Wie kriege ich WinFixer entfernt

#16 Danke Sabina für die Antwort, hier mein Log!


Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: F009-33CC

Verzeichnis von C:\WINDOWS\tasks

26.12.2005 19:17 <DIR> .
26.12.2005 19:17 <DIR> ..
28.12.2005 14:00 282 A7832F809170AA3C.job
04.08.2004 13:00 65 desktop.ini
29.07.2005 19:29 258 Registrierungserinnerung 3.job
28.12.2005 16:25 6 SA.DAT
4 Datei(en) 611 Bytes

Verzeichnis von C:\Dokumente und Einstellungen\Steffen Hees\Desktop

#17 Glen

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h A7832F809170AA3C.job
del A7832F809170AA3C.job

- Speichern als: remjob.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal


scanne mit Panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#18 Ich bin so weit und habe Email , Country usw. eingegeben und bekomme wenn ich auf "Check now" gehe folgendes:
--------------------------------------------------------------------------
asinst.cab
unbekannter Herausgeber

Diese Datei wurde geblockt, da sie über keine gültige digitale Signatur, die den Herausgeber verifziert.
--------------------------------------------------------------------------

, gibt es noch ne 2. Möglichkeit? oder wie kann ich sie erlauben ? wird von Windows geblockt, nicht von meiner Firewall!

MFG

Glen

#19 Glen

versuche es mit escan und poste das log
http://virus-protect.org/escan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#20 so langsam verzweifel ich das oben genannte Programm geht nicht laut der Anleitung, bekomme immer wieder ne Fehlermeldung!
----------------------------------------------------------------
ESCCheck
C:\escheck\mwav.exe
End -of-central-directory not found
usw.
----------------------------------------------------------------
löst Format C: mein Problem wenn ja mache ich das!

#21 Glen

nein, du musst nicht formatieren......
--------------------------------------------------------------

http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina

rund um die PC-Sicherheit

#22 also hier mein Log:


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Wed Dec 28 20:23:06 2005 => System found infected with minibug Adware ({2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c})! Action taken: No Action Taken.
2: Wed Dec 28 20:23:06 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
3: Wed Dec 28 20:23:37 2005 => Offending file found: C:\Dokumente und Einstellungen\Steffen Hees\Eigene Dateien\fifa 2005\user\config.dat
4: Wed Dec 28 20:23:37 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
5: Wed Dec 28 20:23:38 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek\gtupdate\aupdate\channels\channels.ini
6: Wed Dec 28 20:23:38 2005 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken.
7: Wed Dec 28 20:23:38 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
8: Wed Dec 28 20:23:38 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
9: Wed Dec 28 20:50:24 2005 => System found infected with minibug Adware ({2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c})! Action taken: No Action Taken.
10: Wed Dec 28 20:50:24 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
11: Wed Dec 28 20:50:29 2005 => Offending file found: C:\Dokumente und Einstellungen\Steffen Hees\Eigene Dateien\fifa 2005\user\config.dat
12: Wed Dec 28 20:50:29 2005 => System found infected with startsurfing Spyware/Adware (config.dat)! Action taken: No Action Taken.
13: Wed Dec 28 20:50:30 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek\gtupdate\aupdate\channels\channels.ini
14: Wed Dec 28 20:50:30 2005 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken.
15: Wed Dec 28 20:50:31 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
16: Wed Dec 28 20:50:31 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Wed Dec 28 20:22:44 2005 => File C:\Programme\OCRANA-IRC\OCRANA-IRC.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
2: Wed Dec 28 20:24:36 2005 => File C:\WINDOWS\system32\pbdev2.dll tagged as "not-a-virus:AdWare.Win32.PowerSearch.c". Action Taken: No Action Taken.
3: Wed Dec 28 20:51:43 2005 => File C:\WINDOWS\system32\pbdev2.dll tagged as "not-a-virus:AdWare.Win32.PowerSearch.c". Action Taken: No Action Taken.
4: Wed Dec 28 21:32:07 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP118\A0057981.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken.
5: Wed Dec 28 21:32:08 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP118\A0057982.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken.
6: Wed Dec 28 21:35:49 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP97\A0033682.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
7: Wed Dec 28 21:45:16 2005 => File C:\WINDOWS\system32\pbdev2.dll tagged as "not-a-virus:AdWare.Win32.PowerSearch.c". Action Taken: No Action Taken.
8: Wed Dec 28 22:22:15 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP118\A0057981.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken.
9: Wed Dec 28 22:22:16 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP118\A0057982.exe tagged as "not-a-virus:AdWare.Win32.Lop.ag". Action Taken: No Action Taken.
10: Wed Dec 28 22:25:40 2005 => File C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP97\A0033682.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
11: Wed Dec 28 22:33:49 2005 => File C:\WINDOWS\system32\pbdev2.dll tagged as "not-a-virus:AdWare.Win32.PowerSearch.c". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Wed Dec 28 20:22:47 2005 => ERROR!!! Invalid Entry {B327765E-D724-4347-8B16-78AE18552FC3} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
2: Wed Dec 28 20:22:47 2005 => ERROR!!! Invalid Entry {7F1CF152-04F8-453A-B34C-E609530A9DC8} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
3: Wed Dec 28 20:22:47 2005 => ERROR!!! Invalid Entry SCRNSAVE.EXE = C:\WINDOWS\system32\Playbo~1.scr (in key Control Panel\Desktop). No Action Taken.
4: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe". Action Taken: No Action Taken.
5: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
6: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\MFC71.dll". Action Taken: No Action Taken.
7: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\msvcp71.dll". Action Taken: No Action Taken.
8: Wed Dec 28 20:23:40 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
9: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
10: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HDRegApp.exe" refers to invalid object "c:\Apps\HDRegApp.exe". Action Taken: No Action Taken.
11: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
12: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneDVD2.exe" refers to invalid object "C:\Programme\Elaborate Bytes\CloneDVD2\RegCloneDVD2.exe". Action Taken: No Action Taken.
13: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\AntiVirenKit InternetSecurity\YourApp.exe". Action Taken: No Action Taken.
14: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrintMe Internet Printing\". Action Taken: No Action Taken.
15: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\". Action Taken: No Action Taken.
16: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\". Action Taken: No Action Taken.
17: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\OFFICE\". Action Taken: No Action Taken.
18: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\bin\". Action Taken: No Action Taken.
19: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\". Action Taken: No Action Taken.
20: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\". Action Taken: No Action Taken.
21: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\resource\". Action Taken: No Action Taken.
22: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\". Action Taken: No Action Taken.
23: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\". Action Taken: No Action Taken.
24: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\steam\". Action Taken: No Action Taken.
25: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\steam\cached\". Action Taken: No Action Taken.
26: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\SteamApps\". Action Taken: No Action Taken.
27: Wed Dec 28 20:23:41 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\Public\". Action Taken: No Action Taken.
28: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avd". Action Taken: No Action Taken.
29: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".exe_0-". Action Taken: No Action Taken.
30: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kotzt". Action Taken: No Action Taken.
31: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar_0-". Action Taken: No Action Taken.
32: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken.
33: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".torrent". Action Taken: No Action Taken.
34: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tpr". Action Taken: No Action Taken.
35: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zip_0-". Action Taken: No Action Taken.
36: Wed Dec 28 20:23:42 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
37: Wed Dec 28 20:23:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Nero - Burning Rom!UninstallKey". Action Taken: No Action Taken.
38: Wed Dec 28 20:23:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NetPumper_is1". Action Taken: No Action Taken.
39: Wed Dec 28 20:23:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B7EF883B-6320-4B13-00BB-B1B379303DA2}". Action Taken: No Action Taken.
40: Wed Dec 28 20:23:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E4E3E62E-16D7-425E-009C-DCB5E64F5955}". Action Taken: No Action Taken.
41: Wed Dec 28 20:23:44 2005 => Entry "HKCR\CLSID\{3747A802-6E00-4b4e-B9FE-A97DC8F69427}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\browserengine.dll". Action Taken: No Action Taken.
42: Wed Dec 28 20:23:44 2005 => Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
43: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{6B149EFD-F522-4021-B784-E49567D2672F}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
44: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{77A8B956-4FDC-4217-8E4D-AC7620F7AFCF}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
45: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{7D4D6379-F301-4311-BEBA-E26EB0561882}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
46: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{7F1CF152-04F8-453A-B34C-E609530A9DC8}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
47: Wed Dec 28 20:23:45 2005 => Entry "HKCR\CLSID\{84921D1D-9D55-478F-2F9D-115AF4E3DC34}" refers to invalid object "C:\Programme\Real\RealPlayer\CDDBRealControl.dll". Action Taken: No Action Taken.
48: Wed Dec 28 20:23:46 2005 => Entry "HKCR\CLSID\{B327765E-D724-4347-8B16-78AE18552FC3}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
49: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}" refers to invalid object "C:\Programme\Real\RealPlayer\ierjplug.dll". Action Taken: No Action Taken.
50: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}" refers to invalid object "C:\Programme\Real\RealPlayer\rpau3260.dll". Action Taken: No Action Taken.
51: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}" refers to invalid object "C:\Programme\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll". Action Taken: No Action Taken.
52: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{67D26A59-1E17-4F8D-8445-42B7DCCF589D}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\browserengine.dll". Action Taken: No Action Taken.
53: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
54: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{8042010C-0400-41A1-B344-85F0D08F4F41}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
55: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}" refers to invalid object "C:\Programme\Real\RealPlayer\rpplugins\ierpplug.dll". Action Taken: No Action Taken.
56: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{B7EF1304-D97F-4D69-B678-2EF6AD6C2D3A}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\nhl2005.exe". Action Taken: No Action Taken.
57: Wed Dec 28 20:23:47 2005 => Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "C:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken.
58: Wed Dec 28 20:23:48 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
59: Wed Dec 28 20:23:48 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
60: Wed Dec 28 20:23:48 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
61: Wed Dec 28 20:23:49 2005 => Entry "HKCR\magnet\shell\open\command" refers to invalid object ""C:\Programme\LimeWire\LimeWire.exe" "%L"". Action Taken: No Action Taken.
62: Wed Dec 28 20:23:49 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
63: Wed Dec 28 20:23:49 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
64: Wed Dec 28 20:23:49 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
65: Wed Dec 28 20:23:49 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
66: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroAACType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
67: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroCopyType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
68: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroCueSheetType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
69: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroErrorType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
70: Wed Dec 28 20:23:49 2005 => Entry "HKCR\NeroHDBackupType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
71: Wed Dec 28 20:23:50 2005 => Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
72: Wed Dec 28 20:23:50 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""C:\Programme\Valve\Steam\Steam.exe" "%1"". Action Taken: No Action Taken.
73: Wed Dec 28 20:23:50 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
74: Wed Dec 28 20:23:50 2005 => Entry "HKCR\Valve.Source\shell\open\command" refers to invalid object ""c:\programme\valve\steam\steamapps\fiddich911\counter-strike source\hl2.exe" "%1"". Action Taken: No Action Taken.
75: Wed Dec 28 20:49:51 2005 => ERROR!!! Invalid Entry {B327765E-D724-4347-8B16-78AE18552FC3} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
76: Wed Dec 28 20:49:51 2005 => ERROR!!! Invalid Entry {7F1CF152-04F8-453A-B34C-E609530A9DC8} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
77: Wed Dec 28 20:49:51 2005 => ERROR!!! Invalid Entry SCRNSAVE.EXE = C:\WINDOWS\system32\Playbo~1.scr (in key Control Panel\Desktop). No Action Taken.
78: Wed Dec 28 20:50:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe". Action Taken: No Action Taken.
79: Wed Dec 28 20:50:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
80: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\MFC71.dll". Action Taken: No Action Taken.
81: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\msvcp71.dll". Action Taken: No Action Taken.
82: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
83: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
84: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HDRegApp.exe" refers to invalid object "c:\Apps\HDRegApp.exe". Action Taken: No Action Taken.
85: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
86: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\RegCloneDVD2.exe" refers to invalid object "C:\Programme\Elaborate Bytes\CloneDVD2\RegCloneDVD2.exe". Action Taken: No Action Taken.
87: Wed Dec 28 20:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe" refers to invalid object "C:\Programme\AntiVirenKit InternetSecurity\YourApp.exe". Action Taken: No Action Taken.
88: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PrintMe Internet Printing\". Action Taken: No Action Taken.
89: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Common Client\". Action Taken: No Action Taken.
90: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton Internet Security\". Action Taken: No Action Taken.
91: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\OFFICE\". Action Taken: No Action Taken.
92: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\bin\". Action Taken: No Action Taken.
93: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\". Action Taken: No Action Taken.
94: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\". Action Taken: No Action Taken.
95: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\resource\". Action Taken: No Action Taken.
96: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\". Action Taken: No Action Taken.
97: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\". Action Taken: No Action Taken.
98: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\steam\". Action Taken: No Action Taken.
99: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\skins\Grey\steam\cached\". Action Taken: No Action Taken.
100: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\SteamApps\". Action Taken: No Action Taken.
101: Wed Dec 28 20:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Valve\Steam\Public\". Action Taken: No Action Taken.
102: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avd". Action Taken: No Action Taken.
103: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".exe_0-". Action Taken: No Action Taken.
104: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".kotzt". Action Taken: No Action Taken.
105: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar_0-". Action Taken: No Action Taken.
106: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken.
107: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".torrent". Action Taken: No Action Taken.
108: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tpr". Action Taken: No Action Taken.
109: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zip_0-". Action Taken: No Action Taken.
110: Wed Dec 28 20:50:35 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
111: Wed Dec 28 20:50:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Nero - Burning Rom!UninstallKey". Action Taken: No Action Taken.
112: Wed Dec 28 20:50:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NetPumper_is1". Action Taken: No Action Taken.
113: Wed Dec 28 20:50:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B7EF883B-6320-4B13-00BB-B1B379303DA2}". Action Taken: No Action Taken.
114: Wed Dec 28 20:50:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{E4E3E62E-16D7-425E-009C-DCB5E64F5955}". Action Taken: No Action Taken.
115: Wed Dec 28 20:50:37 2005 => Entry "HKCR\CLSID\{3747A802-6E00-4b4e-B9FE-A97DC8F69427}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\browserengine.dll". Action Taken: No Action Taken.
116: Wed Dec 28 20:50:38 2005 => Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
117: Wed Dec 28 20:50:38 2005 => Entry "HKCR\CLSID\{6B149EFD-F522-4021-B784-E49567D2672F}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
118: Wed Dec 28 20:50:39 2005 => Entry "HKCR\CLSID\{77A8B956-4FDC-4217-8E4D-AC7620F7AFCF}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
119: Wed Dec 28 20:50:39 2005 => Entry "HKCR\CLSID\{7D4D6379-F301-4311-BEBA-E26EB0561882}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
120: Wed Dec 28 20:50:39 2005 => Entry "HKCR\CLSID\{7F1CF152-04F8-453A-B34C-E609530A9DC8}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
121: Wed Dec 28 20:50:39 2005 => Entry "HKCR\CLSID\{84921D1D-9D55-478F-2F9D-115AF4E3DC34}" refers to invalid object "C:\Programme\Real\RealPlayer\CDDBRealControl.dll". Action Taken: No Action Taken.
122: Wed Dec 28 20:50:41 2005 => Entry "HKCR\CLSID\{B327765E-D724-4347-8B16-78AE18552FC3}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
123: Wed Dec 28 20:50:43 2005 => Entry "HKCR\TypeLib\{00CEDBF1-864D-11D3-908D-00C0F03B3EDC}" refers to invalid object "C:\Programme\Real\RealPlayer\ierjplug.dll". Action Taken: No Action Taken.
124: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{405DE7B2-E7DD-11D2-92C5-00C0F01F77C1}" refers to invalid object "C:\Programme\Real\RealPlayer\rpau3260.dll". Action Taken: No Action Taken.
125: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}" refers to invalid object "C:\Programme\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll". Action Taken: No Action Taken.
126: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{67D26A59-1E17-4F8D-8445-42B7DCCF589D}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\browserengine.dll". Action Taken: No Action Taken.
127: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOKUME~1\STEFFE~1\LOKALE~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
128: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{8042010C-0400-41A1-B344-85F0D08F4F41}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll". Action Taken: No Action Taken.
129: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{A67004E0-8362-42F9-B186-88706C346DD9}" refers to invalid object "C:\Programme\Real\RealPlayer\rpplugins\ierpplug.dll". Action Taken: No Action Taken.
130: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{B7EF1304-D97F-4D69-B678-2EF6AD6C2D3A}" refers to invalid object "C:\Programme\EA SPORTS\NHL 2005\nhl2005.exe". Action Taken: No Action Taken.
131: Wed Dec 28 20:50:44 2005 => Entry "HKCR\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}" refers to invalid object "C:\Programme\NetPumper\NetPumperNNProxy.dll". Action Taken: No Action Taken.
132: Wed Dec 28 20:50:45 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
133: Wed Dec 28 20:50:45 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
134: Wed Dec 28 20:50:45 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
135: Wed Dec 28 20:50:46 2005 => Entry "HKCR\magnet\shell\open\command" refers to invalid object ""C:\Programme\LimeWire\LimeWire.exe" "%L"". Action Taken: No Action Taken.
136: Wed Dec 28 20:50:46 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
137: Wed Dec 28 20:50:46 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
138: Wed Dec 28 20:50:46 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
139: Wed Dec 28 20:50:48 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
140: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroAACType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
141: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroCopyType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
142: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroCueSheetType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
143: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroErrorType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
144: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NeroHDBackupType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\nero\nero.exe "%1"". Action Taken: No Action Taken.
145: Wed Dec 28 20:50:49 2005 => Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
146: Wed Dec 28 20:50:50 2005 => Entry "HKCR\steam\shell\open\command" refers to invalid object ""C:\Programme\Valve\Steam\Steam.exe" "%1"". Action Taken: No Action Taken.
147: Wed Dec 28 20:50:50 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
148: Wed Dec 28 20:50:50 2005 => Entry "HKCR\Valve.Source\shell\open\command" refers to invalid object ""c:\programme\valve\steam\steamapps\fiddich911\counter-strike source\hl2.exe" "%1"". Action Taken: No Action Taken.
149: Wed Dec 28 21:01:04 2005 => Result: ERROR!!! File C:\DRIVERS\MCDBF\SOURCE1\OTHER.EXE is Not Scanned
150: Wed Dec 28 21:55:15 2005 => Result: ERROR!!! File C:\DRIVERS\MCDBF\SOURCE1\OTHER.EXE is Not Scanned

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\Programme\OCRANA-IRC\OCRANA-IRC.exe => tagged:Client-IRC.Win32.mIRC.603.
2: C:\System Volume Information\_restore{66234F2B-C93E-4D94-8BDB-1899CBBA9319}\RP97\A0033682.exe => tagged:Client-IRC.Win32.mIRC.616.

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Wed Dec 28 20:24:54 2005 => Total Objects Scanned: 26697
Wed Dec 28 20:24:54 2005 => Total Virus(es) Found: 14
Wed Dec 28 20:24:54 2005 => Total Errors: 74
Wed Dec 28 20:24:54 2005 => Virus Database Date: 12/26/2005
Wed Dec 28 20:24:54 2005 => Virus Database Count: 167489
Wed Dec 28 20:27:27 2005 => Virus Database Date: 12/26/2005
Wed Dec 28 20:27:27 2005 => Virus Database Count: 167489
Wed Dec 28 20:43:45 2005 => Virus Database Date: 12/26/2005
Wed Dec 28 20:43:45 2005 => Virus Database Count: 167489
Wed Dec 28 20:48:18 2005 => Virus Database Date: 12/26/2005
Wed Dec 28 20:48:18 2005 => Virus Database Count: 167489
Wed Dec 28 22:34:39 2005 => Total Objects Scanned: 220225
Wed Dec 28 22:34:39 2005 => Total Virus(es) Found: 20
Wed Dec 28 22:34:39 2005 => Total Errors: 76
Wed Dec 28 22:34:39 2005 => Virus Database Date: 12/26/2005
Wed Dec 28 22:34:39 2005 => Virus Database Count: 167489


-----------------------------------------------------------------------

Die Datei: System Volume Information konnte nicht gelöscht werden nach nem Neustart! die Datei: Ocrana IRC würde ich gerne weiter nutzen, aber wenn sie auch gelöscht werden muss dann lösche ich sie


MFG Glen

#23 Glen

loesche:
C:\WINDOWS\system32\pbdev2.dll
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek

deaktiviere die systemwiederherstellung (dann aktiviere sie wieder)
http://virus-protect.org/systemwiederherstellung.html

Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina

rund um die PC-Sicherheit

#24 mein Log:

Spyware Scan Details
Start Date: 29.12.2005 16:04:05
End Date: 29.12.2005 16:45:24
Total Time: 41 mins 19 secs

Detected spyware

AntiLeech Plugin Adware more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Ignored

Infected files detected
c:\programme\anti-leech\alie_1.0.2.2\al2np.dll
c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.2\alie.dll
c:\programme\anti-leech\alie_1.0.2.2\alie.inf
c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.2\alie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.2.2\iesetup2.exe uninstall


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar.
Status: Ignored

Infected files detected
c:\dokumente und einstellungen\steffen hees\anwendungsdaten\netpumper\steffen_20hees.ini
c:\programme\netpumper\zm\np_0001_1.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro\Firstrun state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro pkid HQP
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro alid HQP
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro iid {3598A1AB-A5CE-4F0C-9C02-F77A021BC54C}
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo w+OxpNEdkWvQp+TemoMWOXuDZ7Jq8A2ohoS-IEfhhH6VyS7E4NoCMBLneZfvlLGanYv9bgrLKue
Ea3y5XQt9Ob3Ln7f-fhu4j0ony8eRCXoFwrS9d6PiGR4JqU8EoEdslj3Dwcju40stxe+LtRMCtOp
QpWKMJtVNYVo5wQ-UvWqxXhDKvCK+2Vfe5l08mn15E4nQaa-C4UQc
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\Steffen Hees Field1 1068374275
HKEY_CURRENT_USER\Software\NetPumper\Steffen Hees Field2 1175449753
HKEY_CURRENT_USER\Software\NetPumper\Steffen Hees Field3 1000036424
HKEY_CURRENT_USER\Software\NetPumper\Steffen Hees Field4 1080637372
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}
HKEY_CLASSES_ROOT\clsid\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} MiniBugTransporterX Class


IEPlugin Spyware more information...
Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\remove


eZula.TopText Adware more information...
Details: eZula TopText is a browser hijacker that will alter all pages viewed in Internet Explorer by adding extra links to words and phrases targeted by advertisers. These links are unauthorized by the users of the sites being viewed and not part of the orig
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\remove


ATDMT.com Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\steffen hees\cookies\steffen hees@atdmt[1].txt


DoubleClick Cookie more information...
Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising.
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\steffen hees\cookies\steffen hees@doubleclick[1].txt


TribalFusion.com Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\steffen hees\cookies\steffen hees@tribalfusion[1].txt

#25 Glen

der netpumper hat dir den ganzen Schlamassel verursacht...lade ihn also nie wieder

scanne noch mal und stelle ein:*Remove , und lasse alles loeschen

solange dort steht --> Status: Ignored wird es keine Fortschritte bei der Reinigung geben
__________
MfG Sabina

rund um die PC-Sicherheit

#26 Hallo Leute,

habe auch dieses lästige winfixer eingefangen. Bitte helft mir ihn zu entfernen.

Hier die Logfile

Logfile of HijackThis v1.99.1
Scan saved at 12:19:03, on 30.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\D-Tools\daemon.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\DitExp.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Gevso.HPPAV\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-de8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-de8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-de8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-de8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Agent] C:\Programme\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [Remote_Agent] C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://de7.hpwis.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/cert/GamyunIeToolbar.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll
O16 - DPF: {F49DA492-7B88-463F-B389-CA9A02F6DA76} (Seagate SeaTools German Online) - http://www.seagate.com/support/disc/asp/tools/de/bin/npseatools.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

mfg kinglui

#27 Hallo.
Ich habe auch das Winfixerproblem. wär echt nett, wenn ihr mir helfen könntet.
Danke.
Hier das Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 12:08:17, on 30.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Nero\Nero 7\InCD\InCD.exe
C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
C:\Programme\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Winamp\winamp.exe
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\PokerStars\PokerStars.exe
C:\Programme\Miranda IM\miranda32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Johann\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.compuserve.de
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Reg.lnk = ?
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - T-Online International AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#28 kinglui

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {3AEECF42-EFE4-4AC8-AE9E-83C031EC09AB} (GamyunNetToolbar) - http://server.gamyun.net/cert/GamyunIeToolbar.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

PC neustarten

loesche:
GamyunNetToolbar
c:\eied_s7.cab
c:\ex.cab
C:\Programme\SurfAccuracy

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina

rund um die PC-Sicherheit

#29 MeisterEder

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)
__________
MfG Sabina

rund um die PC-Sicherheit

#30 Logfile of HijackThis v1.99.1
Scan saved at 13:40:10, on 30.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Dokumente und Einstellungen\Völp\Lokale Einstellungen\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\System32\mljji.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sygate Personall Firewall] Sygate32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: mljji - C:\WINDOWS\System32\mljji.dll
O23 - Service: Enables Java Support (Java) - Unknown owner - C:\WINDOWS\System32\winjava.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe



das ist meine logdatei von hijack...
kann mir jemand weiterhelfen?? besten dank im vorraus