Entfernen des WinFixer

#0
22.11.2005, 23:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#46 Hallo Arnold

den hab ich schon...nur es gibt 7 oder 8 Versionen
http://virus-protect.org/artikel/spyware/winfix.html

ich poste dir mal per PM eine Variante, die mich interessiert.....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.11.2005, 00:04
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#47 Ich posste hier mal das Log von Counterspy wass zurück bleibt wenn man WinFixer via Software wieder entfernt

Spyware Scan Details
Start Date: 22-11-05 16:57:42
End Date: 22-11-05 17:26:29
Total Time: 28 mins 47 secs

Detected spyware

misc.winsoftware.winfixer Misc more information...
Details: Typically part of a bundle attack, WinFixer is a disabled, data repair utility that nags the user to purchase.
Status: Deleted

Infected files detected
c:\program files\common files\winsoftware\crxml.dll
c:\program files\common files\winsoftware\pcheck.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} CheckProduct2
HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL
HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} ICheckProduct
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library


Winfixer Potentially Unwanted Software more information...
Details: Winfixer is known to be installed through inappropriate bundling and without users consent. It is a software that scans the users system for damaged files and attempts to fix it if the user pays a fee.
Status: Deleted

Infected files detected
c:\program files\common files\winsoftware\crxml.dll
c:\program files\common files\winsoftware\pcheck.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603}


Adw.WinSoftware.WinAntiSpyware Adware more information...
Details: Adw.WinSoftware.WinAnitspyware is a rogue antispyware product which pesters users with scareware tactics to purchase the product.
Status: Deleted

Infected files detected
c:\program files\common files\winsoftware\pcheck.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} CheckProduct2
HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL
HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} ICheckProduct
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\PCHECK.DLL
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\PROGRAM FILES\COMMON FILES\WINSOFTWARE\
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library

Ajan 1.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\windows\cookies\argus@xiti[1].txt
__________
MfG Argus
Seitenanfang Seitenende
23.11.2005, 00:10
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#48 Auf deine Seite steht bei CleanUp http://www.zdnet.de/downloads/prg/i/9/de000NI9-wc.html

Direkt download CleanUp
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe
__________
MfG Argus
Seitenanfang Seitenende
23.11.2005, 14:03
...neu hier

Beiträge: 8
#49 hmmm ... müsste der hier sein:


10:30: | Start of Session, Dienstag, 22. November 2005 |
10:30: Spy Sweeper started
10:17: Your spyware definitions have been updated.
10:18: | End of Session, Dienstag, 22. November 2005 |
********
10:18: | Start of Session, Dienstag, 22. November 2005 |
10:18: Spy Sweeper started
10:18: Sweep initiated using definitions version 575
10:18: Starting Memory Sweep
10:21: Memory Sweep Complete, Elapsed Time: 00:02:52
10:21: Starting Registry Sweep
10:21: Found Adware: begin2search
10:21: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
10:21: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
10:21: Found Adware: hotsearchbar toolbar
10:21: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
10:21: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
10:21: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
10:21: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
10:21: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
10:21: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
10:21: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
10:21: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
10:21: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
10:21: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
10:21: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
10:21: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
10:21: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
10:21: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
10:21: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
10:21: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
10:21: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
10:21: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
10:21: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
10:21: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
10:21: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
10:21: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
10:21: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
10:21: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
10:21: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
10:21: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
10:21: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
10:21: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
10:21: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
10:21: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
10:21: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
10:21: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
10:21: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
10:21: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
10:21: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
10:21: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
10:21: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
10:21: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
10:21: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
10:21: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
10:21: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
10:21: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
10:21: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
10:21: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
10:21: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
10:21: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
10:21: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:21: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
10:21: HKCR\trfdsk.amo.1\ (3 subtraces) (ID = 104231)
10:21: HKCR\trfdsk.iiittt.1\ (3 subtraces) (ID = 104232)
10:21: HKCR\trfdsk.momo.1\ (3 subtraces) (ID = 104233)
10:21: HKCR\trfdsk.ohb.1\ (3 subtraces) (ID = 104234)
10:21: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:21: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
10:21: Found Adware: desktoptraffic
10:21: HKCR\clsid\{0962da67-db64-465c-8cd7-cbb357caf825}\ (22 subtraces) (ID = 124977)
10:21: HKCR\clsid\{52add86d-9561-4c40-b561-4204dbc139d1}\ (11 subtraces) (ID = 124978)
10:21: HKCR\clsid\{356b2bd0-d206-4e21-8c85-c6f49409c6a9}\ (11 subtraces) (ID = 124979)
10:21: HKCR\interface\{0a7fc040-f84a-4ad7-9439-798b6c0f861e}\ (8 subtraces) (ID = 124994)
10:21: HKCR\interface\{018c5406-aee6-4a68-980f-2ceb1e9416fb}\ (8 subtraces) (ID = 124995)
10:21: HKCR\interface\{32a9d21f-f510-44dc-9ea6-0456eda04668}\ (8 subtraces) (ID = 124997)
10:21: HKCR\interface\{4562b6f3-daf8-464e-87b7-5464575f0d6a}\ (8 subtraces) (ID = 125000)
10:21: HKCR\interface\{c93cc79d-02d5-45b0-be39-7f5b0e5dda31}\ (8 subtraces) (ID = 125001)
10:21: HKCR\interface\{da4b919f-b757-4e32-8d79-dec5c2704c4b}\ (8 subtraces) (ID = 125002)
10:21: HKLM\software\classes\clsid\{0962da67-db64-465c-8cd7-cbb357caf825}\ (22 subtraces) (ID = 125006)
10:21: HKLM\software\classes\clsid\{52add86d-9561-4c40-b561-4204dbc139d1}\ (11 subtraces) (ID = 125007)
10:21: HKLM\software\classes\clsid\{356b2bd0-d206-4e21-8c85-c6f49409c6a9}\ (11 subtraces) (ID = 125008)
10:21: HKLM\software\classes\interface\{0a7fc040-f84a-4ad7-9439-798b6c0f861e}\ (8 subtraces) (ID = 125022)
10:21: HKLM\software\classes\interface\{018c5406-aee6-4a68-980f-2ceb1e9416fb}\ (8 subtraces) (ID = 125023)
10:21: HKLM\software\classes\interface\{32a9d21f-f510-44dc-9ea6-0456eda04668}\ (8 subtraces) (ID = 125025)
10:21: HKLM\software\classes\interface\{4562b6f3-daf8-464e-87b7-5464575f0d6a}\ (8 subtraces) (ID = 125028)
10:21: HKLM\software\classes\interface\{c93cc79d-02d5-45b0-be39-7f5b0e5dda31}\ (8 subtraces) (ID = 125029)
10:21: HKLM\software\classes\interface\{da4b919f-b757-4e32-8d79-dec5c2704c4b}\ (8 subtraces) (ID = 125030)
10:21: HKLM\software\classes\trfdsk.amo\ (5 subtraces) (ID = 125034)
10:21: HKLM\software\classes\trfdsk.iiittt\ (5 subtraces) (ID = 125035)
10:21: HKLM\software\classes\trfdsk.momo\ (5 subtraces) (ID = 125036)
10:21: HKLM\software\classes\trfdsk.ohb\ (5 subtraces) (ID = 125037)
10:21: HKLM\software\classes\typelib\{da15c9a2-c30a-4761-922a-5dfe7c9a1f67}\ (9 subtraces) (ID = 125039)
10:21: HKCR\trfdsk.amo\ (5 subtraces) (ID = 125044)
10:21: HKCR\trfdsk.iiittt\ (5 subtraces) (ID = 125045)
10:21: HKCR\trfdsk.momo\ (5 subtraces) (ID = 125046)
10:21: HKCR\trfdsk.ohb\ (5 subtraces) (ID = 125047)
10:21: HKCR\typelib\{da15c9a2-c30a-4761-922a-5dfe7c9a1f67}\ (9 subtraces) (ID = 125049)
10:21: Found Adware: safesurf
10:21: HKLM\software\safesurfing\ (11 subtraces) (ID = 140373)
10:21: HKCR\var9.iriras\ (5 subtraces) (ID = 966723)
10:21: HKCR\var9.iriras.1\ (3 subtraces) (ID = 966729)
10:21: HKCR\typelib\{53fd0d58-cd25-4e54-ad0a-a1bde2fe5a94}\ (9 subtraces) (ID = 966743)
10:21: HKLM\software\classes\var9.iriras\ (5 subtraces) (ID = 966790)
10:21: HKLM\software\classes\var9.iriras.1\ (3 subtraces) (ID = 966796)
10:21: HKLM\software\classes\typelib\{53fd0d58-cd25-4e54-ad0a-a1bde2fe5a94}\ (9 subtraces) (ID = 966810)
10:21: HKLM\software\microsoft\windows\currentversion\app paths\rasm\ (2 subtraces) (ID = 966823)
10:21: HKU\S-1-5-21-343818398-839522115-854245398-1003\software\_rtneg3\ (7298 subtraces) (ID = 639271)
10:21: Registry Sweep Complete, Elapsed Time:00:00:20
10:21: Starting Cookie Sweep
10:21: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:21: Starting File Sweep
10:22: nsv111.dll (ID = 51048)
10:23: nst116.dll (ID = 51048)
10:23: nswfe.dll (ID = 51048)
10:26: nst104.dll (ID = 51048)
10:28: nsu10a.dll (ID = 51048)
10:38: File Sweep Complete, Elapsed Time: 00:16:58
10:38: Full Sweep has completed. Elapsed time 00:20:17
10:38: Traces Found: 8109
10:52: Removal process initiated
10:52: Quarantining All Traces: begin2search
10:52: Quarantining All Traces: desktoptraffic
10:52: Quarantining All Traces: hotsearchbar toolbar
10:52: Quarantining All Traces: safesurf
10:52: Removal process completed. Elapsed time 00:00:29

CounterSpy sagt:
das hier?

Spyware Scan Details
Start Date: 22.11.2005 10:20:46
End Date: 22.11.2005 11:04:38
Total Time: 43 mins 52 secs

Detected spyware

RealVNC Commercial Remote Control more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Ignored

Infected files detected
c:\programme\realvnc\vnc4\unins000.dat
c:\programme\realvnc\vnc4\unins000.exe
c:\programme\realvnc\vnc4\vncviewer.exe


ABetterInternet.Aurora Adware more information...
Details: Opens popups on the desktop based on site visit history; may disable or uninstall other software; denies uninstallation
Status: Deleted

Infected files detected
c:\windows\issm0064.dat


ICanNews Adware more information...
Details: ICanNews is an adware program that logs keywords typed in web searches and creates shortcuts and displays advertisements.
Status: Deleted

Infected files detected
c:\windows\downloaded program files\activex.ocx


Desktop Links Adware more information...
Status: Deleted

Infected files detected
C:\!KillBox\baseball.ico
C:\!KillBox\freegas1.ico
C:\!KillBox\ipod nano1.ico


Adw.NewAds.IRASSync Adware more information...
Details: Adw.NewAds.IRASSync is silently installed as a browser helper object. It monitors the users web browsing. It then delivers relevant advertising in a popup browser window.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}
HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}\TypeLib {53FD0D58-CD25-4E54-AD0A-A1BDE2FE5A94}
HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6936C0DD-76B1-4455-9E66-D3F4E17A24FC} IIRiras
HKEY_CURRENT_USER\Software\In3rd
HKEY_CURRENT_USER\Software\In3rd 114 1.0



die anderen hatte ich schon mit dem Spy Sweeper entfernt.

Etwas strange fand ich, dass an VNC rumgemeckert wurde, zumal ich nur den Viewer und nicht den Server installiert habe, sich also gar niemand auf meinen Rechner aufschalten könnte.
Dieser Beitrag wurde am 23.11.2005 um 15:08 Uhr von DickUndDoof editiert.
Seitenanfang Seitenende
23.11.2005, 15:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#50 scanne mit Kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.11.2005, 18:03
...neu hier

Beiträge: 8
#51 -------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, November 23, 2005 11:02:57
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 23/11/2005
Kaspersky Anti-Virus database records: 151433
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 104485
Number of viruses found: 4
Number of infected objects: 26
Number of suspicious objects: 5
Duration of the scan process: 6279 sec

Infected Object Name - Virus Name
C:\CG\XML_Tool\QuicStyl\NETKIT.EXE/setup.vbs Suspicious: Type_Script
C:\CG\XML_Tool\QuicStyl\NETKIT.EXE Suspicious: Type_Script
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Luxor.1.0.5.34.RA.Games_CRKEXE-FFF.zip/run_tool.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Luxor.1.0.5.34.RA.Games_CRKEXE-FFF.zip Infected: Trojan-Downloader.Win32.Adload.j
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\105615.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\105615.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\105657.exe/WISE0018.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\105657.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\113255.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\113255.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\119085.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\119085.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\119577.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\119577.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\120002.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\120002.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\374.exe/WISE0017.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\374.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\neonb.exe/WISE0019.BIN Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes\neonb.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_4_in_1_keyg*hier nicht*_and_Change_Info.zip/crack.exe/ist1.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_4_in_1_keyg*hier nicht*_and_Change_Info.zip/crack.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_4_in_1_keyg*hier nicht*_and_Change_Info.zip Infected: Trojan-Downloader.Win32.IstBar.is
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_Activator.zip/crack.exe/ist1.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_Activator.zip/crack.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Windows_XP_Activator.zip Infected: Trojan-Downloader.Win32.IstBar.is
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Seri*hier nicht!*.zip/register_Seri*hier nicht!*.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Seri*hier nicht!*.zip Infected: Trojan-Downloader.Win32.Adload.j
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Studium\Zusatzmaterial\Computergraphik\Semester 3\Computergrafiken.zip/XML_Tool/QuicStyl/NETKIT.EXE/setup.vbs Suspicious: Type_Script
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Studium\Zusatzmaterial\Computergraphik\Semester 3\Computergrafiken.zip/XML_Tool/QuicStyl/NETKIT.EXE Suspicious: Type_Script
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\Studium\Zusatzmaterial\Computergraphik\Semester 3\Computergrafiken.zip Suspicious: Type_Script

Scan process completed.



Sorry, dieses Mal lasse ich meinen Benutzernamen (= mein voller Name) durch [user] ersetzt. Bei den angezeigten Dateien kannst Du vermutlich verstehen, dass ich meinen vollen Namen nicht unbedingt posten möchte, auch wenn ich Dir versichern kann, dass die Software auf meinem Rechner durch meinen Arbeitgeber lizensiert ist.
Seitenanfang Seitenende
23.11.2005, 18:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#52 loesche:
C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\themes

C:\Dokumente und Einstellungen\[user]\Eigene Dateien\downloads\Luxor.1.0.5.34.RA.Games_CRKEXE-FFF.zip

den Rest musst du selbst entscheiden...oder mit deinem Arbeitgeber und seinen Lizensen sprechen... ;)

-------------------------------------------------------------------------------------
dann scanne mit Panda und poste den scanbericht
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.11.2005, 15:03
...neu hier

Beiträge: 6
#53 Hallo!

Leider hab auch ich mir diesen Winfixer (und evtl. auch andere Sachen, die nicht auf meinem Rechner sein sollten) eingefangen.

Ich poste mal den Logfile, ich selbst bin leider zu doof sowas auszuwerten. Wäre sehr, sehr nett, wenn mir da jemand mit etwas mehr Ahnung weiterhelfen könnte!

Logfile of HijackThis v1.99.1
Scan saved at 15:02:03, on 28.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ISTsvc\istsvc.exe
C:\WINDOWS\fpnado.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\system32\inetcplc.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Vdidht\Dfow.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Programme\D-Tools\daemon.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\acer\eRecovery\Monitor.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Medimax\Desktop\HijackThis-2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Programme\ISTbar\istbarcm.dll (file missing)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe
O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 06 crack.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [vXD2ZfxB] C:\WINDOWS\fpnado.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [932875cd290a] C:\WINDOWS\system32\inetcplc.exe
O4 - HKLM\..\Run: [winstart] C:\WINDOWS\system32\winstart.exe
O4 - HKLM\..\Run: [vùõš/‚²‘ÆßfÏNb‰»9õC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\fpnado.exe
O4 - HKLM\..\Run: [Á³# K"h'þ9Óœ÷3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\fpnado.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [Nyaff] C:\Program Files\Vdidht\Dfow.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\smmss.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: winstart - winstart.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Vielen Dank im Vorraus!!!

Gruss, Michi
Seitenanfang Seitenende
28.11.2005, 18:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#54 Michi M.

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Programme\ISTbar\istbarcm.dll (file missing)
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe
O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Fifa Soccer 06 crack.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [vXD2ZfxB] C:\WINDOWS\fpnado.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [932875cd290a] C:\WINDOWS\system32\inetcplc.exe
O4 - HKLM\..\Run: [winstart] C:\WINDOWS\system32\winstart.exe
O4 - HKLM\..\Run: [vùõš/‚²‘ÆßfÏNb‰»9õC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\fpnado.exe
O4 - HKLM\..\Run: [Á³# K"h'þ9Óœ÷3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\fpnado.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [Nyaff] C:\Program Files\Vdidht\Dfow.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O20 - Winlogon Notify: winstart - winstart.dll (file missing)

PC neustarten

wende Cleanup an
http://virus-protect.org/cleanup.html

lade Counterspy
http://virus-protect.org/counterspy.html

boote in den abgesicherten Modus...F8 druecken, wenn der pC hochfaehrt .... und scanne dort

nach dem Scan muss man sich entscheiden für
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu

dann poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.11.2005, 23:13
...neu hier

Beiträge: 6
#55 Hallo Sabina,

Hab das mal alles gemacht - Vielen Dank soweit!

Hier das neue Log:

Logfile of HijackThis v1.99.1
Scan saved at 23:11:10, on 28.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\acer\eRecovery\Monitor.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Medimax\Desktop\HijackThis-2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLACSD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Gruss, Michi
Seitenanfang Seitenende
29.11.2005, 00:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#56 ich kann nichts mehr sehen...dennoch...scanne mit Panda und poste den scanbericht
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2005, 13:17
...neu hier

Beiträge: 6
#57 Hallo, hier der Scanreport von Panda


Incident Status Location

Adware:adware/ezula Not desinfected C:\Dokumente und Einstellungen\Medimax\Startmen\Programme\TopText iLookup
Adware:adware/dyfuca Not desinfected Windows Registry
Spyware:Spyware/UrlSpy Not desinfected C:\WINDOWS\system32\inetcplc.exe
Spyware:Spyware/UrlSpy Not desinfected C:\WINDOWS\system32\console3.exe
Adware:Adware/IST.ISTBar Not desinfected C:\WINDOWS\system32\wudupdate.exe
Adware:Adware/eZula Not desinfected C:\Dokumente und Einstellungen\Medimax\Lokale Einstellungen\Temporary Internet Files\Content.IE5\07QLMTIJ\eZinstall[1].exe
Adware:Adware/eZula Not desinfected C:\Dokumente und Einstellungen\Medimax\Startmenü\Programme\TopText iLookup\My Keywords.lnk
Adware:Adware/eZula Not desinfected C:\Dokumente und Einstellungen\Medimax\Startmenü\Programme\TopText iLookup\My Preferences.lnk
Adware:Adware/eZula Not desinfected C:\Dokumente und Einstellungen\Medimax\Startmenü\Programme\TopText iLookup\TopText Button Show - Hide.lnk
Adware:Adware/Dyfuca Not desinfected C:\Program Files\Vdidht\Dfow.exe
Seitenanfang Seitenende
30.11.2005, 15:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#58 Hallo@Michi M.

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\inetcplc.exe
C:\WINDOWS\system32\console3.exe
C:\WINDOWS\system32\wudupdate.exe
C:\Program Files\Vdidht\Dfow.exe

PC neustarten

C:\Dokumente und Einstellungen\Medimax\Startmen\Programme\TopText iLookup

C:\Program Files\Vdidht

wende CleanUp an
http://virus-protect.org/cleanup.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2005, 17:12
...neu hier

Beiträge: 6
#59 Hab das oben beschriebene gemacht. Kann ich davon ausgehen, dass mein Rechner jetzt wieder clean ist???

Lieben Dank schonmal an Sabina!!!
Seitenanfang Seitenende
30.11.2005, 17:30
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#60 Fixe noch mit dem HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm

neustarten


1. Start -> Einstellungen -> Systemsteuerung
2. Doppelclick auf "Software"
3. Dort nach "TopText iLookup" oder nur "TopText" suchen -> entfernen.
4. Computer neu starten

deinstalliere Counterspy und scanne mit ewido und poste den scanreport
http://virus-protect.org/ewido.html

----------------------------------

Info: webOffer
http://virus-protect.org/artikel/spyware/weboffer.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: