Rotes Kreuz und Spyaxe wie weiter..?

#16 Sabina

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=SIEMENS
Time=Sun Dec 11 23:49:01 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
IE Plugins: Found '{2318C2B1-4965-11d4-9B18-009027A5CD4F}' in 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
Web Browser Security Settings: Found 'EnableNegotiate' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Web Browser Security Settings: Found 'Persistent' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-tgp.org'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-tgp.org'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\loadcash.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\loadcash.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sex-pics.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sex-pics.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toolbarbiz.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toolbarbiz.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\traff-store.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\traff-store.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windfind4u.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windfind4u.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xawm.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xawm.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zviframe.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zviframe.biz'
Web Browser Security Settings: Found 'Google-Suche' in 'Software\Microsoft\Internet Explorer\MenuExt\&Google-Suche'
Web Browser Security Settings: Found 'Ins Deutsche übersetzen' in 'Software\Microsoft\Internet Explorer\MenuExt\&Ins Deutsche übersetzen'
Web Browser Security Settings: Found 'Im Cache gespeicherte Seite' in 'Software\Microsoft\Internet Explorer\MenuExt\Im Cache gespeicherte Seite'
Web Browser Security Settings: Found 'Nach Microsoft Excel exportieren' in 'Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren'
Web Browser Security Settings: Found 'Verweisseiten' in 'Software\Microsoft\Internet Explorer\MenuExt\Verweisseiten'
Web Browser Security Settings: Found 'Ähnliche Seiten' in 'Software\Microsoft\Internet Explorer\MenuExt\Ähnliche Seiten'
Windows Policy Settings: Found 'restrictanonymous' in 'SYSTEM\CurrentControlSet\Control\Lsa'
Windows Policy Settings: Found 'forceunlocklogon' in 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
Windows Policy Settings: Found 'wuauserv' in ''
Windows Shell Settings: Found '{9EF34FF2-3396-4527-9D27-04C8C1C67806}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks'
Windows Shell Settings: Found 'LDVPMenu' in 'SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\LDVPMenu'
Windows Shell Settings: Found 'LDVPMenu' in 'SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu'
Windows Shell Settings: Found '{BDA77241-42F6-11d0-85E2-00AA001FE28C}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found 'AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'NetHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'PrintHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Local Settings' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Local AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Pictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Music' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Administrative Tools' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CD Burning' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'NetHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'PrintHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'My Pictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Local Settings' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Local AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Documents' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonPictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonMusic' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonVideo' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Administrative Tools' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Documents' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Program Startup Areas: Found 'RemoteControl' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'wininet.dll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
Program Startup Areas: Found 'kernel32.dll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
Program Startup Areas: Found 'SpybotSD TeaTimer' in 'S-1-5-21-1409082233-1767777339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Scanning is stopping...
Scanning is stopping...

#17 SmitRem2.8
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

öffne smitRem folder,Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)
suche smitfiles.txt und poste die Textdatei in den Thread
__________
MfG Sabina

rund um die PC-Sicherheit

#18 smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

shopping


~~~ system32 folder ~~~

ld****.tmp
mssearchnet.exe
ncompat.tlb


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1656 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

shopping


~~~ system32 folder ~~~

mssearchnet.exe


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!

#19 bam

deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder)
http://virus-protect.org/systemwiederherstellung.html

scanne mit Kaspersky --> poste den scanbericht
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#20 --------------------------------- Anti-Spyware session started ---------------------------------
'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'wininet.dll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
Program Startup Areas: Found 'kernel32.dll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
Program Startup Areas: Found 'SpybotSD TeaTimer' in 'S-1-5-21-1409082233-1767777339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Scanning is stopping...
Scanning is stopping...
--------------------------------- Anti-Spyware session started ---------------------------------

#21 bam

mit der rechten Maustaste auf den Link klicken und aus dem Auswahlmenü, Ziel speichern unter -> Desktop wählen -> dann erscheint eine mcor.reg auf dem Bildschirm

http://virus-protect.org/reg/mcor.reg

boote in den abgesicherten modus und klicke auf die reg doppelt und fuege sie der Registry bei


scanne mit etrust --> poste den scanbericht
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#22 Sabina

Wie bereits gepostet, habe ich im abgesicherten Modus die mcor.reg nicht auf dem Desktop. Ich musste über das Laufwerk A: das mcor.reg der Registry beifügen.


Adtech.de Tracking Cookie
Tracking Cookie "Adtech.de" gefunden in:
Cookie "intel@adtech[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@adtech[1].txt"
Weitere Infos
As1.falkag.de Tracking Cookie
Tracking Cookie "As1.falkag.de" gefunden in:
Cookie "intel@as1.falkag[2].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@as1.falkag[2].txt"
Weitere Infos
AtlasDMT.com Tracking Cookie
Tracking Cookie "AtlasDMT.com" gefunden in:
Cookie "intel@atdmt[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@atdmt[1].txt"
Weitere Infos
Citi.BridgeTrack Tracking Cookie
Tracking Cookie "Citi.BridgeTrack" gefunden in:
Cookie "intel@citi.bridgetrack[2].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@citi.bridgetrack[2].txt"
Weitere Infos
DoubleClick Tracking Cookie
Tracking Cookie "DoubleClick" gefunden in:
Cookie "intel@doubleclick[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@doubleclick[1].txt"
Weitere Infos
Mediaplex.com Tracking Cookie
Tracking Cookie "Mediaplex.com" gefunden in:
Cookie "intel@mediaplex[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@mediaplex[1].txt"
Weitere Infos
QuestionMarket.com Tracking Cookie
Tracking Cookie "QuestionMarket.com" gefunden in:
Cookie "intel@questionmarket[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@questionmarket[1].txt"
Weitere Infos
DealTime Tracking Cookie
Tracking Cookie "DealTime" gefunden in:
Cookie "intel@stat.dealtime[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@stat.dealtime[1].txt"
Weitere Infos
Statcounter Tracking Cookie
Tracking Cookie "Statcounter" gefunden in:
Cookie "intel@statcounter[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@statcounter[1].txt"
Weitere Infos
WebTrends Tracking Cookie
Tracking Cookie "WebTrends" gefunden in:
Cookie "intel@statse.webtrendslive[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@statse.webtrendslive[1].txt"
Weitere Infos
TradeDoubler.com Tracking Cookie
Tracking Cookie "TradeDoubler.com" gefunden in:
Cookie "intel@tradedoubler[2].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@tradedoubler[2].txt"
Weitere Infos
Trojan.Win32.StartPage.adh Homepage Hijacker

#23 bam

gehe in die Registry
Start-->Ausfuehren--> regedit

loesche : (falls es noch da ist.......)
'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

all-tgp.org
free-spy-cam.net
loadcash.biz

usw.....

---------------------------------------------------------------------------
abgesehen von den Cookies scheint alles in Ordnung zu sein

Zitat

Cookies im Browser sperren!
Rechtsklick auf das IE-Symbol => Eigenschaften => Reiter "Datenschutz" = "Alle Cookies sperren" und nur noch Cookies für absolut vertrauenswürdige Sites zulassen (kannst Du unter "Einstellungen" im Datenschutz-Fenster definieren)
http://virus-protect.org/ie.html

lade den Firefox (falls du ihn noch nicht hast) und surfe nur noch mit ihm)
http://virus-protect.org/firefox.html
__________
MfG Sabina

rund um die PC-Sicherheit

#24 Sabine

Ich glaube nicht noch nicht ganz daran :-(!

Habe die folgende Datei gescannt. Das smitfraud-C. kann Spaybot nicht löschen. Wie kann ich diese eliminieren ?


Jottis Malwarescan 2.99-TRANSITION_TO_3.00

Datei, die hochgeladen und gescannt werden soll:
Dienst
Auslastung: 0% 100%

Datei: mssearchnet.exe
Status: INFIZIERT/MALWARE
Entdeckte Packprogramme: PE_PATCH, UPACK

AntiVir Trojan/Agent.AP.28.1 gefunden
ArcaVir Trojan.Downloader.Zlob.Cm gefunden
Avast Keine Viren gefunden
AVG Antivirus Downloader.Generic.MKU gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Trojan.MulDrop.3122 gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet W32/Zlob.CM!dldr gefunden
Kaspersky Anti-Virus Trojan-Downloader.Win32.Zlob.cm gefunden
NOD32 Win32/TrojanDownloader.Zlob.AP gefunden
Norman Virus Control W32/Zlob.EI gefunden
UNA Keine Viren gefunden
VBA32 Trojan-Downloader.Win32.Zlob.cm gefunden

#25 bam

kopiere bitte noch mal die 4 Textdateien (1 Monat vom Datum her genuegt)
http://virus-protect.org/datfindbat.html

Zitat

Verzeichnis von C:\WINDOWS\system32

09.12.2005 22:58 5'096 ncompat.tlb
09.12.2005 21:51 24'064 ldC39E.tmp
09.12.2005 21:31 6'144 msvol.tlb
09.12.2005 21:31 20'480 hpFCAA.tmp
09.12.2005 21:23 20'480 hpC763.tmp
09.12.2005 20:04 20'480 hpAB24.tmp
09.12.2005 20:01 4'286 ot.ico
09.12.2005 20:01 4'286 ts.ico
08.12.2005 18:51 2'206 wpa.dbl
04.12.2005 12:22 14'568 mscornet.exe

mssearchnet.exe ???

dann scanne mit dr.web, der erkennt/loescht die Malware
http://virus-protect.org/cureit.html

SpyAxe
http://virus-protect.org/artikel/spyware/spyaxe.html
__________
MfG Sabina

rund um die PC-Sicherheit

#26 Sabina

Anbei die 4 Textdateien (1 Monat zurück) nachher mit dr.web gescannt. Gelöscht wurde mscornet.exe, A000028.exe,mssearchnet.exe! Soll ich Anleitung - remove Spyaxe durchgehen?

17.12.2005 13:54 164 ncompat.tlb
17.12.2005 12:11 2'206 wpa.dbl
11.12.2005 23:49 2'154 tmmute.ini
10.12.2005 16:14 9'720 mssearchnet.exe
03.12.2005 15:07 2'050 DslWz.log
03.12.2005 12:29 40'972 perfc009.dat
03.12.2005 12:29 314'644 perfh009.dat
03.12.2005 12:29 320'424 perfh007.dat
03.12.2005 12:29 49'372 perfc007.dat
03.12.2005 12:29 725'674 PerfStringBackup.INI
02.12.2005 22:35 124'167 SYMEVNT.386
02.12.2005 22:35 83'208 S32EVNT1.DLL
02.12.2005 22:11 241'536 FNTCACHE.DAT
02.12.2005 12:18 253 spupdwxp.log
02.12.2005 11:42 25'065 wmpscheme.xml
02.12.2005 11:17 261 $winnt$.inf
02.12.2005 11:14 2'951 CONFIG.NT
02.12.2005 11:14 16'832 amcompat.tlb
02.12.2005 11:14 23'392 nscompat.tlb
02.12.2005 11:12 488 WindowsLogon.manifest
02.12.2005 11:12 488 logonui.exe.manifest
02.12.2005 11:12 749 nwc.cpl.manifest
02.12.2005 11:12 749 wuaucpl.cpl.manifest
02.12.2005 11:12 749 ncpa.cpl.manifest
02.12.2005 11:12 749 sapi.cpl.manifest
02.12.2005 11:12 749 cdplayer.exe.manifest
02.12.2005 11:10 21'740 emptyregdb.dat
02.12.2005 10:55 0 h323log.txt
15.11.2005 12:12 126'680 GCCollection.dll
15.11.2005 12:12 117'976 hashlib.dll
15.11.2005 12:12 95'448 gcUnCompress.dll
22.04.2005 11:58 328'128 gcTypLibA.tlb
04.08.2004 01:12 1'788 dcache.bin

#27 zu loeschen waere noch:

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\mssearchnet.exe

danach:
SmitRem2.8
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

laden--> in den abgesicherten Modus booten --> öffne smitRem folder --> Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)
suche smitfiles.txt und kopiere die Textdatei in den Thread
__________
MfG Sabina

rund um die PC-Sicherheit

#28 Sabina

Habe zuerst die 6 Dateien von SmitRem2.8 auf eine Diskette kopiert ==>danach bin ich in den abgesicherten Modus==> die Dateien auf den Desktop kopiert==>Doppelklick: RunThis.bat usw.==> smitfiles.txt gesucht und die Textdatei ist wie folgt:

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 764 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!

#29 bam

scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#30 Sabina

Habe nur das C:Laufwerk gescannt!

1-Click ActiveScan!
Installation finished

The next time, start ActiveScan with just one click!
1-Click ActiveScan!
The next time, start ActiveScan with just one click! Install the ActiveScan shortcut in:
Desktop
Start menu
Taskbar
Internet browser toolbar
1-Click ActiveScan! | Your Opinion - FAQs - Help No viruses or other malicious software have been found!Scan finished 184138 Files scanned C:\WINDOWS\_default.pifScan reportActiveScan only disinfects viruses. To disinfect all Thread, buy or try a recommended security product. ActiveScan gives you a deep second opinion analysis of the security level of your PC. Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0