Entfernen des WinFixer |
||
---|---|---|
#0
| ||
22.11.2005, 23:50
Ehrenmitglied
Beiträge: 29434 |
||
|
||
23.11.2005, 00:04
Ehrenmitglied
Beiträge: 6028 |
#47
Ich posste hier mal das Log von Counterspy wass zurück bleibt wenn man WinFixer via Software wieder entfernt
Spyware Scan Details Start Date: 22-11-05 16:57:42 End Date: 22-11-05 17:26:29 Total Time: 28 mins 47 secs Detected spyware misc.winsoftware.winfixer Misc more information... Details: Typically part of a bundle attack, WinFixer is a disabled, data repair utility that nags the user to purchase. Status: Deleted Infected files detected c:\program files\common files\winsoftware\crxml.dll c:\program files\common files\winsoftware\pcheck.dll Infected registry entries detected HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} CheckProduct2 HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} ICheckProduct HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\ HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library Winfixer Potentially Unwanted Software more information... Details: Winfixer is known to be installed through inappropriate bundling and without users consent. It is a software that scans the users system for damaged files and attempts to fix it if the user pays a fee. Status: Deleted Infected files detected c:\program files\common files\winsoftware\crxml.dll c:\program files\common files\winsoftware\pcheck.dll Infected registry entries detected HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603} Adw.WinSoftware.WinAntiSpyware Adware more information... Details: Adw.WinSoftware.WinAnitspyware is a rogue antispyware product which pesters users with scareware tactics to purchase the product. Status: Deleted Infected files detected c:\program files\common files\winsoftware\pcheck.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} CheckProduct2 HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} ICheckProduct HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\ HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library Ajan 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\windows\cookies\argus@xiti[1].txt __________ MfG Argus |
|
|
||
23.11.2005, 00:10
Ehrenmitglied
Beiträge: 6028 |
#48
Auf deine Seite steht bei CleanUp http://www.zdnet.de/downloads/prg/i/9/de000NI9-wc.html
Direkt download CleanUp http://www.stevengould.org/downloads/cleanup/CleanUp40.exe __________ MfG Argus |
|
|
||
23.11.2005, 14:03
...neu hier
Beiträge: 8 |
#49
hmmm ... müsste der hier sein:
10:30: | Start of Session, Dienstag, 22. November 2005 | 10:30: Spy Sweeper started 10:17: Your spyware definitions have been updated. 10:18: | End of Session, Dienstag, 22. November 2005 | ******** 10:18: | Start of Session, Dienstag, 22. November 2005 | 10:18: Spy Sweeper started 10:18: Sweep initiated using definitions version 575 10:18: Starting Memory Sweep 10:21: Memory Sweep Complete, Elapsed Time: 00:02:52 10:21: Starting Registry Sweep 10:21: Found Adware: begin2search 10:21: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095) 10:21: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096) 10:21: Found Adware: hotsearchbar toolbar 10:21: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096) 10:21: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097) 10:21: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098) 10:21: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098) 10:21: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099) 10:21: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100) 10:21: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100) 10:21: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101) 10:21: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102) 10:21: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102) 10:21: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118) 10:21: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118) 10:21: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119) 10:21: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119) 10:21: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120) 10:21: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120) 10:21: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124) 10:21: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126) 10:21: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127) 10:21: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128) 10:21: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139) 10:21: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141) 10:21: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145) 10:21: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146) 10:21: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146) 10:21: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147) 10:21: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148) 10:21: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148) 10:21: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149) 10:21: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150) 10:21: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150) 10:21: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151) 10:21: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152) 10:21: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152) 10:21: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168) 10:21: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168) 10:21: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169) 10:21: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169) 10:21: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170) 10:21: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170) 10:21: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174) 10:21: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176) 10:21: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177) 10:21: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178) 10:21: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189) 10:21: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191) 10:21: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195) 10:21: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195) 10:21: HKCR\trfdsk.amo.1\ (3 subtraces) (ID = 104231) 10:21: HKCR\trfdsk.iiittt.1\ (3 subtraces) (ID = 104232) 10:21: HKCR\trfdsk.momo.1\ (3 subtraces) (ID = 104233) 10:21: HKCR\trfdsk.ohb.1\ (3 subtraces) (ID = 104234) 10:21: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238) 10:21: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238) 10:21: Found Adware: desktoptraffic 10:21: HKCR\clsid\{0962da67-db64-465c-8cd7-cbb357caf825}\ (22 subtraces) (ID = 124977) 10:21: HKCR\clsid\{52add86d-9561-4c40-b561-4204dbc139d1}\ (11 subtraces) (ID = 124978) 10:21: HKCR\clsid\{356b2bd0-d206-4e21-8c85-c6f49409c6a9}\ (11 subtraces) (ID = 124979) 10:21: HKCR\interface\{0a7fc040-f84a-4ad7-9439-798b6c0f861e}\ (8 subtraces) (ID = 124994) 10:21: HKCR\interface\{018c5406-aee6-4a68-980f-2ceb1e9416fb}\ (8 subtraces) (ID = 124995) 10:21: HKCR\interface\{32a9d21f-f510-44dc-9ea6-0456eda04668}\ (8 subtraces) (ID = 124997) 10:21: HKCR\interface\{4562b6f3-daf8-464e-87b7-5464575f0d6a}\ (8 subtraces) (ID = 125000) 10:21: HKCR\interface\{c93cc79d-02d5-45b0-be39-7f5b0e5dda31}\ (8 subtraces) (ID = 125001) 10:21: HKCR\interface\{da4b919f-b757-4e32-8d79-dec5c2704c4b}\ (8 subtraces) (ID = 125002) 10:21: HKLM\software\classes\clsid\{0962da67-db64-465c-8cd7-cbb357caf825}\ (22 subtraces) (ID = 125006) 10:21: HKLM\software\classes\clsid\{52add86d-9561-4c40-b561-4204dbc139d1}\ (11 subtraces) (ID = 125007) 10:21: HKLM\software\classes\clsid\{356b2bd0-d206-4e21-8c85-c6f49409c6a9}\ (11 subtraces) (ID = 125008) 10:21: HKLM\software\classes\interface\{0a7fc040-f84a-4ad7-9439-798b6c0f861e}\ (8 subtraces) (ID = 125022) 10:21: HKLM\software\classes\interface\{018c5406-aee6-4a68-980f-2ceb1e9416fb}\ (8 subtraces) (ID = 125023) 10:21: HKLM\software\classes\interface\{32a9d21f-f510-44dc-9ea6-0456eda04668}\ (8 subtraces) (ID = 125025) 10:21: HKLM\software\classes\interface\{4562b6f3-daf8-464e-87b7-5464575f0d6a}\ (8 subtraces) (ID = 125028) 10:21: HKLM\software\classes\interface\{c93cc79d-02d5-45b0-be39-7f5b0e5dda31}\ (8 subtraces) (ID = 125029) 10:21: HKLM\software\classes\interface\{da4b919f-b757-4e32-8d79-dec5c2704c4b}\ (8 subtraces) (ID = 125030) 10:21: HKLM\software\classes\trfdsk.amo\ (5 subtraces) (ID = 125034) 10:21: HKLM\software\classes\trfdsk.iiittt\ (5 subtraces) (ID = 125035) 10:21: HKLM\software\classes\trfdsk.momo\ (5 subtraces) (ID = 125036) 10:21: HKLM\software\classes\trfdsk.ohb\ (5 subtraces) (ID = 125037) 10:21: HKLM\software\classes\typelib\{da15c9a2-c30a-4761-922a-5dfe7c9a1f67}\ (9 subtraces) (ID = 125039) 10:21: HKCR\trfdsk.amo\ (5 subtraces) (ID = 125044) 10:21: HKCR\trfdsk.iiittt\ (5 subtraces) (ID = 125045) 10:21: HKCR\trfdsk.momo\ (5 subtraces) (ID = 125046) 10:21: HKCR\trfdsk.ohb\ (5 subtraces) (ID = 125047) 10:21: HKCR\typelib\{da15c9a2-c30a-4761-922a-5dfe7c9a1f67}\ (9 subtraces) (ID = 125049) 10:21: Found Adware: safesurf 10:21: HKLM\software\safesurfing\ (11 subtraces) (ID = 140373) 10:21: HKCR\var9.iriras\ (5 subtraces) (ID = 966723) 10:21: HKCR\var9.iriras.1\ (3 subtraces) (ID = 966729) 10:21: HKCR\typelib\{53fd0d58-cd25-4e54-ad0a-a1bde2fe5a94}\ (9 subtraces) (ID = 966743) 10:21: HKLM\software\classes\var9.iriras\ (5 subtraces) (ID = 966790) 10:21: HKLM\software\classes\var9.iriras.1\ (3 subtraces) (ID = 966796) 10:21: HKLM\software\classes\typelib\{53fd0d58-cd25-4e54-ad0a-a1bde2fe5a94}\ (9 subtraces) (ID = 966810) 10:21: HKLM\software\microsoft\windows\currentversion\app paths\rasm\ (2 subtraces) (ID = 966823) 10:21: HKU\S-1-5-21-343818398-839522115-854245398-1003\software\_rtneg3\ (7298 subtraces) (ID = 639271) 10:21: Registry Sweep Complete, Elapsed Time:00:00:20 10:21: Starting Cookie Sweep 10:21: Cookie Sweep Complete, Elapsed Time: 00:00:00 10:21: Starting File Sweep 10:22: nsv111.dll (ID = 51048) 10:23: nst116.dll (ID = 51048) 10:23: nswfe.dll (ID = 51048) 10:26: nst104.dll (ID = 51048) 10:28: nsu10a.dll (ID = 51048) 10:38: File Sweep Complete, Elapsed Time: 00:16:58 10:38: Full Sweep has completed. Elapsed time 00:20:17 10:38: Traces Found: 8109 10:52: Removal process initiated 10:52: Quarantining All Traces: begin2search 10:52: Quarantining All Traces: desktoptraffic 10:52: Quarantining All Traces: hotsearchbar toolbar 10:52: Quarantining All Traces: safesurf 10:52: Removal process completed. Elapsed time 00:00:29 CounterSpy sagt: das hier? Spyware Scan Details Start Date: 22.11.2005 10:20:46 End Date: 22.11.2005 11:04:38 Total Time: 43 mins 52 secs Detected spyware RealVNC Commercial Remote Control more information... Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet. Status: Ignored Infected files detected c:\programme\realvnc\vnc4\unins000.dat c:\programme\realvnc\vnc4\unins000.exe c:\programme\realvnc\vnc4\vncviewer.exe ABetterInternet.Aurora Adware more information... Details: Opens popups on the desktop based on site visit history; may disable or uninstall other software; denies uninstallation Status: Deleted Infected files detected c:\windows\issm0064.dat ICanNews Adware more information... Details: ICanNews is an adware program that logs keywords typed in web searches and creates shortcuts and displays advertisements. Status: Deleted Infected files detected c:\windows\downloaded program files\activex.ocx Desktop Links Adware more information... Status: Deleted Infected files detected C:\!KillBox\baseball.ico C:\!KillBox\freegas1.ico C:\!KillBox\ipod nano1.ico Adw.NewAds.IRASSync Adware more information... Details: Adw.NewAds.IRASSync is silently installed as a browser helper object. It monitors the users web browsing. It then delivers relevant advertising in a popup browser window. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC} HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}\TypeLib {53FD0D58-CD25-4E54-AD0A-A1BDE2FE5A94} HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC} IIRiras HKEY_CURRENT_USER\Software\In3rd HKEY_CURRENT_USER\Software\In3rd 114 1.0 die anderen hatte ich schon mit dem Spy Sweeper entfernt. Etwas strange fand ich, dass an VNC rumgemeckert wurde, zumal ich nur den Viewer und nicht den Server installiert habe, sich also gar niemand auf meinen Rechner aufschalten könnte. Dieser Beitrag wurde am 23.11.2005 um 15:08 Uhr von DickUndDoof editiert.
|
|
|
||
23.11.2005, 15:31
Ehrenmitglied
Beiträge: 29434 |
#50
scanne mit Kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.11.2005, 18:03
...neu hier
Beiträge: 8 |
#51
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT Wednesday, November 23, 2005 11:02:57 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 23/11/2005 Kaspersky Anti-Virus database records: 151433 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 104485 Number of viruses found: 4 Number of infected objects: 26 Number of suspicious objects: 5 Duration of the scan process: 6279 sec Infected Object Name - Virus Name C:\CG\XML_Tool\QuicStyl\NETKIT.EXE/setup.vbs Suspicious: Type_Script C:\CG\XML_Tool\QuicStyl\NETKIT.EXE Suspicious: Type_Script C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Luxor.1.0.5.34.RA.Games_CRKEXE-FFF.zip/run_tool.exe Infected: Trojan-Downloader.Win32.Adload.j C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Luxor.1.0.5.34.RA.Games_CRKEXE-FFF.zip Infected: Trojan-Downloader.Win32.Adload.j C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\105615.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\105615.exe Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\105657.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\105657.exe Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\113255.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\113255.exe Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\119085.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\119085.exe Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\119577.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\119577.exe Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\120002.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\120002.exe Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\374.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\374.exe Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\neonb.exe/WISE0019.BIN Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\neonb.exe Infected: Trojan-Downloader.Win32.Small.bke C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_4_in_1_keyg*hier nicht*_and_Change_Info.zip/crack.exe/ist1.exe Infected: Trojan-Downloader.Win32.IstBar.is C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_4_in_1_keyg*hier nicht*_and_Change_Info.zip/crack.exe Infected: Trojan-Downloader.Win32.IstBar.is C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_4_in_1_keyg*hier nicht*_and_Change_Info.zip Infected: Trojan-Downloader.Win32.IstBar.is C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_Activator.zip/crack.exe/ist1.exe Infected: Trojan-Downloader.Win32.IstBar.is C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_Activator.zip/crack.exe Infected: Trojan-Downloader.Win32.IstBar.is C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_Activator.zip Infected: Trojan-Downloader.Win32.IstBar.is C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Seri*hier nicht!*.zip/register_Seri*hier nicht!*.exe Infected: Trojan-Downloader.Win32.Adload.j C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Seri*hier nicht!*.zip Infected: Trojan-Downloader.Win32.Adload.j C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Studium\Zusatzmaterial\Computergraphik\Semester 3\Computergrafiken.zip/XML_Tool/QuicStyl/NETKIT.EXE/setup.vbs Suspicious: Type_Script C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Studium\Zusatzmaterial\Computergraphik\Semester 3\Computergrafiken.zip/XML_Tool/QuicStyl/NETKIT.EXE Suspicious: Type_Script C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Studium\Zusatzmaterial\Computergraphik\Semester 3\Computergrafiken.zip Suspicious: Type_Script Scan process completed. Sorry, dieses Mal lasse ich meinen Benutzernamen (= mein voller Name) durch [user] ersetzt. Bei den angezeigten Dateien kannst Du vermutlich verstehen, dass ich meinen vollen Namen nicht unbedingt posten möchte, auch wenn ich Dir versichern kann, dass die Software auf meinem Rechner durch meinen Arbeitgeber lizensiert ist. |
|
|
||
23.11.2005, 18:08
Ehrenmitglied
Beiträge: 29434 |
#52
loesche:
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Luxor.1.0.5.34.RA.Games_CRKEXE-FFF.zip den Rest musst du selbst entscheiden...oder mit deinem Arbeitgeber und seinen Lizensen sprechen... ------------------------------------------------------------------------------------- dann scanne mit Panda und poste den scanbericht http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.11.2005, 15:03
...neu hier
Beiträge: 6 |
#53
Hallo!
Leider hab auch ich mir diesen Winfixer (und evtl. auch andere Sachen, die nicht auf meinem Rechner sein sollten) eingefangen. Ich poste mal den Logfile, ich selbst bin leider zu doof sowas auszuwerten. Wäre sehr, sehr nett, wenn mir da jemand mit etwas mehr Ahnung weiterhelfen könnte! Logfile of HijackThis v1.99.1 Scan saved at 15:02:03, on 28.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Arcade\PCMService.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ISTsvc\istsvc.exe C:\WINDOWS\fpnado.exe C:\Programme\SurfAccuracy\SAcc.exe C:\Program Files\Internet Optimizer\optimize.exe C:\WINDOWS\system32\inetcplc.exe C:\Program Files\Internet Optimizer\actalert.exe C:\Program Files\Media Gateway\MediaGateway.exe C:\Program Files\Vdidht\Dfow.exe C:\Program Files\Media Access\MediaAccK.exe C:\Programme\D-Tools\daemon.exe C:\Program Files\Media Access\MediaAccess.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\acer\eRecovery\Monitor.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Medimax\Desktop\HijackThis-2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing) O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Programme\ISTbar\istbarcm.dll (file missing) O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 06 crack.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [vXD2ZfxB] C:\WINDOWS\fpnado.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [932875cd290a] C:\WINDOWS\system32\inetcplc.exe O4 - HKLM\..\Run: [winstart] C:\WINDOWS\system32\winstart.exe O4 - HKLM\..\Run: [vùõš/‚²‘ÆßfÏNb‰»9õC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\fpnado.exe O4 - HKLM\..\Run: [Á³# K"h'þ9Óœ÷3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\fpnado.exe O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - HKLM\..\Run: [Nyaff] C:\Program Files\Vdidht\Dfow.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\smmss.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL O20 - Winlogon Notify: winstart - winstart.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Vielen Dank im Vorraus!!! Gruss, Michi |
|
|
||
28.11.2005, 18:08
Ehrenmitglied
Beiträge: 29434 |
#54
Michi M.
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing) O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing) O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Programme\ISTbar\istbarcm.dll (file missing) O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 06 crack.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [vXD2ZfxB] C:\WINDOWS\fpnado.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [932875cd290a] C:\WINDOWS\system32\inetcplc.exe O4 - HKLM\..\Run: [winstart] C:\WINDOWS\system32\winstart.exe O4 - HKLM\..\Run: [vùõš/‚²‘ÆßfÏNb‰»9õC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\fpnado.exe O4 - HKLM\..\Run: [Á³# K"h'þ9Óœ÷3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\fpnado.exe O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - HKLM\..\Run: [Nyaff] C:\Program Files\Vdidht\Dfow.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O20 - Winlogon Notify: winstart - winstart.dll (file missing) PC neustarten wende Cleanup an http://virus-protect.org/cleanup.html lade Counterspy http://virus-protect.org/counterspy.html boote in den abgesicherten Modus...F8 druecken, wenn der pC hochfaehrt .... und scanne dort nach dem Scan muss man sich entscheiden für *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.11.2005, 23:13
...neu hier
Beiträge: 6 |
#55
Hallo Sabina,
Hab das mal alles gemacht - Vielen Dank soweit! Hier das neue Log: Logfile of HijackThis v1.99.1 Scan saved at 23:11:10, on 28.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Arcade\PCMService.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\D-Tools\daemon.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\acer\eRecovery\Monitor.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Medimax\Desktop\HijackThis-2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/ R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Gruss, Michi |
|
|
||
29.11.2005, 00:44
Ehrenmitglied
Beiträge: 29434 |
#56
ich kann nichts mehr sehen...dennoch...scanne mit Panda und poste den scanbericht
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2005, 13:17
...neu hier
Beiträge: 6 |
#57
Hallo, hier der Scanreport von Panda
Incident Status Location Adware:adware/ezula Not desinfected C:\Dokumente und Einstellungen\Medimax\Startmen\Programme\TopText iLookup Adware:adware/dyfuca Not desinfected Windows Registry Spyware:Spyware/UrlSpy Not desinfected C:\WINDOWS\system32\inetcplc.exe Spyware:Spyware/UrlSpy Not desinfected C:\WINDOWS\system32\console3.exe Adware:Adware/IST.ISTBar Not desinfected C:\WINDOWS\system32\wudupdate.exe Adware:Adware/eZula Not desinfected C:\Dokumente und Einstellungen\Medimax\Lokale Einstellungen\Temporary Internet Files\Content.IE5\07QLMTIJ\eZinstall[1].exe Adware:Adware/eZula Not desinfected C:\Dokumente und Einstellungen\Medimax\Startmenü\Programme\TopText iLookup\My Keywords.lnk Adware:Adware/eZula Not desinfected C:\Dokumente und Einstellungen\Medimax\Startmenü\Programme\TopText iLookup\My Preferences.lnk Adware:Adware/eZula Not desinfected C:\Dokumente und Einstellungen\Medimax\Startmenü\Programme\TopText iLookup\TopText Button Show - Hide.lnk Adware:Adware/Dyfuca Not desinfected C:\Program Files\Vdidht\Dfow.exe |
|
|
||
30.11.2005, 15:29
Ehrenmitglied
Beiträge: 29434 |
#58
Hallo@Michi M.
KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\inetcplc.exe C:\WINDOWS\system32\console3.exe C:\WINDOWS\system32\wudupdate.exe C:\Program Files\Vdidht\Dfow.exe PC neustarten C:\Dokumente und Einstellungen\Medimax\Startmen\Programme\TopText iLookup C:\Program Files\Vdidht wende CleanUp an http://virus-protect.org/cleanup.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.11.2005, 17:12
...neu hier
Beiträge: 6 |
#59
Hab das oben beschriebene gemacht. Kann ich davon ausgehen, dass mein Rechner jetzt wieder clean ist???
Lieben Dank schonmal an Sabina!!! |
|
|
||
30.11.2005, 17:30
Ehrenmitglied
Beiträge: 29434 |
#60
Fixe noch mit dem HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm neustarten 1. Start -> Einstellungen -> Systemsteuerung 2. Doppelclick auf "Software" 3. Dort nach "TopText iLookup" oder nur "TopText" suchen -> entfernen. 4. Computer neu starten deinstalliere Counterspy und scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html ---------------------------------- Info: webOffer http://virus-protect.org/artikel/spyware/weboffer.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
den hab ich schon...nur es gibt 7 oder 8 Versionen
http://virus-protect.org/artikel/spyware/winfix.html
ich poste dir mal per PM eine Variante, die mich interessiert.....
__________
MfG Sabina
rund um die PC-Sicherheit