Adult FriendFinder Popup Problem! |
||
---|---|---|
#0
| ||
17.03.2006, 15:47
Ehrenmitglied
Beiträge: 29434 |
||
|
||
17.03.2006, 18:18
...neu hier
Beiträge: 9 |
#17
Ok ich hab verstanden, kommt sofort:
Verzeichnis von C:\WINDOWS\system32 16.03.2006 13:22 2.206 wpa.dbl 01.03.2006 15:50 34.064 lhacm.acm 25.02.2006 21:35 176.167 rmoc3260.dll 25.02.2006 21:35 5.632 pndx5032.dll 25.02.2006 21:35 6.656 pndx5016.dll 25.02.2006 21:35 278.528 pncrt.dll 13.02.2006 19:17 10.752 Thumbs.db 18.01.2006 13:05 57.344 avsda.dll 14.01.2006 12:17 247.104 FNTCACHE.DAT 07.01.2006 11:44 2.368 SVKP.sys 07.01.2006 10:54 7.006 jupdate-1.5.0_06-b05.log 06.01.2006 19:25 43.520 CmdLineExt03.dll 06.01.2006 18:28 23.392 nscompat.tlb 06.01.2006 18:28 16.832 amcompat.tlb 06.01.2006 17:35 34.308 BASSMOD.dll 06.01.2006 16:07 22 ati64hlp.stb 06.01.2006 15:57 2.272 w95inf16.dll 06.01.2006 15:57 4.608 w95inf32.dll 06.01.2006 15:45 311.604 perfh009.dat 06.01.2006 15:45 39.992 perfc009.dat 06.01.2006 15:45 316.594 perfh007.dat 06.01.2006 15:45 48.156 perfc007.dat 06.01.2006 15:45 723.744 PerfStringBackup.INI 06.01.2006 15:39 25.065 wmpscheme.xml 06.01.2006 14:34 261 $winnt$.inf 06.01.2006 14:32 2.951 CONFIG.NT 06.01.2006 14:31 488 logonui.exe.manifest 06.01.2006 14:31 488 WindowsLogon.manifest 06.01.2006 14:31 749 cdplayer.exe.manifest 06.01.2006 14:31 749 wuaucpl.cpl.manifest 06.01.2006 14:31 749 sapi.cpl.manifest 06.01.2006 14:31 749 ncpa.cpl.manifest 06.01.2006 14:31 749 nwc.cpl.manifest 06.01.2006 14:30 21.740 emptyregdb.dat 06.01.2006 14:28 0 h323log.txt Verzeichnis von C:\DOKUME~1\Norman\LOKALE~1\Temp da ist nix Verzeichnis von C:\WINDOWS 17.03.2006 11:34 0 0.log 17.03.2006 11:34 2.048 bootstat.dat 17.03.2006 11:33 32.474 SchedLgU.Txt 17.03.2006 02:00 201.552 setupact.log 14.03.2006 22:13 71.031 wmsetup.log 14.03.2006 00:06 215 wiadebug.log 12.03.2006 21:26 50 wiaservc.log 11.03.2006 04:38 717 win.ini 09.03.2006 22:13 227 system.ini 07.03.2006 12:34 14.848 Thumbs.db 07.03.2006 12:34 69 NeroDigital.ini 06.03.2006 15:03 2.560 _MSRSTRT.EXE 28.02.2006 21:42 66 FinalAlert2.ini 21.02.2006 18:17 1.247.088 setupapi.log 21.02.2006 18:07 14 popcinfo.dat 06.02.2006 15:48 0 setuperr.log 16.01.2006 00:58 95 winamp.ini 13.01.2006 23:08 400 ODBC.INI 08.01.2006 19:58 323.173 DirectX.log 07.01.2006 15:02 13.606 Windows Update.log 07.01.2006 11:11 26 ATICIM.MIF 07.01.2006 10:38 287 Q312370.log 07.01.2006 04:43 995 eReg.dat 06.01.2006 19:58 276 game.ini 06.01.2006 19:09 418 SIERRA.INI 06.01.2006 18:29 377 wmsetup10.log 06.01.2006 18:28 316.640 WMSysPr9.prx 06.01.2006 17:36 18.041 irunin.ini 06.01.2006 17:36 720.896 iun6002ev.exe 06.01.2006 17:36 15.938 irunin.lng 06.01.2006 17:36 8.134 irunin.bmp 06.01.2006 17:36 114.493 irunin.dat 06.01.2006 16:07 4.333 mixerdef.ini 06.01.2006 16:07 411 CMISETUP.INI 06.01.2006 16:07 26 CMCDPLAY.INI 06.01.2006 15:39 829 OEWABLog.txt 06.01.2006 14:35 8.192 REGLOCS.OLD 06.01.2006 14:34 15.792 comsetup.log 06.01.2006 14:34 47.035 iis6.log 06.01.2006 14:34 7.946 ntdtcsetup.log 06.01.2006 14:34 10.190 tsoc.log 06.01.2006 14:34 1.315 tabletoc.log 06.01.2006 14:34 4.326 imsins.log 06.01.2006 14:32 0 control.ini 06.01.2006 14:32 299.552 WMSysPrx.prx 06.01.2006 14:32 4.161 ODBCINST.INI 06.01.2006 14:31 749 WindowsShell.Manifest 06.01.2006 14:30 870 msgsocm.log 06.01.2006 14:30 1.065 ocmsn.log 06.01.2006 14:30 15.505 ocgen.log 06.01.2006 14:30 11.537 FaxSetup.log 06.01.2006 14:30 1.060 sessmgr.setup.log 06.01.2006 14:30 2.477 netfxocm.log 06.01.2006 14:30 37 vbaddin.ini 06.01.2006 14:30 36 vb.ini 06.01.2006 14:29 128 DtcInstall.log 06.01.2006 14:29 9.854 msmqinst.log 06.01.2006 14:27 0 Sti_Trace.log 06.01.2006 14:26 1.348 regopt.log Verzeichnis von C:\ 17.03.2006 11:42 0 sys.txt 17.03.2006 11:41 5.215 system.txt 17.03.2006 11:40 127 systemtemp.txt 17.03.2006 11:37 94.739 system32.txt 17.03.2006 11:34 2.621.440.000 pagefile.sys 09.03.2006 22:13 194 boot.ini 02.03.2006 03:51 192 persist.dbs 06.01.2006 14:32 0 AUTOEXEC.BAT 06.01.2006 14:32 768 5jljawja.sys 06.01.2006 14:32 0 IO.SYS 06.01.2006 14:32 0 CONFIG.SYS 06.01.2006 14:32 0 MSDOS.SYS Ok das war es Mfg Norman |
|
|
||
18.03.2006, 01:03
Ehrenmitglied
Beiträge: 29434 |
#18
Norman2705
Einzelne Dateien scannen Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten--> hier den Report kopieren http://www.virustotal.com/flash/index_en.html C:\5jljawja.sys C:\WINDOWS\_MSRSTRT.EXE ------------------------------------------------- counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove --> Status: Deleted *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.03.2006, 03:38
...neu hier
Beiträge: 9 |
#19
Entschuldige, aber das kapier ich irgendwie nicht. So gut kenne ich mich nicht aus !!! Was mach ich denn jetzt ???
Mfg Norman |
|
|
||
18.03.2006, 16:03
Ehrenmitglied
Beiträge: 29434 |
#20
1.
du sollst zuerst die zwei Dateien pruefen...ob es Viren sind oder nicht. 2, dann sollst du den counterspy laden, scannen und de scanreport posten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 02:47
...neu hier
Beiträge: 9 |
#21
Hier die Scanreports der 2 Dateien:
This is a report processed by VirusTotal on 03/19/2006 at 02:08:56 (CET) after scanning the file "5jljawja.sys" file. Antivirus Version Update Result AntiVir 6.34.0.53 03.18.2006 no virus found Avast 4.6.695.0 03.17.2006 no virus found AVG 718 03.17.2006 no virus found Avira 6.34.0.53 03.18.2006 no virus found BitDefender 7.2 03.18.2006 no virus found CAT-QuickHeal 8.00 03.18.2006 no virus found ClamAV devel-20060126 03.19.2006 no virus found DrWeb 4.33 03.18.2006 no virus found eTrust-InoculateIT 23.71.105 03.18.2006 no virus found eTrust-Vet 12.4.2123 03.17.2006 no virus found Ewido 3.5 03.18.2006 no virus found Fortinet 2.71.0.0 03.19.2006 no virus found F-Prot 3.16c 03.17.2006 no virus found Ikarus 0.2.59.0 03.17.2006 no virus found Kaspersky 4.0.2.24 03.19.2006 no virus found McAfee 4721 03.17.2006 no virus found NOD32v2 1.1450 03.18.2006 no virus found Norman 5.70.10 03.17.2006 no virus found Panda 9.0.0.4 03.18.2006 no virus found Sophos 4.03.0 03.18.2006 no virus found Symantec 8.0 03.19.2006 no virus found TheHacker 5.9.5.115 03.17.2006 no virus found UNA 1.83 03.16.2006 no virus found VBA32 3.10.5 03.17.2006 no virus found This is a report processed by VirusTotal on 03/19/2006 at 02:12:00 (CET) after scanning the file "_MSRSTRT.EXE" file. Antivirus Version Update Result AntiVir 6.34.0.53 03.18.2006 no virus found Avast 4.6.695.0 03.17.2006 no virus found AVG 718 03.17.2006 no virus found Avira 6.34.0.53 03.18.2006 no virus found BitDefender 7.2 03.18.2006 no virus found CAT-QuickHeal 8.00 03.18.2006 Tool.Win32.Reboot (Not a Virus) ClamAV devel-20060126 03.19.2006 no virus found DrWeb 4.33 03.18.2006 no virus found eTrust-InoculateIT 23.71.105 03.18.2006 no virus found eTrust-Vet 12.4.2123 03.17.2006 no virus found Ewido 3.5 03.18.2006 no virus found Fortinet 2.71.0.0 03.19.2006 no virus found F-Prot 3.16c 03.17.2006 no virus found Ikarus 0.2.59.0 03.17.2006 no virus found Kaspersky 4.0.2.24 03.19.2006 no virus found McAfee 4721 03.17.2006 no virus found NOD32v2 1.1450 03.18.2006 no virus found Norman 5.70.10 03.17.2006 no virus found Panda 9.0.0.4 03.18.2006 no virus found Sophos 4.03.0 03.18.2006 no virus found Symantec 8.0 03.19.2006 no virus found TheHacker 5.9.5.115 03.17.2006 no virus found UNA 1.83 03.16.2006 no virus found VBA32 3.10.5 03.17.2006 no virus found und jetzt folgt der Scanbericht von Counterspy: Spyware Scan Details Start Date: 19.03.2006 02:19:30 End Date: 19.03.2006 02:42:30 Total Time: 23 mins Detected spyware BearShare P2P Program more information... Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs. Status: Ignored Infected files detected c:\programme\bearshare\bearshare.dat c:\programme\bearshare\bearshare.exe c:\programme\bearshare\bsidle.dll c:\programme\bearshare\freepeers.ini c:\programme\bearshare\history.txt c:\programme\bearshare\install.log c:\programme\bearshare\runmsc.dll c:\programme\bearshare\unwise.exe c:\programme\bearshare\webstats.bat c:\programme\bearshare\webstats.exe c:\programme\bearshare\webstats.ini c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\connect.txt c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\db\hostiles-chat.txt c:\programme\bearshare\db\hostiles.txt c:\programme\bearshare\db\library.2.db c:\programme\bearshare\db\library.2.db-journal.bak c:\programme\bearshare\db\library.2.db.lastgoodload.bak c:\programme\bearshare\db\library.db c:\programme\bearshare\db\library.db-journal.bak c:\programme\bearshare\db\library.db.lastgoodload.bak c:\programme\bearshare\db\library.db.sync c:\programme\bearshare\db\searches.ini c:\programme\bearshare\installer\bsinstall.exe c:\programme\bearshare\logs\console.txt c:\programme\bearshare\logs\hosts-state.txt c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt c:\programme\bearshare\logs\streams.txt c:\programme\bearshare\sounds\notify.wav Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\Master0 C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.1.1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.com/help.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare NetPumper Adware Bundler more information... Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar. Status: Ignored Infected files detected c:\dokumente und einstellungen\norman\anwendungsdaten\netpumper\norman.ini c:\programme\netpumper\zm\minime.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro\Firstrun state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo QUdK-ioR4WWrEuZGSLofzwAJ1uOSq4zOEPSANLhWl-W+4UIy9PYaNR+jlXcsimCdbI0ReboN7w7IUbYAylE8HdEkWDaO8G-ETAPVB8aIdekw3mUiJqMPcNUxT01ypBqvBwc7MnKagDG40ftKgHcGKayYvfv1y6lfSQguYnMk++o HKEY_CURRENT_USER\Software\NetPumper HKEY_CURRENT_USER\Software\NetPumper\Norman Field1 143517732 HKEY_CURRENT_USER\Software\NetPumper\Norman Field2 709736676 HKEY_CURRENT_USER\Software\NetPumper\Norman Field3 2098568053 HKEY_CURRENT_USER\Software\NetPumper\Norman Field4 1942419585 HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2 HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2 HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage WhenU.SaveNow Adware more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Ignored Infected files detected c:\programme\save\acm.dll C:\Programme\BearShare\RunMSC.dll C:\Programme\BearShare\Webstats.exe C:\Programme\BearShare\Webstats.ini Infected registry entries detected HKEY_CLASSES_ROOT\runmsc.loader.1\clsid HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\clsid HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\curver HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayName WhenU Save HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayIcon C:\Programme\Save\save.exe,1 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayVersion 3.50 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg HelpLink http://www.whenu.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg UrlInfoAbout http://www.whenu.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg Publisher WhenU.com, Inc. HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg UninstallString "C:\Programme\Save\SaveUninst.exe" /w /d"WhenU Save" HKEY_CLASSES_ROOT\ACM.ACMFactory HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1 HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} Hotbar Adware more information... Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer. Status: Ignored Infected files detected c:\persist.dbs Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE15} SearchNugget Browser Plug-in more information... Details: SearchNugget is a Browser Helper Object that displays a toolbar in Internet Explorer as well as a button and changes the Internet Explorer home page. Status: Ignored Infected files detected c:\programme\save\acm.dll Infected registry entries detected HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library Cok.ad.yieldmanager Cookie more information... Status: Ignored Infected cookies detected c:\dokumente und einstellungen\norman\cookies\norman@ad.yieldmanager[2].txt Revenue.net Cookie more information... Status: Ignored Infected cookies detected c:\dokumente und einstellungen\norman\cookies\norman@revenue[2].txt Radar Spy 1.0 Cookie more information... Status: Ignored Infected cookies detected c:\dokumente und einstellungen\norman\cookies\norman@tradedoubler[1].txt Adserver.com Cookie more information... Status: Ignored Infected cookies detected c:\dokumente und einstellungen\norman\cookies\norman@z1.adserver[1].txt Zedo Cookie more information... Status: Ignored Infected cookies detected c:\dokumente und einstellungen\norman\cookies\norman@zedo[1].txt |
|
|
||
19.03.2006, 12:23
Ehrenmitglied
Beiträge: 29434 |
#22
Zitat Status: Ignoreddu musst noch einmal scannen und so, wie ich es geschrieben hatte...alles "Remove" * nach dem Scan muss man sich entscheiden für: *Ignore *Remove --> Status: Deleted *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 20:07
...neu hier
Beiträge: 9 |
#23
Habe ersten Scan durchgeführt und die Infected Dateien Removed, hier der Scanreport nach dem zweiten Durchlauf, habe aber die beiden Dateien schon wieder gelöscht:#
Spyware Scan Details Start Date: 19.03.2006 19:43:21 End Date: 19.03.2006 20:04:35 Total Time: 21 mins 14 secs Detected spyware PointRoll.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\norman\cookies\norman@ads.pointroll[2].txt Zedo Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\norman\cookies\norman@zedo[1].txt Werbung kommt trotzdem noch immer, was kann man jetzt noch tun ??? Mfg Norman |
|
|
||
19.03.2006, 20:32
Ehrenmitglied
Beiträge: 29434 |
#24
scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 22:53
...neu hier
Beiträge: 9 |
#25
Ja hab ich versucht aber kommt wiedermal dieser Error, da steht man muss was in der Registry eintragen aber da hab ich keine Ahnung von, und bevor ich was kaputt mache frage ich sie lieber mal !!!!
Mfg Norman |
|
|
||
20.03.2006, 13:03
Ehrenmitglied
Beiträge: 29434 |
#26
lass es erst mal, versuche mit etrust zu scannen (findest du auf der gleichen Seite)..klappt das ?
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.03.2006, 15:14
...neu hier
Beiträge: 9 |
#27
Hi Sabina !
Ja mit etrust scannen klappt, hier der Scanreport: Scan-Ergebnisse: Scan wurde abgeschlossen. 79798 Dateien wurden gescannt. Keine Viren gefunden. Datei Infektion Status Pfad - Keine Infektionen MfG Norman Vom 21.03.2006 00.29 Uhr Hallo Sabina!!! Wie sie sehen hat der Scan nichts ergeben, aber die Werbung kommt immer noch, das nervt so, gibt es da überhaupt noch eine Möglichkeit??? Bitte um Hilfe. Vielen Vielen Dank für die Mühe bis jetzt, weiss ich zu schätzen !!! MfG Norman Dieser Beitrag wurde am 22.03.2006 um 00:31 Uhr von Norman2705 editiert.
|
|
|
||
28.04.2006, 01:53
Ehrenmitglied
Beiträge: 29434 |
#28
ich finde nichts mehr und die Virenscanner auch nicht
1. wende noch einmal CleanUp an http://virus-protect.org/cleanup.html 2. RootkitRevealer -> poste das Log http://www.sysinternals.com/Utilities/RootkitRevealer.html 3. Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: Zitat dir %Windir%\tasks /a h > files.txt- Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.04.2006, 22:39
...neu hier
Beiträge: 9 |
#29
Hey Sabina, alles klar, wende jetzt jeden Tag Clean Up mindestens 2 - 3 mal an und die Werbungen sind weg. Vielen Vielen Dank für die große Hilfe
Norman |
|
|
||
Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)--> ich will sie sehen
http://virus-protect.org/datfindbat.html
__________
MfG Sabina
rund um die PC-Sicherheit