WinFixer 2005 .... |
||
|---|---|---|
| #0
| ||
|
15.04.2006, 15:01
Ehrenmitglied
 Beiträge: 29434 |
||
 
|
|
|
|
01.05.2006, 10:49
...neu hier
Beiträge: 1 |
#17
Guten Tag,
auch ich benötige Hilfe zu Winfixer, da er andauernd neu erscheint. danke erst einmal Hier mein Log: Logfile of HijackThis v1.99.1 Scan saved at 10:41:13, on 01.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\SpyCatcher\DeleteSatellite.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Registry Defragmentation\RegManServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\svchost.exe C:\Programme\RFA\rfagent.exe C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\gottima\Lokale Einstellungen\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Programme\SpyCatcher\DeleteSatellite.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [rfagent] C:\Programme\RFA\rfagent.exe O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Programme\SpyCatcher\DeleteSatellite.exe" nowait O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: F-Secure Internet Security 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing) O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Programme\Registry Defragmentation\RegManServ.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
|
|
01.05.2006, 11:38
Ehrenmitglied
Beiträge: 29434 |
#18
gottima
1. stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html PC neustarten 2. Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove --> Status: Deleted *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.05.2006, 19:00
...neu hier
Beiträge: 1 |
#19
hallo erstmal
also ich komme nicht mit beim beseitigen dieses lässtigen dinges. bin total unwissend und möchte nix falsch machen. bitte um eure hilfe |
|
|
|
|
|
|
01.05.2006, 21:55
Ehrenmitglied
Beiträge: 29434 |
#20
sexbombe77 (sehr passender Name in einem Sicherheitsforum.....)
 Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
06.06.2006, 17:02
...neu hier
Beiträge: 1 |
#21
Hi,
also ich habe auch ein WinFixer Problem und abgesehen von null-acht-fünfzehn-wissen keine Ahnung, aber nach lesen in verschiedener Foren mal das mit dem HijackThis gemacht und hier ist das Ergebnis: Logfile of HijackThis v1.99.1 Scan saved at 16:51:18, on 06.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\WinAntiVirus Pro 2006\WinAV.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe C:\PROGRA~1\MESSEN~1\Msmsgs.exe C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\kernel.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\sc_watch.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Monika\Desktop\HijackThis.exe C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/fsc/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Programme\WinAntiVirus Pro 2006\winpgi.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Programme\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\INFOCOCKPIT.EXE /nosplash O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online2/bejeweled2/popcaploader_v6.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe Wäre toll wenn mir jemand helfen könnte! |
|
|
|
|
|
|
06.06.2006, 17:07
Ehrenmitglied
Beiträge: 29434 |
#22
amy
Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) WinAntiVirus Pro 2006 in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
31.08.2006, 19:40
...neu hier
Beiträge: 8 |
#23
Hallo Sabina, ich hoffe du kannst auch mir weiterhelfen, habe mir wohl einiges eingefangen?
Logfile of HijackThis v1.99.1 Scan saved at 19:33:20, on 31.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE C:\Programme\Intel\Wireless\Bin\OProtSvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Programme\F-Secure Internet Security\Common\FCH32.EXE C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Programme\Java\jre1.5.0_08\bin\jusched.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsrw.exe C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\Samsung\Samsung Command Center\PIC_UI.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\F-Secure Internet Security\Common\FSM32.EXE C:\PROGRA~1\Samsung\SA8644~1\SAMSUN~1.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programme\F-Secure Internet Security\FSGUI\ispnews.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe C:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\PCODEC\isaddon.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RestoreIT!] "C:\Programme\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe O4 - HKLM\..\Run: [AVStation premium] "C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe" O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [SamsungPIC] C:\Programme\Samsung\Samsung Command Center\PIC_UI.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Programme\F-Secure Internet Security\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Programme\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\F-Secure Internet Security\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe |
|
|
|
|
|
|
31.08.2006, 22:18
Ehrenmitglied
Beiträge: 29434 |
#24
Tigereye
1. Versteckte- und Systemdateien sichtbar machen http://virus-protect.org/invisible.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom Avenger, was erscheint ** Loesche im abgesicherten Modus: C:\Programme\WinAntiVirus Pro 2006 C:\Programme\Common Files\Companion Wizard C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinAntiVirus Pro 2006 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 ------------------------------- ** scanne mit smitfraudfix http://virus-protect.org/artikel/tools/smitfrautfix.html ** scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
31.08.2006, 23:43
...neu hier
Beiträge: 8 |
#25
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\PCODEC Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CLASSES_ROOT\CLSID\{860c2f6b-ca82-4282-9187-beccbb66f0af} Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CLASSES_ROOT\WAP6.PCheck ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ysmcvtll ******************* Script file located at: \??\C:\bnkklnbf.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf5.sys not found! Deletion of file C:\WINDOWS\system32\drivers\vspf5.sys failed! Could not process line: C:\WINDOWS\system32\drivers\vspf5.sys Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf_hk5.sys not found! Deletion of file C:\WINDOWS\system32\drivers\vspf_hk5.sys failed! Could not process line: C:\WINDOWS\system32\drivers\vspf_hk5.sys Status: 0xc0000034 File C:\WINDOWS\system32\drivers\fopn.sys not found! Deletion of file C:\WINDOWS\system32\drivers\fopn.sys failed! Could not process line: C:\WINDOWS\system32\drivers\fopn.sys Status: 0xc0000034 File C:\WINDOWS\system32\av.cpl deleted successfully. File C:\WINDOWS\system32\stera.log deleted successfully. File C:\WINDOWS\system32\stera.exe deleted successfully. Could not open file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\winpgi.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\Updater.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\Updater.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\Updater.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\winav.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\winav.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\winav.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\pv.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\pv.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\pv.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\Activate.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\Activate.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\Activate.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\asmngr.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\asmngr.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\asmngr.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\avkernel.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\avkernel.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\avkernel.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\BkSites.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\BkSites.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\BkSites.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\bnlink.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\bnlink.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\bnlink.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\fat.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\fat.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\fat.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\fopn.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopn.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\fopn.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\fopn.sys for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopn.sys failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\fopn.sys Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\fopnl.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopnl.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\fopnl.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\history.db for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\history.db failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\history.db Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\install.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\install.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\install.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\lapv.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\lapv.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\lapv.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\License.rtf for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\License.rtf failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\License.rtf Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\online.url for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\online.url failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\online.url Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\phigh.bin for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\phigh.bin failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\phigh.bin Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\pmedium.bin for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\pmedium.bin failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\pmedium.bin Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\prc.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\prc.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\prc.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\prerules.xml for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\prerules.xml failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\prerules.xml Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\ps.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\ps.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\ps.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\pv.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\pv.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\pv.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\rpt.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\rpt.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\rpt.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\settings.bin for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\settings.bin failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\settings.bin Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\sr.log for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\sr.log failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\sr.log Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\st.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\st.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\st.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\support.url for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\support.url failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\support.url Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\unins000.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\unins000.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\unins000.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\unins000.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\unins000.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\unins000.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\uninstall.ico for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\uninstall.ico failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\uninstall.ico Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\up.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\up.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\up.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\updater.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\updater.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\updater.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\VAExt.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\VAExt.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\VAExt.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\vbpv.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\vbpv.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\vbpv.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\worldmap.swf for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\worldmap.swf failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\worldmap.swf Status: 0xc000003a Could not open file C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll for deletion Deletion of file C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll failed! Could not process line: C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll Status: 0xc000003a Could not open file C:\Programme\PCODEC\iesplugin.dll for deletion Deletion of file C:\Programme\PCODEC\iesplugin.dll failed! Could not process line: C:\Programme\PCODEC\iesplugin.dll Status: 0xc000003a Could not open file C:\Programme\PCODEC\iesuninst.exe for deletion Deletion of file C:\Programme\PCODEC\iesuninst.exe failed! Could not process line: C:\Programme\PCODEC\iesuninst.exe Status: 0xc000003a Could not open file C:\Programme\PCODEC\isaddon.dll for deletion Deletion of file C:\Programme\PCODEC\isaddon.dll failed! Could not process line: C:\Programme\PCODEC\isaddon.dll Status: 0xc000003a Could not open file C:\Programme\PCODEC\isamini.exe for deletion Deletion of file C:\Programme\PCODEC\isamini.exe failed! Could not process line: C:\Programme\PCODEC\isamini.exe Status: 0xc000003a Could not open file C:\Programme\PCODEC\isamonitor.exe for deletion Deletion of file C:\Programme\PCODEC\isamonitor.exe failed! Could not process line: C:\Programme\PCODEC\isamonitor.exe Status: 0xc000003a Could not open file C:\Programme\PCODEC\isauninst.exe for deletion Deletion of file C:\Programme\PCODEC\isauninst.exe failed! Could not process line: C:\Programme\PCODEC\isauninst.exe Status: 0xc000003a Could not open file C:\Programme\PCODEC\ot.ico for deletion Deletion of file C:\Programme\PCODEC\ot.ico failed! Could not process line: C:\Programme\PCODEC\ot.ico Status: 0xc000003a Could not open file C:\Programme\PCODEC\pmmon.exe for deletion Deletion of file C:\Programme\PCODEC\pmmon.exe failed! Could not process line: C:\Programme\PCODEC\pmmon.exe Status: 0xc000003a Could not open file C:\Programme\PCODEC\pmsngr.exe for deletion Deletion of file C:\Programme\PCODEC\pmsngr.exe failed! Could not process line: C:\Programme\PCODEC\pmsngr.exe Status: 0xc000003a Could not open file C:\Programme\PCODEC\pmuninst.exe for deletion Deletion of file C:\Programme\PCODEC\pmuninst.exe failed! Could not process line: C:\Programme\PCODEC\pmuninst.exe Status: 0xc000003a Could not open file C:\Programme\PCODEC\ts.ico for deletion Deletion of file C:\Programme\PCODEC\ts.ico failed! Could not process line: C:\Programme\PCODEC\ts.ico Status: 0xc000003a Could not open file C:\Programme\PCODEC\uninst.exe for deletion Deletion of file C:\Programme\PCODEC\uninst.exe failed! Could not process line: C:\Programme\PCODEC\uninst.exe Status: 0xc000003a Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{202a961f-23ae-42b1-9505-ffe3c818d717} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{860c2f6b-ca82-4282-9187-beccbb66f0af} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{860c2f6b-ca82-4282-9187-beccbb66f0af} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Conferencing\CaptureDevices\miro AVI CapCodec driver deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCODEC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCODEC failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\pmsngr.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\pmsngr.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\homepage.monitor.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\homepage.monitor.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
01.09.2006, 01:45
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
01.09.2006, 04:13
...neu hier
Beiträge: 8 |
#27
Incident Status Location
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\run\WinAntiVirusPro2006 Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\avenger\backup.zip[avenger/stera.exe] Hacktool:Exploit/ByteVerify Not disinfected C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-47723671-32b01362.zip[NewSecurityClassLoader.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-47723671-32b01362.zip[NewURLClassLoader.class] Spyware:Cookie/YieldManager Not edit war in arbeit  . ich bin entsetzt, dass f-secure die ganzen sachen beim scannen scheinbar nicht erkannt hat, wie kann man sich gut schützen?gibt es ein programm, dass du empfehlen würdest? Dieser Beitrag wurde am 01.09.2006 um 04:18 Uhr von Tigereye editiert.
|
|
|
|
|
|
|
01.09.2006, 12:04
Ehrenmitglied
Beiträge: 29434 |
#28
Tigereye
1. Avenger Zitat registry keys to delete:2. C:\avenger\backup.zip - loeschen 3. scanne mit Countespy, stelle nach dem Scan alles auf "remove" und poste hier den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.09.2006, 01:00
...neu hier
Beiträge: 8 |
#29
Spyware Scan Details
Start Date: 02.09.2006 00:17:48 End Date: 02.09.2006 00:38:19 Total Time: 20 mins 31 secs Detected spyware Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\.plp HKEY_CLASSES_ROOT\.plp ACDSee6.plp WinAntiVirus Pro Rogue Security Program more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\AppID\WinPGI.DLL AppID {367A86A5-D048-4785-86BE-4E2706AAFDD9} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootStera HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VSPF_HK StaticVxD vspf_hk.vxd Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\iexplore Type 2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\iexplore Count 9 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}\iexplore Time HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717}\iexplore Count 87 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717}\iexplore Time ad.yieldmanager Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\admin\cookies\admin@ad.yieldmanager[2].txt Bizrate Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\admin\cookies\admin@bizrate[1].txt CGI-Bin Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\admin\cookies\admin@cgi-bin[2].txt Com.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\admin\cookies\admin@com[2].txt cookie.monster Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\admin\cookies\admin@cookie.monster[1].txt as-us.falkag Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\admin\cookies\admin@falkag[2].txt IndexTools.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\admin\cookies\admin@indextools[1].txt Tracking.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\admin\cookies\admin@tracking[1].txt |
|
|
|
|
|
|
02.09.2006, 02:28
Ehrenmitglied
Beiträge: 29434 |
#30
Tigereye
poste bitte dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
0.
Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html
1.
C:\Programme\MessengerPlus! 3 -> deinstallieren
2.
loeschen: (geht nur im abgesicherten Modus)
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bias part funk license
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SIXTHA... (ist nicht der komplette Name...du musst suchen)
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\BOREFL...
---------
3.
CleanUp anwenden
http://virus-protect.org/cleanup.html
4.
mit Counterspy
http://virus-protect.org/counterspy.html
scannen, nach dem Scann muss man alles, was gefunden wurde auf *remove stellen
5.
Mit Panda -Online scannen.
http://virus-protect.org/cleanup.html
alles gefundene manuell loeschen
6.
dann poste die findjobs.bat und das neue Log vom HijackThis
__________
MfG Sabina
rund um die PC-Sicherheit