Winfixer 2005 Problem

Thema ist geschlossen!
Thema ist geschlossen!
#0
29.11.2005, 18:13
...neu hier

Beiträge: 6
#31 Hallo,
danke schon mal für die Hilfe, hab schonmal cleanup angewendet:

Die erste Datei:

Datentr„ger in Laufwerk D: ist Win2000
Datentr„gernummer: 48AE-9E31

Verzeichnis von D:\WINNT\system32

26.11.2005 05:50 167.936 loavtapi.exe
06.07.2005 17:17 1.060.864 mfc71.dll
02.06.2005 18:54 1.760 objsafe.tlb
26.05.2005 04:19 173.536 wuweb.dll
04.05.2005 13:45 2.890.240 msi.dll
03.05.2005 16:26 596.480 INETCOMM.DLL
28.04.2005 23:16 1.122.576 webvw.dll
27.04.2005 16:41 2.698.752 MSHTML.DLL
27.04.2005 16:41 581.632 WININET.DLL
27.04.2005 15:35 1.338.368 SHDOCVW.DLL
27.04.2005 10:53 34.816 PNGFILT.DLL

Die zweite Datei:

Datentr„ger in Laufwerk D: ist Win2000
Datentr„gernummer: 48AE-9E31

Verzeichnis von D:\DOKUME~1\Prokop\LOKALE~1\Temp

29.11.2005 18:03 206 jusched.log
1 Datei(en) 206 Bytes
0 Verzeichnis(se), 2.959.937.536 Bytes frei

Die dritte Datei:

Datentr„ger in Laufwerk D: ist Win2000
Datentr„gernummer: 48AE-9E31

Verzeichnis von D:\WINNT

29.11.2005 18:08 24 prf2J
26.11.2005 12:01 9.858 SchedLgU.Txt
26.11.2005 12:01 1.108.780 ShellIconCache
22.11.2005 18:58 273.346 setupapi.log
21.11.2005 23:14 189 hpbafd.ini
17.11.2005 18:22 0 nsreg.dat
17.11.2005 18:22 99.970 UninstallFirefox.exe
17.11.2005 18:22 3.083 mozver.dat
17.11.2005 09:05 32.768 unstall.exe
17.11.2005 09:05 0 JJMS
17.11.2005 09:05 2 tempf.txt
14.11.2005 12:52 1.859 OEWABLog.txt
14.11.2005 12:52 596 win.ini
14.11.2005 11:50 3.321 WindowsUpdate.log
06.11.2005 19:55 176.298 Windows Update.log
06.11.2005 19:55 396.129 iis5.log
06.11.2005 19:55 174.178 comsetup.log
06.11.2005 19:55 1.429 imsins.log
06.11.2005 19:55 13.517 KB896358.log
06.11.2005 19:55 141.675 ocgen.log
06.11.2005 19:55 11.029 ockodak.log
06.11.2005 19:55 14.524 updspapi.log
06.11.2005 19:55 12.422 KB890046.log
06.11.2005 19:55 10.527 KB896422.log
06.11.2005 19:55 16.645 KB893066.log
06.11.2005 19:54 9.303 KB883939-IE6SP1-20050428.125228.log
06.11.2005 19:54 8.516 KB897715-OE6SP1-20050503.210336.log
03.06.2005 15:55 6.433 KB893803v2.log
27.05.2005 13:09 387 TWLAND.INI
27.05.2005 11:43 1.382 ODBC.INI
27.05.2005 11:43 4.586 ODBCINST.INI
13.05.2005 10:37 8.238 KB894320.log
08.05.2005 10:01 435.760 CABLE.DLL
03.05.2005 14:39 6.680 KB823559.log
03.05.2005 14:39 7.171 KB329115.log
03.05.2005 14:38 16.870 KB841356.log
03.05.2005 14:38 11.990 KB891781.log
03.05.2005 14:38 7.025 KB890923-IE6SP1-20050225.103456.log
03.05.2005 10:23 19.549 Active Setup Log.txt


die vierte:

Datentr„ger in Laufwerk D: ist Win2000
Datentr„gernummer: 48AE-9E31

Verzeichnis von D:\

29.11.2005 18:09 0 sys.txt
29.11.2005 18:08 7.664 system.txt
29.11.2005 18:07 290 systemtemp.txt
29.11.2005 18:06 81.714 system32.txt
26.11.2005 12:02 402.653.184 pagefile.sys
25.05.2005 08:48 288 WZT1
6 Datei(en) 402.743.140 Bytes
0 Verzeichnis(se), 2.959.929.344 Bytes frei

Vielen Dank,

Gruß

Jürgen
Seitenanfang Seitenende
29.11.2005, 20:38
Member

Beiträge: 17
#32 Hallo,

ich bin auch gerade durch Zufall auf dieses Forum gekommen.
Vor knapp 2 Wochen habe ich mir den Winfixer eingefangen.
Es wäre super, wenn Ihr mir helfen könntet.
Hier ist mein aktuelles Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 20:30:55, on 29.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\runservice.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programme\Winamp3\winampa.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
D:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Razer\razerhid.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Razer\razerofa.exe
D:\Common\Bin\WinCinemaMgr.exe
C:\Programme\FRITZ!DSL\FritzDsl.exe
C:\WINDOWS\system32\ntvdm.exe
D:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
C:\OPLIMIT\ocrawr32.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\Neuer Ordner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paninicomics.de/forum/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe
O4 - HKLM\..\Run: [180sa] c:\programme\180search assistant\180sa.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - Startup: FRITZ!web DSL.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - D:\Programme\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?url=http://home.arcor.de/myst3ria/devilgirl/ThumbnailFrame.html
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://static.35mb.com/applet/applet_y.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72C2A23D-1F8E-4CA8-B8B4-D2A8B2589F45}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{754D387B-F1E3-4326-8837-FCA01F47BEBB}: NameServer = 194.25.0.69,194.25.0.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Ich sage schon mal: Vielen Dank im Vorraus.
Seitenanfang Seitenende
30.11.2005, 00:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#33 stadtbummel

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -
(no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
D:\WINNT\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
D:\WINNT\wsem303.dll (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} -
D:\Programme\YourSiteBar\ysb.dll (file missing)
O4 - HKLM\..\Run: [Java] C:\wx.exe
O4 - HKLM\..\Run: [SurfAccuracy] D:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Power Scan] D:\Programme\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [IST Service] D:\Programme\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [WinFixer 2005] "D:\Programme\WinFixer 2005\wfx5.exe"
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
D:\Programme\SideFind\sidefind.dll
D:\WINNT\web\related.htm
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) -
http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab

PC neustarten

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
C:\wx.exe

D:\Programme\WinFixer 2005\wfx5.exe
D:\Programme\SurfAccuracy\SAcc.exe
D:\Programme\Power Scan\powerscan.exe
D:\Programme\SideFind\sidefind.dll
D:\Programme\ISTsvc\istsvc.exe
D:\WINNT\system32\loavtapi.exe

PC neustarten

Killbox

DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

D:\Programme\YourSiteBar
D:\Programme\WinFixer 2005
D:\Programme\SurfAccuracy
D:\Programme\Power Scan
D:\Programme\SideFind
D:\Programme\ISTsvc

PC neustarten

Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
http://virus-protect.org/counterspy.html

TuneUp 2006 (30 Tage free) Shareware
http://virus-protect.org/reinigungstoolsregistry.html
wende an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2005, 00:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#34 nebsirob

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe
O4 - HKLM\..\Run: [180sa] c:\programme\180search assistant\180sa.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe

PC neustarten

wende Cleanup an

http://virus-protect.org/cleanup.html

kopiere hier die 4 Textdateien (2 Monate genuegen...vom Datum her)
http://virus-protect.org/datfindbat.html

Killbox
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

C:\Programme\Razer
C:\Programme\SurfAccuracy

Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
http://virus-protect.org/counterspy.html

KOPIERE BITTE DEN SCANREPORT HIER
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2005, 17:38
...neu hier

Beiträge: 2
#35 Hallo ich habe auch ein problem mit winfixer 2005 ich hab auch ein HijackThis log gemacht und wollte ma gerne fragen was ich nun machen muss!
Hoffentlich kann mir einer helfen weil mich das ziehmlich nervt!!!

Logfile of HijackThis v1.99.1
Scan saved at 17:37:17, on 29.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\D-Link AirPlus\AirPlus.exe
C:\Programme\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\eMule\emule.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1und1.de/Herzlich_Willkommen/b1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWareD&VersionNum=5................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll (file missing)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programme\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Office2K\Office\OSA9.EXE
O4 - Global Startup: p6übersicht.lnk = C:\Programme\phase6\phase6\WinStart\WinStart.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

vielen dank für hilfe ;)
Seitenanfang Seitenende
30.11.2005, 17:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#36 Hallo@Stephan ;) Steve_o

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=.....

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll (file missing)

PC neustarten

wende Cleanup an
http://virus-protect.org/cleanup.html

Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2005, 20:02
...neu hier

Beiträge: 2
#37 danke sabina bis jetzt (also 2std) is alles ok ;)

Hoffen wa ma das das so anhält ..denn sowas geht einen echt aufm sack ^^


[/url]
Seitenanfang Seitenende
30.11.2005, 20:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#38 Steve_o

wenn du bestimmt Seiten meiden wuerdest, haettest du nun nicht diese oben angefuehrten Beschwerden lol
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2005, 21:30
Member

Beiträge: 17
#39 Hallo Sabine,
erst einmal vielen Dank für die schnelle Antwort.

