060.864 mfc71.dll
02.06.2005 18:54 1.760 objsafe.tlb
26.05.2005 04:19 173.536 wuweb.dll
04.05.2005 13:45 2.890.240 msi.dll
03.05.2005 16:26 596.480 INETCOMM.DLL
28.04.2005 23:16 1.122.576 webvw.dll
27.04.2005 16:41 2.698.752 MSHTML.DLL
27.04.2005 16:41 581.632 WININET.DLL
27.04.2005 15:35 1.338.368 SHDOCVW.DLL
27.04.2005 10:53 34.816 PNGFILT.DLL
Die zweite Datei:
Datentr„ger in Laufwerk D: ist Win2000
Datentr„gernummer: 48AE-9E31
Verzeichnis von D:\DOKUME~1\Prokop\LOKALE~1\Temp
29.11.2005 18:03 206 jusched.log
1 Datei(en) 206 Bytes
0 Verzeichnis(se), 2.959.937.536 Bytes frei
Die dritte Datei:
Datentr„ger in Laufwerk D: ist Win2000
Datentr„gernummer: 48AE-9E31
Verzeichnis von D:\WINNT
29.11.2005 18:08 24 prf2J
26.11.2005 12:01 9.858 SchedLgU.Txt
26.11.2005 12:01 1.108.780 ShellIconCache
22.11.2005 18:58 273.346 setupapi.log
21.11.2005 23:14 189 hpbafd.ini
17.11.2005 18:22 0 nsreg.dat
17.11.2005 18:22 99.970 UninstallFirefox.exe
17.11.2005 18:22 3.083 mozver.dat
17.11.2005 09:05 32.768 unstall.exe
17.11.2005 09:05 0 JJMS
17.11.2005 09:05 2 tempf.txt
14.11.2005 12:52 1.859 OEWABLog.txt
14.11.2005 12:52 596 win.ini
14.11.2005 11:50 3.321 WindowsUpdate.log
06.11.2005 19:55 176.298 Windows Update.log
06.11.2005 19:55 396.129 iis5.log
06.11.2005 19:55 174.178 comsetup.log
06.11.2005 19:55 1.429 imsins.log
06.11.2005 19:55 13.517 KB896358.log
06.11.2005 19:55 141.675 ocgen.log
06.11.2005 19:55 11.029 ockodak.log
06.11.2005 19:55 14.524 updspapi.log
06.11.2005 19:55 12.422 KB890046.log
06.11.2005 19:55 10.527 KB896422.log
06.11.2005 19:55 16.645 KB893066.log
06.11.2005 19:54 9.303 KB883939-IE6SP1-20050428.125228.log
06.11.2005 19:54 8.516 KB897715-OE6SP1-20050503.210336.log
03.06.2005 15:55 6.433 KB893803v2.log
27.05.2005 13:09 387 TWLAND.INI
27.05.2005 11:43 1.382 ODBC.INI
27.05.2005 11:43 4.586 ODBCINST.INI
13.05.2005 10:37 8.238 KB894320.log
08.05.2005 10:01 435.760 CABLE.DLL
03.05.2005 14:39 6.680 KB823559.log
03.05.2005 14:39 7.171 KB329115.log
03.05.2005 14:38 16.870 KB841356.log
03.05.2005 14:38 11.990 KB891781.log
03.05.2005 14:38 7.025 KB890923-IE6SP1-20050225.103456.log
03.05.2005 10:23 19.549 Active Setup Log.txt
die vierte:
Datentr„ger in Laufwerk D: ist Win2000
Datentr„gernummer: 48AE-9E31
Verzeichnis von D:\
29.11.2005 18:09 0 sys.txt
29.11.2005 18:08 7.664 system.txt
29.11.2005 18:07 290 systemtemp.txt
29.11.2005 18:06 81.714 system32.txt
26.11.2005 12:02 402.653.184 pagefile.sys
25.05.2005 08:48 288 WZT1
6 Datei(en) 402.743.140 Bytes
0 Verzeichnis(se), 2.959.929.344 Bytes frei
Vielen Dank,
Gruß
Jürgen