Spysheriff nach Download und Wallpaper geändert

#0
02.01.2006, 14:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#31 valerossi

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

F2 - REG:system.ini: Shell=explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause

PC neustarten

C:\Programme\BearShare deinstallieren

Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 14:32
...neu hier

Beiträge: 8
#32 Hi

Sabina


kannst du mir kurz sagen in welches Sicherheitsforum???

Gibt viele habe ich so gesehen wie das Allgemeine usw.


Bitte genau ausschreiben.


Bearshare habe ich Deinstalliert wieso eiegntlich???


Bin gerade am scannen!!!


Gruss Tobias
Seitenanfang Seitenende
02.01.2006, 14:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#33 hier natuerlich ;) (ich denke, ich muss meine vorgefertigten Texte revidieren ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 15:06
...neu hier

Beiträge: 8
#34 So direkt nach dem SCAN.

Spyware Scan Details
Start Date: 02.01.2006 14:26:39
End Date: 02.01.2006 15:01:28
Total Time: 34 mins 49 secs

Detected spyware

BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Deleted

Infected files detected
c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\db\hostiles-chat.txt
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.2.db
c:\programme\bearshare\db\library.2.db.lastgoodload.bak
c:\programme\bearshare\db\library.db
c:\programme\bearshare\db\library.db.lastgoodload.bak
c:\programme\bearshare\db\searches.ini
c:\programme\bearshare\db\tmp2.tmp
c:\programme\bearshare\logs\hosts-state.txt
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt
c:\programme\bearshare\logs\streams.txt

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library


Adw.Afris.Downloader Browser Hijacker more information...
Details: This ownloader silently travels to porn sites without displaying a browser. No window is visible, but this Thread visits various porn sites and loads up the temporary internet files folder with many pornographic images.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Tobias Schäfer\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-3ef4c798-3a3ff673.class


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Infected files detected
C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} IMiniBugTransporterX
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 MiniBugTransporterX Class
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CurVer MiniBugTransporter.MiniBugTransporterX.1
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx MiniBugTransporterX Class
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\Real\WeatherBug\
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0 MiniBugTransporter 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1 132497
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID MiniBugTransporter.MiniBugTransporterX.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll, 101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID MiniBugTransporter.MiniBugTransporterX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1 MiniBugTransporterX Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CurVer MiniBugTransporter.MiniBugTransporterX.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX MiniBugTransporterX Class
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\InprocServer32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\ProgID MiniBugTransporter.MiniBugTransporterX.1
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\ToolboxBitmap32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll, 101
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\VersionIndependentProgID MiniBugTransporter.MiniBugTransporterX
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} MiniBugTransporterX Class


WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\wusn.1
HKEY_LOCAL_MACHINE\software\classes\wusn.1 WUSN_Id
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\ACM.ACMFactory
HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class
HKEY_CLASSES_ROOT\ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM
HKEY_CLASSES_ROOT\AppID\ACM.DLL
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}


WhenU.WeatherCast Low Risk Adware more information...
Details: WeatherCast is an ad supported desktop weather program that that puts an icon in the system tray displaying the local temperature. It also offers current weather data and forecasts. Weathercast is often bundled with the Save advertising program and/or th
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\software\whenu


WhenU.WhenUSearch Low Risk Adware more information...
Details: a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id


Claria.DashBar Cookie Cookie more information...
Details: DashBar cookie is a small text file placed on the user's computer after when visiting the Claria/GAIN DashBar website.
Status: Deleted


So starte jetzt Windows neu!!!
Gruss Tobias
Seitenanfang Seitenende
02.01.2006, 15:12
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#35 valerossi

nun mache bitte noch einen Onlinescan mit Panda und kopiere hier den scanreport ;)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 15:16
...neu hier

Beiträge: 8
#36 Geht nicht habe keinen Internet-Explorer mehr drauf benutze den Firefox

und Panda verlangt Internet Explorer 5 oder höher.
Seitenanfang Seitenende
02.01.2006, 15:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#37 den IE hat man immer drauf (ist im System verankert)...man benoetigt ihn ja auch, um die WindowsUpdates zu machen, ganz ohne ihn kommt man also nicht aus.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 16:08
...neu hier

Beiträge: 8
#38 Hallo Sabina

habe noch einen Internet Explorer in der Suche gefunden.

Nur der bringt dann die Fehlermeldung nachdem man den Scan gestartet hat:

Possible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...



Braucht man den Scan unbedingt oder gibt es ein anderes Programm was soll ich machen!!!!????


Gruss Tobias
Seitenanfang Seitenende
02.01.2006, 16:52
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#39 valerossi

im Grunde muesste alles sauber sein, der Counterspy hat ganze Arbeit geleistet.

leere noch den ordner, den die Killbox angelegt hat, deaktiviere die Systemwiederherstellung, dann wieder aktivieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 17:14
...neu hier

Beiträge: 8
#40 Hi Sabina

kannst du mir diese letzten Schritte auch nochmal erklären wo die Killbox genau ist und wie man die Systemwiederherstellung aktiviert bzw. Deaktiviert.


Und was ist mit den ganzen Programmen die ich runtergeladen habe kann ich die wieder löschen wenn ja einfach so oder über die Software von Windows. Da wirds wohl keine Probleme geben oder????


PS: Du bist wirklich allererste Sahne spitze !!!

Gruss Tobias
Seitenanfang Seitenende
02.01.2006, 17:32
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#41 die Killbox muesste unter c:\Killbox zu finden sein.

den Counterspy: scanne noch mal, wenn dann alles sauber ist, deinstalliere ihn wieder.

Anleitung Systemwiederherstellung ;) deaktivieren (dann wieder aktivieren)
http://virus-protect.org/systemwiederherstellung.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 22:18
...neu hier

Beiträge: 8
#42 Hi Sabina

wollte mich nur nochmal bedanken.

Alles läuft wieder !!!

Du bist einfach super klasse - mach weiter so!!!



Gruss Tobias
Dieser Beitrag wurde am 03.01.2006 um 01:31 Uhr von valerossi editiert.
Seitenanfang Seitenende
05.01.2006, 14:08
...neu hier

Beiträge: 1
#43 Hallo!

Ich hab mir den selben Virus eingefangen und bin leider eine absolute niete was computer angeht ~__~
Ich hoffe ich habs soweit alles richtig gemacht und wäre sehr dankbar über hilfe ;_;

1.
Verzeichnis von C:\WINDOWS\system32

05.01.2006 13:25 7.192 paytime.exe

04.01.2006 10:44 2.206 wpa.dbl
22.12.2005 11:13 547 ff_vfw.dll.manifest ????
22.12.2005 11:13 6.144 ff_acm.acm
22.12.2005 11:13 5.120 ff_vfw.dll

09.12.2005 01:21 2.723.680 MRT.exe
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 1.022.464 browseui.dll
24.11.2005 00:58 3.013.632 mshtml.dll
12.11.2005 17:51 192.976 FNTCACHE.DAT
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
30.10.2005 15:48 311.604 perfh009.dat
30.10.2005 15:48 39.992 perfc009.dat
30.10.2005 15:48 48.156 perfc007.dat
30.10.2005 15:48 316.594 perfh007.dat
30.10.2005 15:48 723.744 PerfStringBackup.INI
28.10.2005 21:31 1.449.984 php4ts.dll
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 152.064 cdfview.dll
21.10.2005 04:40 205.312 dxtrans.dll
21.10.2005 04:40 251.392 iepeers.dll
21.10.2005 04:40 55.808 extmgr.dll
20.10.2005 23:25 1.094.144 esent.dll
17.10.2005 20:58 65.536 QuickTimeVR.qtx
17.10.2005 20:57 49.152 QuickTime.qts
13.10.2005 00:11 15.584 spmsg.dll
10.10.2005 23:25 176.167 rmoc3260.dll
10.10.2005 23:25 6.656 pndx5016.dll
10.10.2005 23:25 5.632 pndx5032.dll
10.10.2005 23:25 278.528 pncrt.dll
08.10.2005 00:48 0 h323log.txt
07.10.2005 18:56 261 $winnt$.inf
07.10.2005 18:52 2.951 CONFIG.NT
07.10.2005 18:52 16.832 amcompat.tlb
07.10.2005 18:52 23.392 nscompat.tlb
07.10.2005 18:51 488 WindowsLogon.manifest
07.10.2005 18:51 488 logonui.exe.manifest
07.10.2005 18:51 749 ncpa.cpl.manifest
07.10.2005 18:51 749 wuaucpl.cpl.manifest
07.10.2005 18:51 749 nwc.cpl.manifest
07.10.2005 18:51 749 cdplayer.exe.manifest
07.10.2005 18:51 749 sapi.cpl.manifest
07.10.2005 18:47 21.740 emptyregdb.dat
06.10.2005 04:18 280.064 gdi32.dll
06.10.2005 04:08 1.839.616 win32k.sys

2.

Verzeichnis von C:\DOKUME~1\user\LOKALE~1\Temp


3.

Verzeichnis von C:\WINDOWS

05.01.2006 13:39 1.024 tool5.exe
05.01.2006 13:26 69.120 tool1.exe
05.01.2006 13:14 73.316 kl.exe
05.01.2006 13:14 0 uniq

05.01.2006 10:43 157 wiadebug.log
05.01.2006 10:43 1.525.682 WindowsUpdate.log
05.01.2006 10:43 50 wiaservc.log
05.01.2006 10:43 0 0.log
05.01.2006 10:43 2.048 bootstat.dat
05.01.2006 00:22 30.284 SchedLgU.Txt
04.01.2006 23:41 1.409 QTFont.for
04.01.2006 23:41 54.156 QTFont.qfn
04.01.2006 22:16 49 NeroDigital.ini
04.01.2006 20:29 1.080 AUTOLNCH.REG
04.01.2006 15:42 488 NJSTARJ.INI
02.01.2006 21:52 187.649 setupact.log
30.12.2005 22:57 137 nscstiu_error.txt
30.12.2005 14:21 33.439 wmsetup.log
21.12.2005 18:47 1.347 goldwave.ini
20.12.2005 23:02 5.295 cdplayer.ini
18.12.2005 01:13 60.094 ntdtcsetup.log
18.12.2005 01:13 327.004 iis6.log
18.12.2005 01:13 101.065 comsetup.log
18.12.2005 01:13 129.388 tsoc.log
18.12.2005 01:13 14.003 tabletoc.log
18.12.2005 01:13 1.393 imsins.log
18.12.2005 01:13 15.161 ocmsn.log
18.12.2005 01:13 48.211 netfxocm.log
18.12.2005 01:13 19.500 MedCtrOC.log
18.12.2005 01:13 140.008 ocgen.log
18.12.2005 01:13 9.441 KB910437.log
18.12.2005 01:13 13.880 msgsocm.log
18.12.2005 01:13 266.175 FaxSetup.log
18.12.2005 01:13 88.702 msmqinst.log
18.12.2005 01:13 17.838 updspapi.log
18.12.2005 01:13 1.393 imsins.BAK
18.12.2005 01:13 16.612 KB905915.log
12.12.2005 13:51 500 GEARInstall.log
26.11.2005 21:14 737.280 iun6002.exe17.11.2005 21:05 634.655 setupapi.log
15.11.2005 11:53 497 win.ini
11.11.2005 00:07 11.960 KB896424.log
24.10.2005 23:22 21.174 KB901017.log
24.10.2005 23:22 24.813 KB902400.log
24.10.2005 23:21 15.186 KB896688.log
24.10.2005 23:21 13.447 KB899589.log
24.10.2005 23:21 13.771 KB905414.log
24.10.2005 23:21 13.797 KB900725.log
24.10.2005 23:21 11.410 KB904706.log
24.10.2005 23:21 12.039 KB905749.log
10.10.2005 23:40 3.362 express.eqx
10.10.2005 23:40 6.592 gwpreset.ini
10.10.2005 23:13 426 ULead32.ini
10.10.2005 17:29 23.059 KB899587.log
10.10.2005 17:25 316.640 WMSysPr9.prx
10.10.2005 17:18 400 ODBC.INI
10.10.2005 17:12 13.177 KB896423.log
10.10.2005 17:12 7.328 KB886185.log
10.10.2005 16:48 0 nsreg.dat
10.10.2005 16:48 99.970 UninstallFirefox.exe
10.10.2005 16:48 2.608 mozver.dat
10.10.2005 16:43 7.351 KB893803v2.log
10.10.2005 16:43 8.447 KB898461.log
10.10.2005 16:37 1.648 Ascd_tmp.ini
09.10.2005 14:51 829 OEWABLog.txt
09.10.2005 14:51 812.853 setuplog.txt
08.10.2005 00:14 0 Sti_Trace.log
08.10.2005 00:11 1.348 regopt.log
08.10.2005 00:11 231 system.ini
08.10.2005 00:10 0 setuperr.log
07.10.2005 18:56 8.192 REGLOCS.OLD
07.10.2005 18:52 0 control.ini
07.10.2005 18:52 4.161 ODBCINST.INI
07.10.2005 18:51 749 WindowsShell.Manifest
07.10.2005 18:48 1.023 sessmgr.setup.log
07.10.2005 18:47 37 vbaddin.ini
07.10.2005 18:47 36 vb.ini
07.10.2005 18:47 133 DtcInstall.log
07.10.2005 17:48 200 cmsetacl.log

4.

Verzeichnis von C:\

05.01.2006 14:03 0 sys.txt
05.01.2006 14:03 7.018 system.txt
05.01.2006 14:02 132 systemtemp.txt
05.01.2006 14:02 97.792 system32.txt
05.01.2006 10:43 536.137.728 hiberfil.sys
05.01.2006 10:43 805.306.368 pagefile.sys
04.01.2006 20:29 0 Log.txt
07.10.2005 18:52 0 CONFIG.SYS
07.10.2005 18:52 0 IO.SYS
07.10.2005 18:52 0 MSDOS.SYS
07.10.2005 18:52 0 AUTOEXEC.BAT
07.10.2005 17:48 211 boot.ini


"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"Go!Zilla" = ""C:\Programme\Go!Zilla\gozilla.exe" /tray" ["DigitalCandle, Inc."]
"Shell" = ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"" [null data]
"PayTime" = "C:\WINDOWS\system32\paytime.exe" [MS]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"RaidTool" = "C:\Programme\VIA\RAID\raid_tool.exe" ["VIA Technologies"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"MMTray" = "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" ["MUSICMATCH, Inc."]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"CloneCDTray" = ""C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"PayTime" = "C:\WINDOWS\system32\paytime.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{CD4C3CF0-4B15-11D1-ABED-709549C10000}\(Default) = "IEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Go!Zilla\GoIEHlp.dll" ["Radiate, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "Shell" = "explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"" [MS], [file not found], [file not found], [file not found], [file not found]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "user" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Go!Zilla" -> shortcut to: "C:\Programme\Go!Zilla\gozilla.exe" ["DigitalCandle, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 12
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\ = "Shell Search Band" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Apache, Apache, ""C:\Programme\Apache Group\Apache\Apache.exe" --ntservice" [null data]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 38 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 15 seconds.
---------- (total run time: 88 seconds)
Dieser Beitrag wurde am 05.01.2006 um 14:10 Uhr von Utena editiert.
Seitenanfang Seitenende
05.01.2006, 17:42
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#44 Utena

SmitRem2.8
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

laden--> in den abgesicherten Modus booten --> öffne smitRem folder --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt -- poste den scanreport

http://virus-protect.org/artikel/tools/smitfraudfix.html
lade das tool smitfraudfix, scanne, dann poste noch mal die 4 Textdateien, und auch den scanreport von smitfraudfix..ich will sehen, ob das tool haelt, was es verspricht

dann sehen wir weiter
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: