ErrorSafe und Pop-Ups

Thema ist geschlossen!
Thema ist geschlossen!
#0
28.01.2006, 00:35
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#1 Mein Nachbar hat viele Probleme.
Errorsafe versucht sich zu installieren und er bekommt viele Pop-ups auch offline


Logfile of HijackThis v1.99.1
Scan saved at 16:19:34, on 27-1-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\windows\winsysban3.exe

C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Norman\bin\niu.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Download data\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.971searchbox.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iuwr] C:\PROGRA~1\COMMON~1\iuwr\iuwrm.exe
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099388827580
O20 - Winlogon Notify: fccdd - fccdd.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\j00s0ad7ed0.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXVzdGVycw\command.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

DatFind.bat
Map van C:\WINDOWS

27-01-2006 17:00 1.235.075 WindowsUpdate.log
27-01-2006 17:00 49 wiaservc.log
27-01-2006 17:00 0 0.log
27-01-2006 17:00 159 wiadebug.log
27-01-2006 17:00 2.048 bootstat.dat
27-01-2006 16:59 32.206 SchedLgU.Txt
27-01-2006 16:58 1.143 win.ini
27-01-2006 16:58 227 system.ini
27-01-2006 13:50 0 winsysupd31.dat
27-01-2006 13:50 42 drsmartload2.dat
27-01-2006 13:50 38 myupdates.dat
26-01-2006 15:40 0 winsysupd21.dat
25-01-2006 14:19 26 ulead32.ini
25-01-2006 14:00 71 Pex.INI
25-01-2006 13:23 0 myupdates1.dat
24-01-2006 16:07 0 winsysupd1.dat

16-01-2006 13:21 11.728 ModemLog_Best Data Data Fax Modem.txt
15-01-2006 11:44 0 enewsletterpro1.dat
05-01-2006 18:12 27.790 svcpack.log
05-01-2006 15:26 0 timessquare1.dat
05-01-2006 15:26 0 drsmartloadb1.dat

05-01-2006 14:36 699.452 setupapi.log
05-01-2006 14:23 4.774 KB835409.log
05-01-2006 14:23 16.227 KB893066.log
05-01-2006 14:22 4.336 KB899587.log
05-01-2006 14:22 4.164 KB901017.log
05-01-2006 14:22 3.993 KB896424.log
05-01-2006 14:22 3.816 KB896358.log
05-01-2006 14:22 4.687 KB890046.log
05-01-2006 14:22 4.513 KB901214.log
05-01-2006 14:22 4.447 KB900725.log
05-01-2006 14:21 4.599 KB905749.log
05-01-2006 14:21 7.150 KB890859.log
04-01-2006 13:15 4.249 KB896422.log
03-01-2006 17:45 1.989 uninstall_nmon.vbs
27-12-2005 14:49 40 teller2.chk
26-12-2005 16:37 4.069 KB899591.log
26-12-2005 16:36 3.899 KB893756.log
26-12-2005 16:19 3.805 KB905495.log
26-12-2005 16:06 3.720 KB905414.log
26-12-2005 14:37 3.628 KB896428.log
08-11-2005 15:32 27.209 iis6.log
08-11-2005 15:32 72.253 comsetup.log
08-11-2005 15:32 42.825 ntdtcsetup.log
08-11-2005 15:32 75.086 tsoc.log
08-11-2005 15:32 1.374 imsins.log
08-11-2005 15:32 24.497 KB902400.log
08-11-2005 15:31 7.192 ocmsn.log
08-11-2005 15:31 107.487 ocgen.log
08-11-2005 15:31 9.593 msgsocm.log
08-11-2005 15:31 184.984 FaxSetup.log
08-11-2005 15:31 5.886 updspapi.log

180 bestand(en) 15.276.711 bytes
0 map(pen) 14.073.753.600 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is 20A6-741C

Map van C:\DOCUME~1\User\LOCALS~1\Temp

27-01-2006 16:54 3.008 games01.rgn
27-01-2006 16:44 3.120 auto05.rgn
27-01-2006 16:23 1.072 auto02.rgn
27-01-2006 14:19 5.936 spywareslashregion.rgn
27-01-2006 14:09 5.088 dating01.rgn
27-01-2006 14:05 374 MSIdf72f.LOG
27-01-2006 14:04 374 MSIdf72e.LOG
27-01-2006 13:59 2.928 mower.rgn
27-01-2006 13:50 1.509.364 tsinstall_4_0_4_0_b4.exe
27-01-2006 13:49 852.566 cmdinst.exe

26-01-2006 16:10 6.384 scale.rgn
26-01-2006 16:03 374 MSI625fd.LOG
26-01-2006 15:59 896 internet04.rgn
26-01-2006 15:49 6.816 shopping01.rgn
25-01-2006 14:44 624 cellphones04.rgn
25-01-2006 14:34 6.816 newsanytimeregion.rgn
25-01-2006 14:11 6.384 scale02.rgn
25-01-2006 14:01 576 travel01.rgn
25-01-2006 13:54 713 TWAIN.LOG
25-01-2006 13:54 156 Twunk001.MTX
25-01-2006 13:54 4 Twain001.Mtx
25-01-2006 13:42 4.848 porkys.rgn
25-01-2006 13:32 7.520 software01.rgn
24-01-2006 16:27 768 online_learning.rgn
24-01-2006 16:17 4.176 homes01.rgn
23-01-2006 13:58 1.536 internet01.rgn
23-01-2006 13:51 374 MSI633f4.LOG
23-01-2006 13:48 374 MSI4375f.LOG
23-01-2006 13:48 2.016 internet03.rgn
23-01-2006 13:40 374 MSIc90da.LOG
23-01-2006 13:38 1.456 jobs03.rgn
22-01-2006 16:05 800 no_popups.rgn
22-01-2006 15:55 2.832 auto03.rgn
22-01-2006 15:45 3.264 travel06.rgn
21-01-2006 15:17 3.360 software02.rgn
20-01-2006 15:13 2.464 homes03.rgn
20-01-2006 15:03 3.632 medicine02.rgn
20-01-2006 14:53 4.944 jobs02.rgn
16-01-2006 13:25 0 A4F93.dmp
16-01-2006 13:24 1.616 newspaper.rgn
13-01-2006 13:55 3.600 dating02.rgn
13-01-2006 13:27 4.960 news01.rgn
11-01-2006 14:27 1.034 wecerr.txt
09-12-2005 14:28 16.384 ~DFC2FD.tmp
08-12-2005 14:47 92.872 MSIc4a57.LOG
02-12-2005 13:48 43 removalfile.bat
25-11-2005 14:41 65.536 msn1768.fdr
14-11-2005 15:05 92.876 MSIe5ec6.LOG
14-11-2005 15:04 92.876 MSIe5ec5.LOG
08-11-2005 15:42 16.384 ~DFBFD4.tmp
08-11-2005 15:29 16.384 ~DF1C6C.tmp
336 bestand(en) 82.572.552 bytes
0 map(pen) 14.073.765.888 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is 20A6-741C

Map van C:\

27-01-2006 17:04 0 sys.txt
27-01-2006 17:04 9.344 system.txt
27-01-2006 17:04 17.027 systemtemp.txt
27-01-2006 17:04 92.672 system32.txt
27-01-2006 17:00 267.964.416 hiberfil.sys
27-01-2006 17:00 402.653.184 pagefile.sys
27-01-2006 16:58 194 boot.ini
27-01-2006 14:16 17.918 hpfr3425.log
27-01-2006 14:16 519 hpfr3420.xml
27-12-2005 14:50 205.532 install.exe
23 bestand(en) 672.192.083 bytes
0 map(pen) 14.073.753.600 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is 20A6-741C

Map van C:\WINDOWS\system32

27-01-2006 17:02 237.074 guard.tmp
27-01-2006 17:00 4.452 nvapps.xml
27-01-2006 17:00 237.074 mvang.dll
27-01-2006 17:00 233.420 hr4o05h3e.dll
27-01-2006 16:13 237.074 lv8m09l1e.dll

26-01-2006 15:39 13.646 wpa.dbl
13-01-2006 13:06 687.592 atmtd.dll
13-01-2006 13:06 687.592 atmtd.dll._

02-01-2006 15:21 1.632 d3d8caps.dat
23-12-2005 13:19 0 TFTP2232
06-12-2005 20:44 33.082 exclean.exe
02-11-2005 00:44 127.574 tsuninst.exe

1897 bestand(en) 342.369.820 bytes
0 map(pen) 14.073.765.888 bytes beschikbaar

ErrorSafe ist in Holland eine ware Plage;)
__________
MfG Argus
Dieser Beitrag wurde am 28.01.2006 um 00:43 Uhr von Arnold editiert.
Seitenanfang Seitenende
28.01.2006, 17:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Formatieren waere vernuenftiger lol

Gehe in die Registry
Start-->Ausfuehren--> regedit
bearbeiten--> suchen--> CMDSERVICE

Klicke auf Bearbeiten -- Berechtigung und klicke dann auf Vollzugriff -- [Übernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlüssel und versuche diesen zu löschen.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

----------------------------------------------------------------------------
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.971searchbox.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.971searchbox.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban3.exe
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKCU\..\Run: [iuwr] C:\PROGRA~1\COMMON~1\iuwr\iuwrm.exe

O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c267.cab

O20 - Winlogon Notify: fccdd - fccdd.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\j00s0ad7ed0.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXVzdGVycw\command.exe (file missing)
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

C:\WINDOWS\winsysupd31.dat
C:\WINDOWS\winsysupd21.dat
C:\WINDOWS\myupdates.dat
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\myupdates1.dat
C:\WINDOWS\winsysupd1.dat
C:\WINDOWS\enewsletterpro1.dat
C:\WINDOWS\timessquare1.dat
C:\WINDOWS\drsmartloadb1.dat

C:\WINDOWS\uninstall_nmon.vbs

C:\windows\winsysupd3.exe
C:\windows\winsysban3.exe
c:\windows\myupdates.exe
C:\WINDOWS\ulead32.ini
C:\WINDOWS\Pex.INI
C:\WINDOWS\teller2.chk

C:\Program Files\Common Files\iuwr
C:\WINDOWS\TXVzdGVycw
C:\Program Files\Network Monitor\netmon.exe

C:\DOCUME~1\User\LOCALS~1\Temp\games01.rgn
C:\DOCUME~1\User\LOCALS~1\Temp\auto05.rgn
C:\DOCUME~1\User\LOCALS~1\Temp\auto02.rgn
C:\DOCUME~1\User\LOCALS~1\Temp\spywareslashregion.rgn
C:\DOCUME~1\User\LOCALS~1\Temp\dating01.rgn
C:\DOCUME~1\User\LOCALS~1\Temp\MSIdf72f.LOG
C:\DOCUME~1\User\LOCALS~1\Temp\MSIdf72e.LOG
C:\DOCUME~1\User\LOCALS~1\Temp\mower.rgn
C:\DOCUME~1\User\LOCALS~1\Temp\tsinstall_4_0_4_0_b4.exe
C:\DOCUME~1\User\LOCALS~1\Temp\cmdinst.exe

C:\install.exe
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\mvang.dll
C:\WINDOWS\system32\hr4o05h3e.dll
C:\WINDOWS\system32\lv8m09l1e.dll
C:\WINDOWS\system32\j00s0ad7ed0.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\TFTP2232
C:\WINDOWS\system32\exclean.exe
C:\WINDOWS\system32\tsuninst.exe

PC neustarten--> in den abgesicherten Modus

loesche:
C:\Program Files\Common Files\iuwr
C:\WINDOWS\TXVzdGVycw
C:\Program Files\Network Monitor

deinstallieren, dann loeschen:
C:\Program Files\BullsEye Network
C:\Program Files\NaviSearch
C:\Program Files\TheSearchAccelerator
C:\Program Files\Freeprod Toolbar

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

stelle den Cleaner
genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

scanne mit Spysweeper (trial)
http://virus-protect.org/spysweeper.html

--------------------------------------------------------------------------

L2mfix --> arbeite das Option 1 ab poste den scanreport
http://virus-protect.org/l2mfix.html

-------------------------------------------------------------------------
Download Registry Search by Bobbi Flekman
http://www.bleepingcomputer.com/files/regsearch.php
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Local Security Authority Subsystem Service

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

Network Monitor

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.


in: "Enter search strings" (reinschreiben oder reinkopieren)

Command Service

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.01.2006, 22:27
Ehrenmitglied
Themenstarter
Avatar Argus

Beiträge: 6028
#3 Ich danke dir für Deine Antwort,es wird wohl Format werden
Hab Montag ein Fest,Dienstag bin ich krank und Mittwoch hab ich Kopfweh!lol

Anhang:

__________
MfG Argus
Seitenanfang Seitenende
28.01.2006, 22:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 oh je... und meine schoene...ganze Arbeit , die ich mir gemacht habe ?????? lol
Und den Kuchen kann ich auch nicht essen...das ist g e m e i n lol
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.02.2006, 11:56
Ehrenmitglied
Themenstarter
Avatar Argus

Beiträge: 6028
#5 Gratuliere Sabina
Ich habs doch so gemacht wie beschrieben und der Rechner ist wieder TipTop:yo
Ich habe zusetzlich auch noch CounterSpy und Spybot s&d laufen lassen
Mein Nachbar (er ist 78) ist jetzt wieder froh ;)
Dieser Infektion bekam er beim installieren von Internetz durch ein "Fachman" vom Provider
Als dank bekam ich eine flasche mit Holländischer Jenever,aber du weisst ja dass ich kein Alcohol trinke lol


__________
MfG Argus
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: