Spysheriff nach Download und Wallpaper geändert |
||
---|---|---|
#0
| ||
02.01.2006, 14:00
Ehrenmitglied
Beiträge: 29434 |
||
|
||
02.01.2006, 14:32
...neu hier
Beiträge: 8 |
#32
Hi
Sabina kannst du mir kurz sagen in welches Sicherheitsforum??? Gibt viele habe ich so gesehen wie das Allgemeine usw. Bitte genau ausschreiben. Bearshare habe ich Deinstalliert wieso eiegntlich??? Bin gerade am scannen!!! Gruss Tobias |
|
|
||
02.01.2006, 14:45
Ehrenmitglied
Beiträge: 29434 |
#33
hier natuerlich (ich denke, ich muss meine vorgefertigten Texte revidieren
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 15:06
...neu hier
Beiträge: 8 |
#34
So direkt nach dem SCAN.
Spyware Scan Details Start Date: 02.01.2006 14:26:39 End Date: 02.01.2006 15:01:28 Total Time: 34 mins 49 secs Detected spyware BearShare P2P more information... Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs. Status: Deleted Infected files detected c:\programme\bearshare\bearshare.dat c:\programme\bearshare\freepeers.ini c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\db\hostiles-chat.txt c:\programme\bearshare\db\hostiles.txt c:\programme\bearshare\db\library.2.db c:\programme\bearshare\db\library.2.db.lastgoodload.bak c:\programme\bearshare\db\library.db c:\programme\bearshare\db\library.db.lastgoodload.bak c:\programme\bearshare\db\searches.ini c:\programme\bearshare\db\tmp2.tmp c:\programme\bearshare\logs\hosts-state.txt c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt c:\programme\bearshare\logs\streams.txt Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library Adw.Afris.Downloader Browser Hijacker more information... Details: This ownloader silently travels to porn sites without displaying a browser. No window is visible, but this Thread visits various porn sites and loads up the temporary internet files folder with many pornographic images. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Tobias Schäfer\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-3ef4c798-3a3ff673.class Weatherbug Low Risk Adware more information... Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon. Status: Deleted Infected files detected C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll Infected registry entries detected HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} IMiniBugTransporterX HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 MiniBugTransporterX Class HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CurVer MiniBugTransporter.MiniBugTransporterX.1 HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx MiniBugTransporterX Class HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\Real\WeatherBug\ HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0 MiniBugTransporter 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID MiniBugTransporter.MiniBugTransporterX.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll, 101 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID MiniBugTransporter.MiniBugTransporterX HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1 MiniBugTransporterX Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CurVer MiniBugTransporter.MiniBugTransporterX.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX MiniBugTransporterX Class HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\InprocServer32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\ProgID MiniBugTransporter.MiniBugTransporterX.1 HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\ToolboxBitmap32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll, 101 HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0} HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}\VersionIndependentProgID MiniBugTransporter.MiniBugTransporterX HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} MiniBugTransporterX Class WhenU.SaveNow Adware more information... Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1 HKEY_LOCAL_MACHINE\software\classes\wusn.1 HKEY_LOCAL_MACHINE\software\classes\wusn.1 WUSN_Id HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\wusn.1 HKEY_CLASSES_ROOT\wusn.1 WUSN_Id HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_CLASSES_ROOT\ACM.ACMFactory HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1 HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} WhenU.WeatherCast Low Risk Adware more information... Details: WeatherCast is an ad supported desktop weather program that that puts an icon in the system tray displaying the local temperature. It also offers current weather data and forecasts. Weathercast is often bundled with the Save advertising program and/or th Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\whenu WhenU.WhenUSearch Low Risk Adware more information... Details: a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\WUSN.1 HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id Claria.DashBar Cookie Cookie more information... Details: DashBar cookie is a small text file placed on the user's computer after when visiting the Claria/GAIN DashBar website. Status: Deleted So starte jetzt Windows neu!!! Gruss Tobias |
|
|
||
02.01.2006, 15:12
Ehrenmitglied
Beiträge: 29434 |
#35
valerossi
nun mache bitte noch einen Onlinescan mit Panda und kopiere hier den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 15:16
...neu hier
Beiträge: 8 |
#36
Geht nicht habe keinen Internet-Explorer mehr drauf benutze den Firefox
und Panda verlangt Internet Explorer 5 oder höher. |
|
|
||
02.01.2006, 15:35
Ehrenmitglied
Beiträge: 29434 |
#37
den IE hat man immer drauf (ist im System verankert)...man benoetigt ihn ja auch, um die WindowsUpdates zu machen, ganz ohne ihn kommt man also nicht aus.
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 16:08
...neu hier
Beiträge: 8 |
#38
Hallo Sabina
habe noch einen Internet Explorer in der Suche gefunden. Nur der bringt dann die Fehlermeldung nachdem man den Scan gestartet hat: Possible causes of this error are: Not allowing the application's ActiveX control to be downloaded. Problems with the Internet connection. The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,... Braucht man den Scan unbedingt oder gibt es ein anderes Programm was soll ich machen!!!!???? Gruss Tobias |
|
|
||
02.01.2006, 16:52
Ehrenmitglied
Beiträge: 29434 |
#39
valerossi
im Grunde muesste alles sauber sein, der Counterspy hat ganze Arbeit geleistet. leere noch den ordner, den die Killbox angelegt hat, deaktiviere die Systemwiederherstellung, dann wieder aktivieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 17:14
...neu hier
Beiträge: 8 |
#40
Hi Sabina
kannst du mir diese letzten Schritte auch nochmal erklären wo die Killbox genau ist und wie man die Systemwiederherstellung aktiviert bzw. Deaktiviert. Und was ist mit den ganzen Programmen die ich runtergeladen habe kann ich die wieder löschen wenn ja einfach so oder über die Software von Windows. Da wirds wohl keine Probleme geben oder???? PS: Du bist wirklich allererste Sahne spitze !!! Gruss Tobias |
|
|
||
02.01.2006, 17:32
Ehrenmitglied
Beiträge: 29434 |
#41
die Killbox muesste unter c:\Killbox zu finden sein.
den Counterspy: scanne noch mal, wenn dann alles sauber ist, deinstalliere ihn wieder. Anleitung Systemwiederherstellung deaktivieren (dann wieder aktivieren) http://virus-protect.org/systemwiederherstellung.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 22:18
...neu hier
Beiträge: 8 |
#42
Hi Sabina
wollte mich nur nochmal bedanken. Alles läuft wieder !!! Du bist einfach super klasse - mach weiter so!!! Gruss Tobias Dieser Beitrag wurde am 03.01.2006 um 01:31 Uhr von valerossi editiert.
|
|
|
||
05.01.2006, 14:08
...neu hier
Beiträge: 1 |
#43
Hallo!
Ich hab mir den selben Virus eingefangen und bin leider eine absolute niete was computer angeht ~__~ Ich hoffe ich habs soweit alles richtig gemacht und wäre sehr dankbar über hilfe ;_; 1. Verzeichnis von C:\WINDOWS\system32 05.01.2006 13:25 7.192 paytime.exe 04.01.2006 10:44 2.206 wpa.dbl 22.12.2005 11:13 547 ff_vfw.dll.manifest ???? 22.12.2005 11:13 6.144 ff_acm.acm 22.12.2005 11:13 5.120 ff_vfw.dll 09.12.2005 01:21 2.723.680 MRT.exe 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 00:58 1.022.464 browseui.dll 24.11.2005 00:58 3.013.632 mshtml.dll 12.11.2005 17:51 192.976 FNTCACHE.DAT 05.11.2005 04:16 606.208 urlmon.dll 05.11.2005 04:16 1.056.256 danim.dll 30.10.2005 15:48 311.604 perfh009.dat 30.10.2005 15:48 39.992 perfc009.dat 30.10.2005 15:48 48.156 perfc007.dat 30.10.2005 15:48 316.594 perfh007.dat 30.10.2005 15:48 723.744 PerfStringBackup.INI 28.10.2005 21:31 1.449.984 php4ts.dll 21.10.2005 04:40 664.064 wininet.dll 21.10.2005 04:40 474.112 shlwapi.dll 21.10.2005 04:40 530.944 mstime.dll 21.10.2005 04:40 39.424 pngfilt.dll 21.10.2005 04:40 448.512 mshtmled.dll 21.10.2005 04:40 146.432 msrating.dll 21.10.2005 04:40 96.768 inseng.dll 21.10.2005 04:40 152.064 cdfview.dll 21.10.2005 04:40 205.312 dxtrans.dll 21.10.2005 04:40 251.392 iepeers.dll 21.10.2005 04:40 55.808 extmgr.dll 20.10.2005 23:25 1.094.144 esent.dll 17.10.2005 20:58 65.536 QuickTimeVR.qtx 17.10.2005 20:57 49.152 QuickTime.qts 13.10.2005 00:11 15.584 spmsg.dll 10.10.2005 23:25 176.167 rmoc3260.dll 10.10.2005 23:25 6.656 pndx5016.dll 10.10.2005 23:25 5.632 pndx5032.dll 10.10.2005 23:25 278.528 pncrt.dll 08.10.2005 00:48 0 h323log.txt 07.10.2005 18:56 261 $winnt$.inf 07.10.2005 18:52 2.951 CONFIG.NT 07.10.2005 18:52 16.832 amcompat.tlb 07.10.2005 18:52 23.392 nscompat.tlb 07.10.2005 18:51 488 WindowsLogon.manifest 07.10.2005 18:51 488 logonui.exe.manifest 07.10.2005 18:51 749 ncpa.cpl.manifest 07.10.2005 18:51 749 wuaucpl.cpl.manifest 07.10.2005 18:51 749 nwc.cpl.manifest 07.10.2005 18:51 749 cdplayer.exe.manifest 07.10.2005 18:51 749 sapi.cpl.manifest 07.10.2005 18:47 21.740 emptyregdb.dat 06.10.2005 04:18 280.064 gdi32.dll 06.10.2005 04:08 1.839.616 win32k.sys 2. Verzeichnis von C:\DOKUME~1\user\LOKALE~1\Temp 3. Verzeichnis von C:\WINDOWS 05.01.2006 13:39 1.024 tool5.exe 05.01.2006 13:26 69.120 tool1.exe 05.01.2006 13:14 73.316 kl.exe 05.01.2006 13:14 0 uniq 05.01.2006 10:43 157 wiadebug.log 05.01.2006 10:43 1.525.682 WindowsUpdate.log 05.01.2006 10:43 50 wiaservc.log 05.01.2006 10:43 0 0.log 05.01.2006 10:43 2.048 bootstat.dat 05.01.2006 00:22 30.284 SchedLgU.Txt 04.01.2006 23:41 1.409 QTFont.for 04.01.2006 23:41 54.156 QTFont.qfn 04.01.2006 22:16 49 NeroDigital.ini 04.01.2006 20:29 1.080 AUTOLNCH.REG 04.01.2006 15:42 488 NJSTARJ.INI 02.01.2006 21:52 187.649 setupact.log 30.12.2005 22:57 137 nscstiu_error.txt 30.12.2005 14:21 33.439 wmsetup.log 21.12.2005 18:47 1.347 goldwave.ini 20.12.2005 23:02 5.295 cdplayer.ini 18.12.2005 01:13 60.094 ntdtcsetup.log 18.12.2005 01:13 327.004 iis6.log 18.12.2005 01:13 101.065 comsetup.log 18.12.2005 01:13 129.388 tsoc.log 18.12.2005 01:13 14.003 tabletoc.log 18.12.2005 01:13 1.393 imsins.log 18.12.2005 01:13 15.161 ocmsn.log 18.12.2005 01:13 48.211 netfxocm.log 18.12.2005 01:13 19.500 MedCtrOC.log 18.12.2005 01:13 140.008 ocgen.log 18.12.2005 01:13 9.441 KB910437.log 18.12.2005 01:13 13.880 msgsocm.log 18.12.2005 01:13 266.175 FaxSetup.log 18.12.2005 01:13 88.702 msmqinst.log 18.12.2005 01:13 17.838 updspapi.log 18.12.2005 01:13 1.393 imsins.BAK 18.12.2005 01:13 16.612 KB905915.log 12.12.2005 13:51 500 GEARInstall.log 26.11.2005 21:14 737.280 iun6002.exe17.11.2005 21:05 634.655 setupapi.log 15.11.2005 11:53 497 win.ini 11.11.2005 00:07 11.960 KB896424.log 24.10.2005 23:22 21.174 KB901017.log 24.10.2005 23:22 24.813 KB902400.log 24.10.2005 23:21 15.186 KB896688.log 24.10.2005 23:21 13.447 KB899589.log 24.10.2005 23:21 13.771 KB905414.log 24.10.2005 23:21 13.797 KB900725.log 24.10.2005 23:21 11.410 KB904706.log 24.10.2005 23:21 12.039 KB905749.log 10.10.2005 23:40 3.362 express.eqx 10.10.2005 23:40 6.592 gwpreset.ini 10.10.2005 23:13 426 ULead32.ini 10.10.2005 17:29 23.059 KB899587.log 10.10.2005 17:25 316.640 WMSysPr9.prx 10.10.2005 17:18 400 ODBC.INI 10.10.2005 17:12 13.177 KB896423.log 10.10.2005 17:12 7.328 KB886185.log 10.10.2005 16:48 0 nsreg.dat 10.10.2005 16:48 99.970 UninstallFirefox.exe 10.10.2005 16:48 2.608 mozver.dat 10.10.2005 16:43 7.351 KB893803v2.log 10.10.2005 16:43 8.447 KB898461.log 10.10.2005 16:37 1.648 Ascd_tmp.ini 09.10.2005 14:51 829 OEWABLog.txt 09.10.2005 14:51 812.853 setuplog.txt 08.10.2005 00:14 0 Sti_Trace.log 08.10.2005 00:11 1.348 regopt.log 08.10.2005 00:11 231 system.ini 08.10.2005 00:10 0 setuperr.log 07.10.2005 18:56 8.192 REGLOCS.OLD 07.10.2005 18:52 0 control.ini 07.10.2005 18:52 4.161 ODBCINST.INI 07.10.2005 18:51 749 WindowsShell.Manifest 07.10.2005 18:48 1.023 sessmgr.setup.log 07.10.2005 18:47 37 vbaddin.ini 07.10.2005 18:47 36 vb.ini 07.10.2005 18:47 133 DtcInstall.log 07.10.2005 17:48 200 cmsetacl.log 4. Verzeichnis von C:\ 05.01.2006 14:03 0 sys.txt 05.01.2006 14:03 7.018 system.txt 05.01.2006 14:02 132 systemtemp.txt 05.01.2006 14:02 97.792 system32.txt 05.01.2006 10:43 536.137.728 hiberfil.sys 05.01.2006 10:43 805.306.368 pagefile.sys 04.01.2006 20:29 0 Log.txt 07.10.2005 18:52 0 CONFIG.SYS 07.10.2005 18:52 0 IO.SYS 07.10.2005 18:52 0 MSDOS.SYS 07.10.2005 18:52 0 AUTOEXEC.BAT 07.10.2005 17:48 211 boot.ini "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "Go!Zilla" = ""C:\Programme\Go!Zilla\gozilla.exe" /tray" ["DigitalCandle, Inc."] "Shell" = ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"" [null data] "PayTime" = "C:\WINDOWS\system32\paytime.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] "RaidTool" = "C:\Programme\VIA\RAID\raid_tool.exe" ["VIA Technologies"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."] "MMTray" = "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" ["MUSICMATCH, Inc."] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "CloneCDTray" = ""C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "PayTime" = "C:\WINDOWS\system32\paytime.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {CD4C3CF0-4B15-11D1-ABED-709549C10000}\(Default) = "IEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Go!Zilla\GoIEHlp.dll" ["Radiate, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "Shell" = "explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"" [MS], [file not found], [file not found], [file not found], [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "user" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Go!Zilla" -> shortcut to: "C:\Programme\Go!Zilla\gozilla.exe" ["DigitalCandle, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 12 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}\ = "Shell Search Band" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Apache, Apache, ""C:\Programme\Apache Group\Apache\Apache.exe" --ntservice" [null data] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 38 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 15 seconds. ---------- (total run time: 88 seconds) Dieser Beitrag wurde am 05.01.2006 um 14:10 Uhr von Utena editiert.
|
|
|
||
05.01.2006, 17:42
Ehrenmitglied
Beiträge: 29434 |
#44
Utena
SmitRem2.8 http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 laden--> in den abgesicherten Modus booten --> öffne smitRem folder --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt -- poste den scanreport http://virus-protect.org/artikel/tools/smitfraudfix.html lade das tool smitfraudfix, scanne, dann poste noch mal die 4 Textdateien, und auch den scanreport von smitfraudfix..ich will sehen, ob das tool haelt, was es verspricht dann sehen wir weiter __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
F2 - REG:system.ini: Shell=explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
PC neustarten
C:\Programme\BearShare deinstallieren
Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina
rund um die PC-Sicherheit