Hier sind die Reporte:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74CC-A7FD

Verzeichnis von C:\WINDOWS\system32

30.11.2005 03:04 865 mmf.sys
27.11.2005 12:49 13.728 wpa.dbl
26.11.2005 05:28 167.936 dgsspack.exe
26.11.2005 05:28 45.056 pluverif.dll
21.11.2005 01:02 499.712 rematsrv.exe
10.11.2005 08:15 249.184 FNTCACHE.DAT
02.11.2005 06:34 2.377.568 MRT.exe
01.11.2005 20:53 53.352 jpicpl32.cpl
01.11.2005 20:53 28.768 javaw.exe
01.11.2005 20:53 24.670 java.exe
30.10.2005 12:55 380.486 perfh009.dat
30.10.2005 12:55 391.330 perfh007.dat
30.10.2005 12:55 52.900 perfc009.dat
30.10.2005 12:55 63.778 perfc007.dat
30.10.2005 12:55 897.954 PerfStringBackup.INI
13.10.2005 08:11 118.784 sirenacm.dll
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
04.10.2005 16:26 3.013.120 mshtml.dll
29.09.2005 19:19 8 E736E7BAE0.sys
23.09.2005 04:06 8.491.520 shell32.dll
10.09.2005 02:54 2.067.968 cdosys.dll
08.09.2005 09:08 2 RICHTX.DEP
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 55.808 extmgr.dll
03.09.2005 00:53 205.312 dxtrans.dll
03.09.2005 00:53 448.512 mshtmled.dll
03.09.2005 00:53 474.112 shlwapi.dll
03.09.2005 00:53 530.432 mstime.dll
03.09.2005 00:53 251.392 iepeers.dll
03.09.2005 00:53 39.424 pngfilt.dll
03.09.2005 00:53 1.484.288 shdocvw.dll
03.09.2005 00:53 605.696 urlmon.dll
03.09.2005 00:53 146.432 msrating.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 1.019.904 browseui.dll
03.09.2005 00:53 1.055.744 danim.dll
03.09.2005 00:53 152.064 cdfview.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74CC-A7FD

Verzeichnis von C:\

30.11.2005 03:09 0 systemtemp.txt
30.11.2005 03:09 115.299 system32.txt
30.11.2005 03:04 1.610.612.736 pagefile.sys
26.07.2005 23:34 184 Setup.log
13.07.2005 05:34 79 gputest.txt



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74CC-A7FD

Verzeichnis von C:\WINDOWS

30.11.2005 03:09 24 psc2M
30.11.2005 03:05 159 wiadebug.log
30.11.2005 03:05 1.564.857 WindowsUpdate.log
30.11.2005 03:05 50 wiaservc.log
30.11.2005 03:04 0 0.log
30.11.2005 03:04 2.048 bootstat.dat
30.11.2005 03:03 32.592 SchedLgU.Txt
30.11.2005 03:02 1.822 oplimit.ini
25.11.2005 17:59 512 randseed.rnd
23.11.2005 02:26 530.475 setupapi.log
22.11.2005 00:26 183.156 wmsetup.log
15.11.2005 17:27 3.299 tm.ini
10.11.2005 05:48 125.501 ntdtcsetup.log
10.11.2005 05:48 96.959 iis6.log
10.11.2005 05:48 208.151 comsetup.log
10.11.2005 05:48 26.914 ocmsn.log
10.11.2005 05:48 1.393 imsins.log
10.11.2005 05:48 241.243 tsoc.log
10.11.2005 05:48 11.782 KB896424.log
10.11.2005 05:48 317.879 ocgen.log
10.11.2005 05:48 31.306 msgsocm.log
10.11.2005 05:48 616.112 FaxSetup.log
10.11.2005 05:48 22.122 updspapi.log
05.11.2005 05:17 87 setup.log
03.11.2005 20:29 200.005 setupact.log
03.11.2005 02:41 120.832 lcmmfu.cpl
03.11.2005 02:41 48.640 mmfs.dll
03.11.2005 02:41 2.560 Runservice.exe
21.10.2005 15:32 52 videodeLuxe.INI
20.10.2005 02:01 21.963 KB901017.log
20.10.2005 02:00 24.422 KB902400.log
20.10.2005 02:00 15.866 KB896688.log
20.10.2005 02:00 14.074 KB905414.log
20.10.2005 02:00 13.784 KB900725.log
20.10.2005 02:00 11.196 KB904706.log
20.10.2005 02:00 11.788 KB905749.log
04.10.2005 16:33 3.523 msnsetuplog.txt
04.10.2005 16:33 4.468 msnavpklog.txt
23.09.2005 16:46 35 tdf.dii
11.09.2005 16:06 263.203 Directx.log
08.09.2005 23:40 174.514 GXTranscoder v2 Uninstaller.exe
07.09.2005 01:52 3.752 cool.ini
27.08.2005 20:32 0 musicmaker.INI
16.08.2005 01:38 100.724 cpeins04.dat
14.08.2005 04:16 17.627 KB899587.log
14.08.2005 04:16 17.123 KB899591.log
14.08.2005 04:16 17.240 KB893756.log
14.08.2005 04:16 16.585 KB896423.log
14.08.2005 04:16 17.394 KB896727.log
14.08.2005 04:15 13.500 KB899588.log
14.08.2005 04:15 13.236 KB894391.log



