WinFixer, wie kriege es weg?Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
22.11.2005, 22:50
...neu hier
Beiträge: 2 |
#1
Hallo, ich habe ein Problem immer wenn ich im internet bin dann plötzlich öffnet sich immer ein fenster von winfixer 2005 [/b][/b]und dann kommt da so ne meldung, dann wenn ich bis zum ende schaffe alle Fenstern von winfix zuschließen, schließ sich auch andere Internet Festern. Was kann ich tun, um diese Winfix nicht mehr in meinem Festern aufzutauchen?
|
|
|
||
22.11.2005, 23:44
Ehrenmitglied
Beiträge: 29434 |
#2
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.11.2005, 21:54
...neu hier
Themenstarter Beiträge: 2 |
#3
Hallo Sabine, vielen Dank für Deine Antwort. hier habe ich das komplete Log abkopiert. Was tun ich weiter?
Logfile of HijackThis v1.99.1 Scan saved at 21:49:18, on 23.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe C:\Programme\avmclient\avmbtservice.exe C:\Programme\avmclient\panapp.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\avmclient\AvmObexService.exe C:\Programme\QuickTime\qttask.exe C:\Programme\avmclient\bluefritz.exe C:\Programme\avmclient\AvmObex.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Creative\Shared Files\CAMTRAY.EXE C:\Programme\SurfAccuracy\SAcc.exe C:\Program Files\Internet Optimizer\optimize.exe C:\WINDOWS\system32\irjumklh.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Fdyvy\Eqai.exe C:\Programme\avmclient\AvmObex.exe C:\Programme\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\AOL 9.0\aoltray.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\FRITZ!\IWatch.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154card\Installer\WINXP\DT11GMonitor.exe C:\WINDOWS\system32\sistray.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Internet Optimizer\actalert.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\macromed\flash\GetFlash.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\DOKUME~1\SIDNEY~1\LOKALE~1\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\TEXTware\QUICKfind\PlugIns\IEHelp.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Programme\ISTbar\istbarcm.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [irjumklh] C:\WINDOWS\system32\irjumklh.exe O4 - HKLM\..\Run: [Frrwgakc] C:\Program Files\Fdyvy\Eqai.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: T-COM WLAN Manager T-Sinus 154card.lnk = C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154card\Installer\WINXP\DT11GMonitor.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centra.englishtown.com/main/Install/en/US/CentraDownloader.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6BFC181D-5008-4AFE-9DC4-51BD16E01EBE}: NameServer = 192.168.120.252,192.168.120.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{741FED36-51DE-443D-90A4-0DBD5ED1A692}: NameServer = 192.168.2.1 O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Programme\avmclient\panapp.exe O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe |
|
|
||
23.11.2005, 22:07
Ehrenmitglied
Beiträge: 29434 |
#4
sidbra
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Programme\ISTbar\istbarcm.dll O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [irjumklh] C:\WINDOWS\system32\irjumklh.exe O4 - HKLM\..\Run: [Frrwgakc] C:\Program Files\Fdyvy\Eqai.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Programme\Hello\PicasaCapture.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centra.englishtown.com/main/Install/en/US/CentraDownloader.cab PC neustarten http://virus-protect.org/killbox.html DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Programme\SurfAccuracy C:\Programme\ISTbar C:\Programme\SideFind C:\Program Files\Fdyvy C:\Program Files\Internet Optimizer PC neustarten wende CleanUp an http://virus-protect.org/cleanup.html scane mit Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.01.2006, 14:10
...neu hier
Beiträge: 1 |
#5
Logfile of HijackThis v1.99.1
Scan saved at 14:02:24, on 07.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\mspmspsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\WINDOWS\system32\SerExt.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Java\jre1.5.0_03\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\SurfAccuracy\SAcc.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\DitExp.exe C:\Programme\KidKey\kidkey.exe C:\Programme\Razer\razerhid.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\CNYHKey.exe C:\Programme\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Razer\razertra.exe C:\Programme\Razer\razerofa.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Wehrmann\LOKALE~1\Temp\Rar$EX00.906\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.teleos-web.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Teleos R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programme\YourSiteBar\ysb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [SerExt] SerExt.exe /unplug O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [KidKey] C:\Programme\KidKey\kidkey.exe O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programme\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Translate English Word - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Programme\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.teleos-web.de O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131295451140 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
||
07.01.2006, 16:00
...neu hier
Beiträge: 6 |
#6
bei mir öffnen sich auch immer fenster mit werbung über den internet explorer. zweimal tauchte auch der name WinFixer auf AntiVir wie auch Ad-Adware SE Personal haben daran nix ändern können. ich muss dazu sagen ich bin wirklich ein totaler leihe aber immerhin habe ich es geschafft das folgeden log zu bekommen.
Logfile of HijackThis v1.99.1 Scan saved at 15:44:53, on 08.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\system32\BacsTray.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\MYWEBS~1\bar\13.bin\mwsoemon.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Multimedia keyboard utility\1.3\KbdAp32A.exe C:\WINDOWS\SOINTGR.EXE C:\Programme\T-Online\DSL-Manager\TODslMgr.exe C:\Programme\Winamp\winampa.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Programme\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\T-Online\DSL-Manager\TODslSvc.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe c:\progra~1\intern~1\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearchIndexer.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~2\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~2\Notifier\Notifier.exe C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE C:\Programme\Real\RealPlayer\RealPlay.exe C:\Dokumente und Einstellungen\jeremy\Eigene Dateien\Neuer Ordner\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rap.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie_t-online.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\13.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\13.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\13.bin\MWSBAR.DLL O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll O2 - BHO: (no name) - {E7A1C296-7DA4-6660-E3E3-5B2540BFF461} - C:\DOKUME~1\jeremy\ANWEND~1\32ACTI~1\ROAD JUMP.exe O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\13.bin\MWSBAR.DLL O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Multimedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [bacstray] BacsTray.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\13.bin\mwsoemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [MessChicForLink] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BlueKnobMessChic\upplay.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\13.bin\mwsoemon.exe O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BoldJugs] C:\DOKUME~1\jeremy\ANWEND~1\INTRAL~1\BinClose.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\13.bin\MWSOEMON.EXE O4 - Startup: wkcalrem.LNK = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\13.bin\MWSOEMON.EXE O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\MSN Toolbar Suite\DS\02.05.0001.1119\de-de\bin\WindowsSearch.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &MSN Suche - res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYCK O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?c983ed167724420688cd7130a04bb9b9 O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?c983ed167724420688cd7130a04bb9b9 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de/service/redir/ie_t-online.htm O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/129513561e6eefcd2c18/netzip/RdxIE601_de.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127578424546 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www6.pc-sicherheit.web.de/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{653F4A98-C5AA-4B98-93ED-CC667E87536A}: NameServer = 217.237.149.225 217.237.151.97 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe im voraus vielen dank für die mühe |
|
|
||
07.01.2006, 16:01
Ehrenmitglied
Beiträge: 29434 |
#7
RNWAY
darf ich fragen, wieso du hier dein Log postest...ohne einen einzigen Satz dazu ??? Was moechtest du ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.01.2006, 16:21
Ehrenmitglied
Beiträge: 29434 |
#8
buba
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\13.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\13.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\13.bin\MWSBAR.DLL O2 - BHO: (no name) - {E7A1C296-7DA4-6660-E3E3-5B2540BFF461} - C:\DOKUME~1\jeremy\ANWEND~1\32ACTI~1\ROAD JUMP.exe O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\13.bin\MWSBAR.DLL O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\13.bin\mwsoemon.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [MessChicForLink] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BlueKnobMessChic\upplay.exe O4 - HKCU\..\Run: [BoldJugs] C:\DOKUME~1\jeremy\ANWEND~1\INTRAL~1\BinClose.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\13.bin\MWSOEMON.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\13.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYCK O20 - AppInit_DLLs: MsgPlusLoader.dll PC neustarten deinstalliere MyWebSearch MyWebSearch Email MessengerPlus! 3 (der ist "Schuld" an den Probs...... ) loesche (am besten im abgesicherten Modus...F8 druecken, wenn der PC hochfaehrt) C:\Dokumente und Einstellungen\jeremy\Anwendungsdaten\32ACTI... C:\Dokumente und Einstellungen\jeremy\Anwendungsdaten\INTRAL... C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BlueKnobMessChic stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: dir %Windir%\tasks /a h > files.txt notepad files.txt - Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.01.2006, 19:37
...neu hier
Beiträge: 6 |
#9
vielen danke schon mal im voraus sabine ich werde die tage den kampf aufnehmen ich muss mir das morgen auf der arbeit mal ausdrucken und dann versuche ich mein glück.
mfg Jay |
|
|
||
10.01.2006, 00:14
Ehrenmitglied
Beiträge: 29434 |
#10
buba
es sind zwei verschiedene Verseuchungen...deshalb der ganze Aufwand... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.01.2006, 12:35
...neu hier
Beiträge: 1 |
#11
Hallo,
habe auch das "winfixer"-Problem... kann mir bitte auch jemand helfen? Hier das Logfile: Logfile of HijackThis v1.99.1 Scan saved at 12:30:15, on 11.01.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\Versatel\Versatel.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\slserv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Mehmy\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.versatel.de/internet-cd/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Versatel O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\System32\mljjj.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O14 - IERESET.INF: START_PAGE_URL=http://www.versatel.de/internet-cd/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136977072218 O17 - HKLM\System\CCS\Services\Tcpip\..\{15B1D290-DEC4-46F2-9BE4-74ADCD439ED5}: NameServer = 212.7.148.65 212.7.148.97 O17 - HKLM\System\CS1\Services\Tcpip\..\{15B1D290-DEC4-46F2-9BE4-74ADCD439ED5}: NameServer = 212.7.148.65 212.7.148.97 O20 - Winlogon Notify: mljjj - C:\WINDOWS\System32\mljjj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFuZHk\command.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing) Vielen Dank im voraus an den, der hier was "rauslesen" kann und Rat weiß :-)) |
|
|
||
11.01.2006, 16:57
Ehrenmitglied
Beiträge: 29434 |
#12
empi
Normalerweise reinige ich keine PCs ohne WindowsUpdates.....denn der User ist im Handumdrehen wieder hier... Und dein PC ist fuerchterlich verseucht...kein Wunder...ohne die SicherheitsUpdates... stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html datfindbat--> kopiere hier die 4 Textdateien ( 3 Monate vom Datum her genuegen) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.01.2006, 15:19
...neu hier
Beiträge: 6 |
#13
nochmals vielen dank sabina hier ist der text:
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3C78-20E9 Verzeichnis von C:\WINDOWS\tasks 21.01.2006 11:49 <DIR> . 21.01.2006 11:49 <DIR> .. 29.08.2002 05:00 65 DESKTOP.INI 29.01.2006 15:02 516 Durchsuchen von McAfee.com nach Updates (DH5T7B1J-Besitzer).job 29.01.2006 15:00 512 Durchsuchen von McAfee.com nach Updates (DH5T7B1J-jeremy).job 29.10.2004 20:00 258 ISP-Anmeldungserinnerung 1.job 29.01.2006 09:42 6 SA.DAT 5 Datei(en) 1.357 Bytes Verzeichnis von C:\Dokumente und Einstellungen\jeremy\Desktop |
|
|
||
28.01.2006, 15:47
Ehrenmitglied
Beiträge: 29434 |
#14
buba
Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.01.2006, 21:30
...neu hier
Beiträge: 6 |
#15
ich hoffe sehr ich habe dich richtig verstanden und das ist das was ich hier rein kopieren soll. schon ein lustiges gefühl wenn man glaubt etwas falsch zu machen aber nicht weiß was. wenns falsch ist habt ihr wenigstens was zu lachen ;-)
Spyware Scan Details Start Date: 29.01.2006 20:09:01 End Date: 29.01.2006 21:02:14 Total Time: 53 mins 13 secs Detected spyware MyWebSearch Toolbar Potentially Unwanted Software more information... Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools. Status: Deleted Infected files detected C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064729.scr C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064734.DLL C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064736.DLL C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064740.SCR C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064741.DLL C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064742.EXE C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064743.DLL C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064744.DLL C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064748.DLL C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064754.EXE C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064755.DLL C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064781.dll C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064784.EXE C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064785.DLL Infected registry entries detected HKEY_CURRENT_USER\SOFTWARE\MyWebSearch\bar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sr 0 HKEY_CURRENT_USER\Software\MyWebSearch HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib {29D67D3C-509A-4544-903F-C8C1B8236554} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} IMonitorEvents HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib {E47CAEE0-DEEA-464A-9326-3F2801535A4D} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CLSID {3E720452-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CurVer MyWebSearch.HTMLPanel.1 HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel MyWebSearch HTML Panel HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1 HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 MyWebSearch Pseudo Transparent Plugin HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1\CLSID {3E720452-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 MyWebSearch HTML Panel HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar pid ZSYYYYYYCK HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Dir C:\Programme\MyWebSearch\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar PluginPath C:\Programme\MyWebSearch\bar\13.bin\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CurInstall 19 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar SettingsDir C:\Programme\MyWebSearch\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Id 0E62D810-5B55-4BC4-8CC7-170F970EFCC3 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CacheDir C:\Programme\MyWebSearch\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar HTMLMenuRevision 108 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Flags 594 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar HistoryDir C:\Programme\MyWebSearch\bar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar ConfigDateStamp 2005102617 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant pid ZSYYYYYYCK HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant Dir C:\Programme\MyWebSearch\SrchAstt\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant esh 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant lsp HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant CurInstall 19 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant Id 6297CA15-CD35-4BA9-AD4D-2F17525A3F7F HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant ABS http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZSYYYYYYCK&fl=0&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&ptnrS=ZSYYYYYYCK&PG=SEASUSH&SEC=ABMANY&searchfor= HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant DES http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZSYYYYYYCK&fl=0&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=dns&ptnrS=ZSYYYYYYCK&PG=SEASUSH&SEC=DNS&searchfor= HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant fs 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant ConfigDateStamp 2005102711 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssistant eintl 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SkinTools PlayerPath "C:\Programme\MyWebSearch\bar\13.bin\m3SkPlay.exe" Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Deleted Infected files detected C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064821.dll C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064822.dll C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064823.dll C:\System Volume Information\_restore{0FF17727-9F83-4D7C-919C-3A3EAC40F985}\RP315\A0064824.dll FunWebProducts Adware Bundler more information... Details: Fun Web Products bundles adware software in its products. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\SOFTWARE\FunWebProducts HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionCount 512 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionTimestamp 99125 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings UID 878E2ED0-406A-46A1-9C34-34B838C2E959 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings Param105 1 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings Param101 15/15_9_20~Girl 4|15/15_9_16~Girl 2|15/15_3_29~Unicorn|new/8_22/23_50_3~Cheer Up|new/8_22/15_3_27~Dragon|new/8_22/23_11_60~It's All Good|new/8_22/23_50_5~Cool|16/16_11_6~Hedgehog|36/36_27_12 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings Param108 Mein Ordner 1|36/36_27_8~BBQ|15/15_3_29~Unicorn| HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam234 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam101 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it! HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\PopSwatter blockedTotal 223 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn HTMLMenuRevision 108 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn ETag "2473fa0-92a9-4390c313" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn LastHTMLMenuURL http://www.funwebproducts.com/BuddyIconChooser.html HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn HTMLMenuRevision 108 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn ETag "2473f9b-3b87-433d9d9b" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MailStampBtn LastHTMLMenuURL http://www.mymailstamp.com/StampChooser.html?v=6 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MailStampBtn HTMLMenuRevision 106 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MailStampBtn ETag "fa0863-2976-42a9fa4d" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn LastHTMLMenuURL http://www.funwebproducts.com/StationeryChooser.html?v=2 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn HTMLMenuRevision 106 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn ETag "2473f96-29fa-4332e45d" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it! HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive2 2 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.2 Your friend has sent you a Talking Smiley. Click: @LINK@ HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.numActive 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@ HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqNone -1|1|0|0|0|0|0|0|0|0|1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.numActive 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@ HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqUninstalled -1|1|0|0|0|0|0|0|0|0|1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn LastHTMLMenuURL http://www.mywebface.com/menus/SmileyChooser_de.html.gz HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HTMLMenuRevision 108 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn ETag "1c49cae-19d7e-43c6dbd1" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn iexplore.exe.pos -145,-12 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HTMLMenuPosDeleted 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn icqlite.exe.pos -413,6 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn msnmsgr.exe.pos -60,-54 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products CacheDir C:\Programme\FunWebProducts\Shared\Cache\ My Way Speedbar Browser Plug-in more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@ad.yieldmanager[2].txt ATDMT.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@atdmt[2].txt CGI-Bin Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@cgi-bin[2].txt FastClick.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@fastclick[2].txt GeoCities Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@geocities[1].txt Mediaplex.com Cookie more information... Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@mediaplex[1].txt Radar Spy 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@tradedoubler[2].txt TribalFusion.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@tribalfusion[1].txt Weborama Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@weborama[2].txt Ajan 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\jeremy\cookies\jeremy@xiti[1].txt |
|
|
||