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74CC-A7FD

Verzeichnis von C:\

30.11.2005 03:10 0 sys.txt
30.11.2005 03:10 14.993 system.txt
30.11.2005 03:09 1.082 systemtemp.txt
30.11.2005 03:09 115.299 system32.txt
30.11.2005 03:04 1.610.612.736 pagefile.sys
26.07.2005 23:34 184 Setup.log
13.07.2005 05:34 79 gputest.txt

----------------------------------------------

Spyware Scan Details
Start Date: 30.11.2005 19:38:35
End Date: 30.11.2005 21:22:21
Total Time: 1 hrs 43 mins 46 secs

Detected spyware

ViewPoint Beta Potential Privacy Risk more information...
Details: ViewPoint Toolbar will hijack your search queries and also transmits non personally identifiable information back to their servers
Status: Deleted

Infected files detected
c:\programme\viewpoint\viewpoint manager\viewcp.cpl
c:\programme\viewpoint\viewpoint manager\viewmgr.exe
c:\programme\viewpoint\viewpoint manager\viewmgrcore.dll
c:\programme\viewpoint\viewpoint manager\viewmgrinstaller.exe
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\s.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_header_av.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_header_cp.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_header_up.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_inner_bg.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_inner_bottom.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab1_off.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab1_on.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab2_off.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab2_on.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vm_tab_bg.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\images\vwpt_logo.gif
c:\programme\viewpoint\viewpoint manager\viewcpdata\options.ini
c:\programme\viewpoint\viewpoint manager\viewcpdata\viewpoint.ico
c:\programme\viewpoint\viewpoint manager\viewcpdata\vmctrl.html

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager DisplayName Viewpoint Manager (Remove Only)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager UninstallString C:\Programme\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager DisplayIcon C:\Programme\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe,0


Cydoor Adware more information...
Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer.
Status: Deleted

Infected files detected
c:\windows\system32\cd_clint.dll


Comet Systems Adware more information...
Status: Deleted

Infected files detected
c:\windows\downloaded program files\dm.inf
c:\windows\inf\dm.inf
c:\windows\inf\dm.pnf


YourSiteBar Spyware more information...
Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar.
Status: Deleted

Infected files detected
c:\windows\downloaded program files\ysbactivex.dll
C:/WINDOWS/Downloaded Program Files/YSBactivex.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID YSBactivex.Installer
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} Installer Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer Installer Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {42F2C9BA-614F-47C0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
HKEY_CLASSES_ROOT\Ysbactivex.installer
HKEY_CLASSES_ROOT\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\Ysbactivex.installer Installer Class
HKEY_CLASSES_ROOT\YSBactivex.Installer
HKEY_CLASSES_ROOT\YSBactivex.Installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\YSBactivex.Installer Installer Class


SurfAccuracy Adware more information...
Status: Deleted

Infected files detected
C:\!KillBox\SurfAccuracy\SAccU.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\SAcc
HKEY_LOCAL_MACHINE\Software\SAcc accid 104
HKEY_LOCAL_MACHINE\Software\SAcc subaccid 1000940
HKEY_LOCAL_MACHINE\Software\SAcc Version 1118
HKEY_LOCAL_MACHINE\Software\SAcc InstallDate 1132531349
HKEY_LOCAL_MACHINE\Software\SAcc CfgReloadAttempts 1
HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1133350824
HKEY_LOCAL_MACHINE\Software\SAcc SAData uid:baf38e4df83c5b627f7d33833e204971-cnt:30-t:1133230102;1133231169;1133232595;11332
73348;1133277447;1133300256;-c:1517524;ce:1133316502|c:1517878;ce:1133317569|c:151
6775;ce:1133318995|c:1517255;ce:1133359748|c:151
HKEY_LOCAL_MACHINE\Software\SAcc Counter 24
HKEY_LOCAL_MACHINE\Software\SAcc NextInvoke 1133278357
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString C:\Programme\SurfAccuracy\SAccU.exe


WindUpdates.MediaGateway Adware more information...
Details: WindUpdates is responsible for downloading adware.
Status: Deleted

Infected files detected
C:\Program Files\Media Gateway\Info.txt
C:\Program Files\Media Gateway\MediaGateway.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains\Files C:\WINDOWS\Downloaded Program Files\MediaAccX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\DownloadInformation CODEBASE http://static.35mb.com/applet/applet_l.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion 0,0,0,1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion LastModified Thu, 25 Aug 2005 03:41:13 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} Installer MSICD


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Infected files detected
D:\Programme\win2k_xp\deu\nt4\Disk1\nt4\hpfsplsh.exe


KaZaA P2P more information...
Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa\Advanced
HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200
HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 1
HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 0
HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
HKEY_CURRENT_USER\software\kazaa
HKEY_CURRENT_USER\software\kazaa\Advanced MaxSearchResult 200
HKEY_CURRENT_USER\software\kazaa\Advanced SuperNode 1
HKEY_CURRENT_USER\software\kazaa\Advanced ScanFolder 0
HKEY_CURRENT_USER\software\kazaa\Advanced Status Installed
HKEY_CURRENT_USER\software\kazaa\DontShow SetDefaultHandler 1
HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoreAll 0
HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoredUsers
HKEY_CURRENT_USER\software\kazaa\k-lite InstallSig 10
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 0 189
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 1 72
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 2 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 3 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 4 82
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 5 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 6 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 7 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 8 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 9 100
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 10 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ApplicationWidth 11 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 0 151
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 1 209
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 2 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 3 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 4 185
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 5 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 6 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 7 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 8 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 9 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 10 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\AudioWidth 11 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Image 0,1,2,3,4,5,6,7,8,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Video 0,1,2,3,4,5,6,7,8,9,10,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Audio 0,1,2,3,4,5,6,7,8,9,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Other 0,1,2,3,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Document 0,1,2,3,4,5,6,7,8,9,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnOrder Software 0,1,2,3,4,5,6,7,8,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Image 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Video 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Audio 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Other 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Document 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates1 Software 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Image 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Video 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Audio 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Other 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Document 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnSortStates2 Software 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Image 153,57,98,70,75,70,70,70,75,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Video 153,57,98,75,70,52,70,78,75,70,245,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Audio 145,57,98,70,75,52,49,78,38,75,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Other 153,57,75,245,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Document 153,57,98,75,70,78,70,70,75,245,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\ColumnWidths Software 153,57,98,75,70,70,70,75,245,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Image -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Video -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Audio -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Other -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1,-1,-1
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Document -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
,-1,-1,-1,-1,-1,-1,-1,-1
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\CombinedSortedColumns Software -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1,-1
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 0 230
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 1 72
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 2 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 3 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 4 82
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 5 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 6 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 7 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 8 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 9 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 10 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 11 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\DocumentWidth 12 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 0 354
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 1 109
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 2 109
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 3 109
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 4 73
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 5 109
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 6 146
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 7 73
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 8 146
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 0 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 1 1
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 2 7
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 3 2
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 4 3
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 5 4
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 6 5
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 7 6
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 8 8
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Everything 9 9
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 0 223
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 1 72
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 2 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 3 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 4 82
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 5 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 6 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 7 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 8 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 9 100
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 10 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 11 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 12 55
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 0 233
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 1 72
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 2 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 3 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 4 82
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 5 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 6 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 7 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 8 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 9 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 10 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 11 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 12 55
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 0 146
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 1 109
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 2 109
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 3 109
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 4 73
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 5 109
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 6 146
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 7 73
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 8 146
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Upload Width 9 146
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 0 320
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 1 72
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 2 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 3 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 4 82
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 5 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 6 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 7 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 8 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 9 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 10 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 11 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\VideoWidth 12 64
HKEY_CURRENT_USER\software\kazaa\LocalContent DisableSharing 0
HKEY_CURRENT_USER\software\kazaa\LocalContent DownloadDir D:\C
HKEY_CURRENT_USER\software\kazaa\LocalContent Dir0 012345;):\C
HKEY_CURRENT_USER\software\kazaa\ResultsFilter adult_filter_level 0
HKEY_CURRENT_USER\software\kazaa\ResultsFilter showDisableAdultFilter 1
HKEY_CURRENT_USER\software\kazaa\ResultsFilter virus_filter 1
HKEY_CURRENT_USER\software\kazaa\ResultsFilter firewall_filter 1
HKEY_CURRENT_USER\software\kazaa\ResultsFilter bogus_filter 1
HKEY_CURRENT_USER\software\kazaa\ResultsFilter custom_filter_phrases .scr, .vbs, .jpg.exe, .jpg.vbs, .avi.exe, .avi.vbs, .mp3.exe, .mp3.vbs, -fulldownloader, 3-fulldwnloader, -full-downloader, -games-fulldownloader, divx-fulldownloader, 3-full-dwnloader-
HKEY_CURRENT_USER\software\kazaa\Settings SetDefaultHandler 0
HKEY_CURRENT_USER\software\kazaa\Settings UseCount 0
HKEY_CURRENT_USER\software\kazaa\Skins SkinsDir D:\Programme\Kazaa Lite\Skins
HKEY_CURRENT_USER\software\kazaa\SOCKS Enabled 0
HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentDownloads 5
HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentUploads 3
HKEY_CURRENT_USER\software\kazaa\Transfer UploadBandwidth 0
HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 0
HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0
HKEY_CURRENT_USER\software\kazaa\Transfer CacheHost 0
HKEY_CURRENT_USER\software\kazaa\Transfer CachePort 0
HKEY_CURRENT_USER\software\kazaa\Transfer CacheDiscoveryTime 1124672153
HKEY_CURRENT_USER\software\kazaa\Transfer DlDir1 D:\C
HKEY_CURRENT_USER\software\kazaa\UserDetails UserName kazaalite
HKEY_CURRENT_USER\software\kazaa\UserDetails Email someone@somewhere.abc
HKEY_CURRENT_USER\software\kazaa\UserDetails Newsletter 0
HKEY_CURRENT_USER\software\kazaa\UserDetails AutoConnected 0
HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode DE
HKEY_CURRENT_USER\software\kazaa LimitBitrate 0
HKEY_CURRENT_USER\software\kazaa LastSearchHash


IST.PowerScan Adware more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan DisplayName Power Scan
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan UninstallString C:\Programme\Power Scan\uninstall.exe


IST.SideFind Adware more information...
Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807}


WindUpdates.MediaAccess Adware more information...
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_CLASSES_ROOT\clsid\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\InprocServer32 C:\WINDOWS\Downloaded Program Files\MediaAccX.dll
HKEY_CLASSES_ROOT\clsid\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\MediaAccX.Installer
HKEY_CLASSES_ROOT\MediaAccX.Installer\CLSID {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_CLASSES_ROOT\MediaAccX.Installer MediaAccX.Installer
HKEY_LOCAL_MACHINE\Software\Media Gateway
HKEY_LOCAL_MACHINE\Software\Media Gateway param 2f46ac713ad52164ef656dc1cd8a3ebb21a31b924006a5dd798cb7bd1e3522
6e7bd199de0bebafe018c8:33663434376565636632316435303237393834316639
31616137663966353237:Internet%20
Explorer:6.0%20SP2%28SV1%29:winxp:flash
HKEY_LOCAL_MACHINE\Software\Media Gateway reqcount 5
HKEY_LOCAL_MACHINE\Software\Media Gateway track 0
HKEY_LOCAL_MACHINE\Software\Media Gateway DownloadPath \temp
HKEY_LOCAL_MACHINE\Software\Media Gateway Language en
HKEY_LOCAL_MACHINE\Software\Media Gateway SoftwareTable 436D8EB9402BABFFB0F49002FEB138DB7435F775768219FC3D53D89F85C8593AA
A6A613F9D4E3B550F03A095DD9F2F078714D00F1497C12FA8D0C7ADC9D53CBEAB
C7434B0936B2C4BF0C3CC164BD48EDE944E5E8BF67D3C6D3748BBA90709B707A177B
HKEY_LOCAL_MACHINE\Software\Media Gateway LastUpdate 1132531156
HKEY_LOCAL_MACHINE\Software\Media Gateway Request 436C84AE4139B9F9EBADFB69AE8467A41F51F50E64D342A3536EE0A5D8E52836A9
6E6975B23C306E616998CAFAC82A51DC47810F19D9B171AE8CCB94F3EC03E3CCC64E12437AB0CAE4
2D37856FFA43EFE75DD2BAB46D918B8B7C82C99D609765227F41054394


RealVNC Commercial Remote Control more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\RealVNC
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Password
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SecurityTypes VncAuth
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 ReverseSecurityTypes None
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryConnect 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PortNumber 5900
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 IdleTimeout 3600
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 HTTPPortNumber 5800
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 LocalHost 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Hosts +,
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptKeyEvents 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptPointerEvents 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptCutText 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SendCutText 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableLocalInputs 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectClients 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AlwaysShared 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 NeverShared 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectAction None
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemoveWallpaper 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemovePattern 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableEffects 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UpdateMethod 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PollConsoleWindows 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseCaptureBlt 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseHooks 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Protocol3.3 0


WinAD Adware more information...
Details: WinAd open pop-up windows, displaying german language content.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll .Owner {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\mediaaccx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway DownloadPath \temp
HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway Language en


Zango Search Assistant Adware more information...
Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Type 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Count 39
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\iexplore Time


180search Assistant Adware more information...
Details: 180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\180sa
HKEY_CURRENT_USER\Software\180sa last_conn_h 29748777
HKEY_CURRENT_USER\Software\180sa last_conn_l 760096758
HKEY_CURRENT_USER\Software\180sa we 5
HKEY_CURRENT_USER\Software\180sa cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2
b%2bHrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgT
u%2fw%2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY516%2fRYAPdq4woflQ%2bRS6T
2a5tVuk89bGADwPruQ%2f%2fAh2fYeC
HKEY_CURRENT_USER\Software\180sa TimeOffset -28801
HKEY_CURRENT_USER\Software\180sa geourl_current_version 12
HKEY_CURRENT_USER\Software\180sa geourl_last_full_version 12
HKEY_CURRENT_USER\Software\180sa cvf
HKEY_CURRENT_USER\Software\180sa actionurl_current_version 367
HKEY_CURRENT_USER\Software\180sa actionurl_last_full_version 367
HKEY_CURRENT_USER\Software\180sa keyword_current_version 695
HKEY_CURRENT_USER\Software\180sa keyword_last_full_version 695
HKEY_LOCAL_MACHINE\SOFTWARE\180sa
HKEY_LOCAL_MACHINE\SOFTWARE\180sa umt 016D32E6AC3B10C427F1A54938A8B799F26B33CCB04C315D030622940A65E926AC
HKEY_LOCAL_MACHINE\SOFTWARE\180sa gma 1
HKEY_LOCAL_MACHINE\SOFTWARE\180sa gvi 1
HKEY_LOCAL_MACHINE\SOFTWARE\180sa gpi 1
HKEY_LOCAL_MACHINE\SOFTWARE\180sa boom
HKEY_LOCAL_MACHINE\SOFTWARE\180sa boom_ver 1
HKEY_LOCAL_MACHINE\SOFTWARE\180sa did 7568
HKEY_LOCAL_MACHINE\SOFTWARE\180sa duid 6D32E6AC3B10C427F1A54938A8B799F26B33CCB04C315D030622940A65E926AC
HKEY_LOCAL_MACHINE\SOFTWARE\180sa partner_id 453441041
HKEY_LOCAL_MACHINE\SOFTWARE\180sa product_id 7568
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180sa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180sa DisplayName Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180sa UninstallString c:\programme\180search assistant\180sa.exe /uninst_simple_init=y
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\180sa DisplayIcon c:\programme\180search assistant\180sa.exe,2
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\180sa
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\180sa DisplayName Search Assistant
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\180sa UninstallString c:\programme\180search assistant\180sa.exe /uninst_simple_init=y
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\180sa DisplayIcon c:\programme\180search assistant\180sa.exe,2
HKEY_LOCAL_MACHINE\Software\180sa
HKEY_LOCAL_MACHINE\Software\180sa umt 016D32E6AC3B10C427F1A54938A8B799F26B33CCB04C315D030622940A65E926AC
HKEY_LOCAL_MACHINE\Software\180sa gma 1
HKEY_LOCAL_MACHINE\Software\180sa gvi 1
HKEY_LOCAL_MACHINE\Software\180sa gpi 1
HKEY_LOCAL_MACHINE\Software\180sa boom
HKEY_LOCAL_MACHINE\Software\180sa boom_ver 1
HKEY_LOCAL_MACHINE\Software\180sa did 7568
HKEY_LOCAL_MACHINE\Software\180sa duid 6D32E6AC3B10C427F1A54938A8B799F26B33CCB04C315D030622940A65E926AC
HKEY_LOCAL_MACHINE\Software\180sa partner_id 453441041
HKEY_LOCAL_MACHINE\Software\180sa product_id 7568


Cok.AssasinTrojan2.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ben & pam\cookies\ben & pam@statcounter[1].txt
Seitenanfang Seitenende
30.11.2005, 21:42
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#40 nebsirob

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\mmf.sys
C:\WINDOWS\system32\dgsspack.exe
C:\WINDOWS\system32\pluverif.dll
C:\WINDOWS\system32\rematsrv.exe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2005, 22:02
Member

Beiträge: 17
#41 So, 3 von den Dateien konnten gescannt werden:

C:\WINDOWS\system32\mmf.sys

File size can't be more than 10 Megabytes.
You can't try compressing it.
Thanks you.

(Größe laut Explorer: 865 Byte)

--------------------------
C:\WINDOWS\system32\dgsspack.exe

This is a report processed by VirusTotal on 11/30/2005 at 21:52:38 (CET) after scanning the file "dgsspack.exe" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 11.30.2005 no virus found
Avast 4.6.695.0 11.29.2005 no virus found
AVG 718 11.29.2005 no virus found
Avira 6.32.0.6 11.30.2005 no virus found
BitDefender 7.2 11.30.2005 no virus found
CAT-QuickHeal 8.00 11.30.2005 (Suspicious) - DNAScan
ClamAV devel-20051108 11.29.2005 no virus found
DrWeb 4.33 11.30.2005 Adware.Apropos
eTrust-Iris 7.1.194.0 11.30.2005 no virus found
eTrust-Vet 11.9.1.0 11.30.2005 Win32.Propo
Fortinet 2.48.0.0 11.30.2005 no virus found
F-Prot 3.16c 11.30.2005 no virus found
Ikarus 0.2.59.0 11.30.2005 no virus found
Kaspersky 4.0.2.24 11.30.2005 Trojan.Win32.Crypt.t
McAfee 4640 11.30.2005 no virus found
NOD32v2 1.1309 11.30.2005 no virus found
Norman 5.70.10 11.30.2005 no virus found
Panda 8.02.00 11.30.2005 no virus found
Sophos 4.00.0 11.30.2005 no virus found
Symantec 8.0 11.30.2005 no virus found
TheHacker 5.9.1.046 11.29.2005 no virus found
VBA32 3.10.5 11.30.2005 no virus found

--------------------------
C:\WINDOWS\system32\pluverif.dll

This is a report processed by VirusTotal on 11/30/2005 at 21:55:20 (CET) after scanning the file "pluverif.dll" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 11.30.2005 no virus found
Avast 4.6.695.0 11.29.2005 no virus found
AVG 718 11.29.2005 no virus found
Avira 6.32.0.6 11.30.2005 no virus found
BitDefender 7.2 11.30.2005 no virus found
CAT-QuickHeal 8.00 11.30.2005 no virus found
ClamAV devel-20051108 11.29.2005 no virus found
DrWeb 4.33 11.30.2005 Adware.Apropos
eTrust-Iris 7.1.194.0 11.30.2005 no virus found
eTrust-Vet 11.9.1.0 11.30.2005 Win32.Propo
Fortinet 2.48.0.0 11.30.2005 no virus found
F-Prot 3.16c 11.30.2005 no virus found
Ikarus 0.2.59.0 11.30.2005 no virus found
Kaspersky 4.0.2.24 11.30.2005 Trojan.Win32.Crypt.t
McAfee 4640 11.30.2005 Apropos
NOD32v2 1.1309 11.30.2005 no virus found
Norman 5.70.10 11.30.2005 no virus found
Panda 8.02.00 11.30.2005 no virus found
Sophos 4.00.0 11.30.2005 no virus found
Symantec 8.0 11.30.2005 no virus found
TheHacker 5.9.1.046 11.29.2005 no virus found
VBA32 3.10.5 11.30.2005 no virus found

--------------------------

C:\WINDOWS\system32\rematsrv.exe

This is a report processed by VirusTotal on 11/30/2005 at 21:56:36 (CET) after scanning the file "rematsrv.exe" file.
Antivirus Version Update Result
AntiVir 6.32.0.6 11.30.2005 no virus found
Avast 4.6.695.0 11.29.2005 no virus found
AVG 718 11.29.2005 no virus found
Avira 6.32.0.6 11.30.2005 no virus found
BitDefender 7.2 11.30.2005 no virus found
CAT-QuickHeal 8.00 11.30.2005 (Suspicious) - DNAScan
ClamAV devel-20051108 11.29.2005 no virus found
DrWeb 4.33 11.30.2005 Adware.Apropos
eTrust-Iris 7.1.194.0 11.30.2005 no virus found
eTrust-Vet 11.9.1.0 11.30.2005 Win32.Propo
Fortinet 2.48.0.0 11.30.2005 no virus found
F-Prot 3.16c 11.30.2005 no virus found
Ikarus 0.2.59.0 11.30.2005 no virus found
Kaspersky 4.0.2.24 11.30.2005 Trojan.Win32.Crypt.t
McAfee 4640 11.30.2005 no virus found
NOD32v2 1.1309 11.30.2005 no virus found
Norman 5.70.10 11.30.2005 no virus found
Panda 8.02.00 11.30.2005 no virus found
Sophos 4.00.0 11.30.2005 no virus found
Symantec 8.0 11.30.2005 no virus found
TheHacker 5.9.1.046 11.29.2005 no virus found
VBA32 3.10.5 11.30.2005 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com
Seitenanfang Seitenende
30.11.2005, 22:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#42 nebsirob

KILLBOX

http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\dgsspack.exe
C:\WINDOWS\system32\pluverif.dll
C:\WINDOWS\system32\rematsrv.exe

PC neustarten

dann poste noch mal die datfindbat (nur das erste Log)
---------------------------------------------------------------------------------------
was hast du am 30.11. geladen?

Zitat

C:\WINDOWS\system32\mmf.sys

Verzeichnis von C:\WINDOWS\system32
30.11.2005 03:04 865 mmf.sys

Verzeichnis von C:\WINDOWS
30.11.2005 03:09 24 psc2M


__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.12.2005, 20:22
Member

Beiträge: 17
#43 So, hier wäre das aktuellste Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 74CC-A7FD

Verzeichnis von C:\WINDOWS\system32

01.12.2005 18:02 865 mmf.sys
27.11.2005 12:49 13.728 wpa.dbl
10.11.2005 08:15 249.184 FNTCACHE.DAT
02.11.2005 06:34 2.377.568 MRT.exe
01.11.2005 20:53 53.352 jpicpl32.cpl
01.11.2005 20:53 28.768 javaw.exe
01.11.2005 20:53 24.670 java.exe
30.10.2005 12:55 380.486 perfh009.dat
30.10.2005 12:55 391.330 perfh007.dat
30.10.2005 12:55 52.900 perfc009.dat
30.10.2005 12:55 63.778 perfc007.dat
30.10.2005 12:55 897.954 PerfStringBackup.INI
20.10.2005 15:37 40.960 SDelete.dll
20.10.2005 15:37 24.924 openports.dll
13.10.2005 08:11 118.784 sirenacm.dll
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys
04.10.2005 16:26 3.013.120 mshtml.dll
29.09.2005 19:19 8 E736E7BAE0.sys
23.09.2005 04:06 8.491.520 shell32.dll
10.09.2005 02:54 2.067.968 cdosys.dll
08.09.2005 09:08 2 RICHTX.DEP
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 530.432 mstime.dll
Seitenanfang Seitenende
01.12.2005, 20:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#44 nebsirob

du hast mir meine Frage nicht beantwortet...

die 01.12.2005 18:02 865 mmf.sys beunruhigt mich,.

mache folgendes:
Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.12.2005, 21:10
Member

Beiträge: 17
#45 Sorry,

also geladen habe ich da eigentlich nichts.
Ich habe nur meine Mails bei web.de geprüft
und meine Auktionen bei eBay angesehen.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: