Irgendwelche komischen programme im task manager |
||
---|---|---|
#0
| ||
13.02.2006, 21:33
...neu hier
Beiträge: 9 |
||
|
||
13.02.2006, 21:40
Moderator
Beiträge: 6466 |
#2
Dateinamen ohne die Pfade bringen in puncto Malware herzlich wenig.
Zur Recherche von Dateinamen: http://sysinfo.org/startuplist.php http://www.spywaredata.com/spyware/search/index.php http://www.dateiname.info/ oder www.google.de Wenn Du Dir nicht im Klaren bist, ob evtl eine Datei schadhaft ist: Hier prόfen. http://virusscan.jotti.org/de/ (gkcjs.exe solltest Du evtl. mal prόfen) __________ Durchsuchen --> Aussuchen --> Untersuchen |
|
|
||
14.02.2006, 13:03
Ehrenmitglied
Beiträge: 29434 |
#3
ener
Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es φffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfόgen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.02.2006, 15:40
...neu hier
Themenstarter Beiträge: 9 |
#4
Okay hab ich gemacht hier hab ihr den log:
Logfile of HijackThis v1.99.1 Scan saved at 15:39:40, on 14.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\mwyynnz.exe C:\WINDOWS\system32\RunDll32.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\all32.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\Dit.exe C:\Programme\Razer\Copperhead\razerhid.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\Razer\Copperhead\razerofa.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\alg.exe C:\Programme\ArcorOnline\Arcor.exe C:\Programme\Team_RC2\TeamSpeak.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Besitzer\Desktop\Neuer Ordner\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finding.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - (no file) O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Programme\GMX\GMX Toolbar\toolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [l33t32] C:\WINDOWS\system32\all32.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [eqrciom] C:\WINDOWS\system32\mwyynnz.exe r O4 - HKCU\..\Run: [l33t32] C:\WINDOWS\system32\all32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: palstart.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119CUDE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Dokumente und Einstellungen\Besitzer\Desktop\Fόr Gφbel\massdown.exe (file missing) O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Dokumente und Einstellungen\Besitzer\Desktop\Fόr Gφbel\massdown.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: PicGrab - {9AA2562D-2F30-4EEC-B9FF-DF075521E52F} - C:\Programme\PicGrab\iestarter.exe (file missing) (HKCU) O9 - Extra button: (no name) - {E1052D1D-8639-48AA-BEC0-D5CD71E53D6A} - C:\Programme\PicGrab\iestarter.exe (file missing) (HKCU) O9 - Extra 'Tools' menuitem: &PicGrab starten - {E1052D1D-8639-48AA-BEC0-D5CD71E53D6A} - C:\Programme\PicGrab\iestarter.exe (file missing) (HKCU) O16 - DPF: {30000279-4144-4DD4-BE4F-6889D1E74167} - http://st.bestoffersnetworks.com/download/scm/smiley.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1124.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128429616328 O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128429684265 O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C1219870-6ED9-4BF1-B208-9F705A8DF40F}: NameServer = 195.50.140.252 195.50.140.114 O18 - Protocol: bw+0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing) O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
||
14.02.2006, 16:01
Ehrenmitglied
Beiträge: 29434 |
#5
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.02.2006, 19:37
...neu hier
Themenstarter Beiträge: 9 |
#6
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1CED-9894 Verzeichnis von C:\WINDOWS\system32 14.02.2006 13:28 35.876 vsconfig.xml 14.02.2006 09:11 8.192 Thumbs.db 09.02.2006 11:50 383.168 perfh009.dat 09.02.2006 11:50 54.150 perfc009.dat 09.02.2006 11:50 394.276 perfh007.dat 09.02.2006 11:50 65.280 perfc007.dat 09.02.2006 11:50 795.640 PerfStringBackup.INI 06.02.2006 07:04 5.416 d3d9caps.dat 29.01.2006 16:38 2.206 wpa.dbl 26.01.2006 14:49 22 w_madriver.dll 24.01.2006 13:56 34.308 BASSMOD.dll 18.01.2006 19:45 3.069 jupdate-1.5.0_02-b09.log 18.01.2006 13:05 57.344 avsda.dll 06.01.2006 12:41 47.104 KMVIDC32.DLL 05.01.2006 04:41 2.836.320 MRT.exe 02.01.2006 18:36 304 l.dat 02.01.2006 18:36 134 se.dat 02.01.2006 18:36 3 pp.dat 02.01.2006 18:36 324 dp.dat 02.01.2006 18:36 176 st.dat 29.12.2005 03:54 280.064 gdi32.dll 23.12.2005 06:38 50.960 ust.exe 22.12.2005 21:44 39 TEVPXCW60.DLL 14.12.2005 09:24 118.784 sirenacm.dll 08.12.2005 16:11 28 mcheck.mhf 05.12.2005 06:12 61.440 pxhpinst.exe 03.12.2005 12:23 36.864 frapsvid.dll 01.12.2005 23:59 2.277.888 TUKernel.exe 01.12.2005 09:52 1.147.384 FNTCACHE.DAT 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 13:39 4.212 zllictbl.dat 24.11.2005 06:52 130 Log.inf 24.11.2005 06:52 65.536 DVDKeyAuth.dll 24.11.2005 06:48 78.896 GEARASPI.DLL 24.11.2005 00:58 3.013.632 mshtml.dll 24.11.2005 00:58 1.022.464 browseui.dll 15.11.2005 00:51 71.440 zlcommdb.dll 15.11.2005 00:51 79.624 zlcomm.dll 15.11.2005 00:51 100.104 vsxml.dll 15.11.2005 00:51 382.728 vsutil.dll 15.11.2005 00:51 71.440 vsregexp.dll 15.11.2005 00:50 227.088 vspubapi.dll 15.11.2005 00:50 104.208 vsmonapi.dll 15.11.2005 00:50 141.064 vsinit.dll 15.11.2005 00:50 372.816 vsdatant.sys 15.11.2005 00:50 83.720 vsdata.dll 15.11.2005 00:34 54.960 vsutil_loc0407.dll 06.11.2005 13:22 43.520 CmdLineExt03.dll 05.11.2005 04:16 606.208 urlmon.dll 05.11.2005 04:16 1.056.256 danim.dll 04.11.2005 19:15 740 keytxt 04.11.2005 18:34 21.504 DrunkMouse.exe 04.11.2005 18:33 444.252 viagra.exe 21.10.2005 04:40 664.064 wininet.dll 21.10.2005 04:40 474.112 shlwapi.dll 21.10.2005 04:40 530.944 mstime.dll 21.10.2005 04:40 146.432 msrating.dll 21.10.2005 04:40 39.424 pngfilt.dll 21.10.2005 04:40 448.512 mshtmled.dll 21.10.2005 04:40 96.768 inseng.dll 21.10.2005 04:40 251.392 iepeers.dll 21.10.2005 04:40 55.808 extmgr.dll 21.10.2005 04:40 152.064 cdfview.dll 21.10.2005 04:40 205.312 dxtrans.dll 20.10.2005 23:25 1.094.144 esent.dll 17.10.2005 22:20 118.272 t2embed.dll 17.10.2005 22:20 80.896 fontsub.dll 13.10.2005 17:12 2.368 SVKP.sys 13.10.2005 00:11 15.584 spmsg.dll 10.10.2005 10:12 247 spupdwxp.log |
|
|
||
15.02.2006, 00:00
Ehrenmitglied
Beiträge: 29434 |
#7
ener
schrieb ich nicht was von 4 Textdateien ??????????? Verzeichnis von C:\WINDOWS\system32 Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp Verzeichnis von C:\WINDOWS Verzeichnis von C:\ + poste das Log von Winpfind Winpfind http://virus-protect.org/winpfind.html Info: Aurora,SAHAgent,nail.exe http://virus-protect.org/artikel/spyware/nail.html -------------------------------------------------------------------- @Hallo ..Halliahlloooooooooooo joschi __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2006, 09:19
...neu hier
Themenstarter Beiträge: 9 |
#8
Hier hast du noch die restlichen daten von mir sorry deswegen.
Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1CED-9894 Verzeichnis von C:\DOKUME~1\Besitzer\LOKALE~1\Temp 15.02.2006 08:55 54.970 Zwei Minuten Zeit.pdf 15.02.2006 08:50 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}17838.html 15.02.2006 08:50 16.384 ~DF5985.tmp 15.02.2006 08:50 16.384 ~DF4FF9.tmp 15.02.2006 08:50 512 ~DF500A.tmp 15.02.2006 08:49 16.384 ~DF5B6D.tmp 15.02.2006 08:48 16.384 Perflib_Perfdata_1cc.dat 15.02.2006 08:48 16.384 Perflib_Perfdata_264.dat 15.02.2006 08:46 206 jusched.log 9 Datei(en) 138.591 Bytes 0 Verzeichnis(se), 100.271.636.480 Bytes frei olume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1CED-9894 Verzeichnis von C:\WINDOWS 15.02.2006 09:05 45 AFDGHILP.ini 15.02.2006 08:49 1.487.564 WindowsUpdate.log 15.02.2006 08:49 0 0.log 15.02.2006 08:46 2.048 bootstat.dat 15.02.2006 00:31 32.568 SchedLgU.Txt 15.02.2006 00:13 736.096 setupapi.log 14.02.2006 20:51 54.156 QTFont.qfn 14.02.2006 19:08 116 NeroDigital.ini 14.02.2006 19:07 52.736 Thumbs.db 14.02.2006 19:01 245.760 Setup1.exe 14.02.2006 19:00 73.216 ST6UNST.EXE 14.02.2006 15:41 4.392 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 14.02.2006 15:41 2.412 ModemLog_Sony Ericsson 750 USB WMC Data Modem.txt 14.02.2006 15:41 2.402 ModemLog_Sony Ericsson 750 USB WMC Modem.txt 14.02.2006 13:47 287.996 setupact.log 13.02.2006 00:52 92 CMISETUP.INI 13.02.2006 00:52 26 CMCDPLAY.INI 13.02.2006 00:52 736 setup.ini 13.02.2006 00:52 0 wininit.ini 11.02.2006 13:33 663 win.ini 11.02.2006 05:05 1.409 QTFont.for 09.02.2006 11:54 2.894 COM+.log 09.02.2006 11:50 216.230 DirectX.log 06.02.2006 06:56 720.896 iun6002ev.exe 06.02.2006 05:59 50 wiaservc.log 06.02.2006 05:59 157 wiadebug.log 04.02.2006 18:02 107.132 UninstallFirefox.exe 04.02.2006 18:02 6.322 mozver.dat 04.02.2006 16:27 0 [INI] 30.01.2006 23:43 185.989 wmsetup.log 26.01.2006 14:45 34 cdplayer.ini 18.01.2006 20:54 16.684 appleJuice Uninstall Log.txt 18.01.2006 19:47 37.924 appleJuice Setup Log.txt 18.01.2006 11:41 122.535 RSEDNClientUninstaller.exe 14.01.2006 13:12 536.432.640 MEMORY.DMP 11.01.2006 06:42 70.175 iis6.log 11.01.2006 06:42 141.570 comsetup.log 11.01.2006 06:42 84.117 ntdtcsetup.log 11.01.2006 06:42 188.108 tsoc.log 11.01.2006 06:42 16.909 ocmsn.log 11.01.2006 06:42 1.374 imsins.log 11.01.2006 06:42 10.120 KB908519.log 11.01.2006 06:42 259.264 ocgen.log 11.01.2006 06:42 24.057 msgsocm.log 11.01.2006 06:42 462.675 FaxSetup.log 06.01.2006 09:20 316.640 WMSysPr9.prx 06.01.2006 03:05 1.355 imsins.BAK 06.01.2006 03:05 13.588 KB912919.log 06.01.2006 03:05 28.817 updspapi.log 02.01.2006 14:49 283 game.ini 22.12.2005 23:49 38 iltwain.ini 22.12.2005 21:44 39 TDEVXCW60.DLL 19.12.2005 15:13 118.784 bwUnin-7.2.0.137-8876480SL.exe 19.12.2005 15:12 179 LDM.log 19.12.2005 15:12 86 KE.log 19.12.2005 03:57 7.136 Windows Update.log 14.12.2005 22:11 10.407 KB910437.log 14.12.2005 22:11 16.299 KB905915.log 02.12.2005 15:57 262 nsw.log 29.11.2005 21:50 737.280 iun6002.exe 28.11.2005 15:26 45 AFDGHIL.ini 24.11.2005 06:52 213.054 GSetup.exe 15.11.2005 18:46 186 WSST_Screen_Saver.ini 15.11.2005 01:10 151 PhotoSnapViewer.INI 14.11.2005 15:02 11.855 KB896424.log 13.11.2005 00:59 220 NetOp.INI 07.11.2005 16:54 1.125 winamp.ini 05.11.2005 18:50 400 ODBC.INI 05.11.2005 01:19 227 system.ini 21.10.2005 01:50 111 gfscore.ini 19.10.2005 15:01 26.656 KB900725.log 19.10.2005 15:01 19.277 KB896688.log 19.10.2005 15:00 19.376 KB904706.log 19.10.2005 15:00 17.186 KB905414.log 19.10.2005 15:00 16.572 KB901017.log 19.10.2005 15:00 21.913 KB902400.log 14.10.2005 21:08 14.015 KB905749.log 13.10.2005 18:16 16.195 Paltalk Messenger Setup Log.txt 10.10.2005 12:20 380 wmsetup10.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1CED-9894 Verzeichnis von C:\ 15.02.2006 09:06 0 sys.txt 15.02.2006 09:06 10.813 system.txt 15.02.2006 09:06 773 systemtemp.txt 15.02.2006 09:06 119.042 system32.txt 15.02.2006 08:46 805.306.368 pagefile.sys 07.02.2006 10:40 125 ioSpecial.ini 27.01.2006 12:47 9.773.612 16_Der kleine Nils - Geldbrse - (alben-dreams_dl_am).wav 27.01.2006 12:46 11.877.164 15_Der kleine Nils - Kita GoGo - (alben-dreams_dl_am).wav 27.01.2006 12:46 13.605.164 14_Der kleine Nils - Sixt suft ab - (alben-dreams_dl_am).wav 27.01.2006 12:46 23.754.284 13_Der kleine Nils - Denkmal-Daniel - (alben-dreams_dl_am).wav 27.01.2006 12:46 27.712.556 12_Der kleine Nils - Horror-Babysitter - (alben-dreams_dl_am).wav 27.01.2006 12:46 28.408.364 11_Der kleine Nils - Colorhund - (alben-dreams_dl_am).wav 27.01.2006 12:45 26.777.132 10_Der kleine Nils - O2 Gesprchsblasen - (alben-dreams_dl_am).wav 18.01.2006 11:41 3.011 installer.txt 01.12.2005 23:59 389 boot.ini 13.10.2005 18:31 44 001_[ICY 200 OK] http___avan-design_de_9000_.wav 13.10.2005 18:31 44 001_[Connecting] http___avan-design_de_9000_.wav 10.10.2005 09:45 47.564 NTDETECT.COM 15.09.2005 18:54 696.320 StubInstaller.exe 31.08.2005 11:53 206 Verknpfung mit CD-Laufwerk.lnk 12.08.2005 23:47 251.184 ntldr 18.07.2005 10:05 0 IO.SYS 18.07.2005 10:05 0 CONFIG.SYS 18.07.2005 10:05 0 AUTOEXEC.BAT 18.07.2005 10:05 0 MSDOS.SYS 20.04.2004 15:17 1.290.170 duck.wav 02.04.2003 13:00 4.952 bootfont.bin 27 Datei(en) 949.639.281 Bytes 0 Verzeichnis(se), 100.271.620.096 Bytes frei |
|
|
||
15.02.2006, 11:15
Ehrenmitglied
Beiträge: 29434 |
#9
ener
laden und entzippen: http://virus-protect.org/reg/a.zip --> a.reg--> auf dem Desktop entpacken ------------------------------------------------------------------------------- Start- Ausfuehren - regedit bearbeiten--> suchen---> SVCPROC Nail.exe HKEY_LOCAL_MACHINE - Software - Microsoft Windows NT - CurrentVersion -Winlogon Shell = "explorer.exe C:\WINDOWS\Nail.exe <---lφschen HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCPROC HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SvcProc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ {22131A58-5F9A-3EAA-28A7-C3059A3D0632} Sollte man Probleme haben, die Eintrδge zu lφschen Klicke auf Bearbeiten--Berechtigung und klicke dann auf Vollzugriff --[άbernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlόssel und versuche diesen zu lφschen. ---------------------------------------------------------------------------------- φffne das HijackThis -- Button "scan" -- vor die Malware-Eintrδge Hδkchen setzen -- Button "Fix checked" F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: (no name) - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - (no file) O4 - HKLM\..\Run: [l33t32] C:\WINDOWS\system32\all32.exe O4 - HKLM\..\Run: [eqrciom] C:\WINDOWS\system32\mwyynnz.exe r O4 - HKCU\..\Run: [l33t32] C:\WINDOWS\system32\all32.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119CUDE O16 - DPF: {30000279-4144-4DD4-BE4F-6889D1E74167} - http://st.bestoffersnetworks.com/download/scm/smiley.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab ---------------------------------------------------------------------------------- KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nδchste rein, erst beim letzten auf "yes" reinkopieren: ............ C:\StubInstaller.exe C:\WINDOWS\system32\keytxt C:\WINDOWS\system32\DrunkMouse.exe C:\WINDOWS\system32\viagra.exe C:\WINDOWS\system32\l.dat C:\WINDOWS\system32\se.dat C:\WINDOWS\system32\pp.dat C:\WINDOWS\system32\dp.dat C:\WINDOWS\system32\st.dat C:\WINDOWS\system32\ust.exe C:\WINDOWS\system32\all32.exe C:\WINDOWS\system32\TEVPXCW60.DLL C:\WINDOWS\system32\w_madriver.dll C:\WINDOWS\System32\DRPMON.DLL C:\WINDOWS\svcproc.exe c:\eied_s7.cab C:\WINDOWS\Nail.exe Computer in den abgesicherten Modus neustarten (F8 beim Starten drόcken). Die Datei "a.reg" auf dem Desktop doppelklicken und mit "ja" bestaetigen, dass sie der Registry beigefuegt wird. ----------------------------------------------------------------------------------- deinstalliere: Red Swoosh C:\Programme\rsnet\rsednclient.exe C:\Programme\rsnet\rsednclientuninstaller.exe C:\Programme\rsnet\clientcorelib-1.010-4279.dll C:\Programme\rsnet\clientcorelib-1.014-4316.dll C:\Programme\rsnet\clientcorelib-1.010-4279.dll C:\Programme\rsnet\clientcorelib-1.014-4316.dll C:\Programme\rsnet\install.ini C:\Programme\rsnet C:\WINDOWS\RSEDNClientUninstaller.exe Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden fόr: *Ignore *Remove *Quarantaine wδhle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2006, 13:25
...neu hier
Themenstarter Beiträge: 9 |
#10
I ch kann mir dem abiremocer nirgens herunterladen alle beiden links gehen nicht leider
|
|
|
||
15.02.2006, 13:38
Ehrenmitglied
Beiträge: 29434 |
#11
nun, ich bin auch erstaunt, aber wahrscheinlich erkennen alle virenscanner inzwischen den nail-Virus.
Arbeite also alles weitere ab und scanne mit Counterspy und poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2006, 19:24
...neu hier
Themenstarter Beiträge: 9 |
#12
Spyware Scan Details
Start Date: 15.02.2006 15:25:49 End Date: 15.02.2006 18:40:54 Total Time: 3 hrs 15 mins 5 secs Detected spyware Paltalk Low Risk Adware more information... Details: Paltalk is an advertising-supported instant messaging client. Status: Deleted Infected files detected c:\programme\paltalk messenger\ctrlkey.dll c:\programme\paltalk messenger\efax3.ico c:\programme\paltalk messenger\ftpclient.dll c:\programme\paltalk messenger\irunin.bmp c:\programme\paltalk messenger\irunin.dat c:\programme\paltalk messenger\irunin.ini c:\programme\paltalk messenger\irunin.lng c:\programme\paltalk messenger\license.txt c:\programme\paltalk messenger\palsound.dll c:\programme\paltalk messenger\paltalk.exe c:\programme\paltalk messenger\paltextctl.dll c:\programme\paltalk messenger\upgrade.ico c:\programme\paltalk messenger\vonage.ico c:\programme\paltalk messenger\webvideo.dll c:\programme\paltalk messenger\receivedfiles\brq.txt c:\dokumente und einstellungen\besitzer\startmenό\paltalk.lnk c:\windows\paltalk messenger setup log.txt C:\Dokumente und Einstellungen\All Users\Startmenό\Programme\Autostart\palstart.exe C:\WINDOWS\pss\palstart.exeCommon Startup Infected registry entries detected HKEY_CURRENT_USER\Software\PalTalk HKEY_CURRENT_USER\Software\PalTalk Installer C:\Dokumente und Einstellungen\Besitzer\Desktop\pal_install_qt_r4802.exe HKEY_CURRENT_USER\Software\PalTalk InstallerDesktop C:\Dokumente und Einstellungen\Besitzer\Desktop HKEY_CURRENT_USER\Software\PalTalk InstallerAppDir C:\Programme\Paltalk Messenger HKEY_CURRENT_USER\Software\PalTalk cur_build 104 HKEY_CURRENT_USER\Software\PalTalk PALWND_LEFT 782 HKEY_CURRENT_USER\Software\PalTalk PALWND_TOP 72 HKEY_CURRENT_USER\Software\PalTalk PALWND_HEIGHT 565 HKEY_CURRENT_USER\Software\PalTalk PALWND_WIDTH 242 HKEY_CURRENT_USER\Software\PalTalk noautostart 0 AntiLeech Plugin Adware more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Deleted Infected files detected c:\programme\anti-leech\alie_1.0.2.2\al2np.dll c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe c:\programme\anti-leech\alie_1.0.2.2\alie.dll c:\programme\anti-leech\alie_1.0.2.2\alie.inf c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe c:\programme\anti-leech\alnn\al2np.dll c:\programme\anti-leech\alnn\alhlp.exe c:\programme\anti-leech\alnn\npalnn.dll c:\programme\anti-leech\alnn\setup2.exe C:\Programme\Mozilla Firefox\ALNN\al2np.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.2\alie.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.2.2\iesetup2.exe uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u NetPumper Adware Bundler more information... Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo qUtugvKIWu93mMjoMlrHw7SuGnv00G6Lgm4XQUf3fIHPXguR-tkpMU22V0izWTdekkU0tVg4Y85YSnDMZ7ykF53Ln7f-fhu4j0on y8eRCXoFwrS9d6PiGR4JqU8EoEdslj3Dwcju40stxe+LtRMCtOpQpWKMJtVNYVo5wQ-UvWqxXhDKvCK+2Vfe5l08mn15E4nQaa-C4UQc HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage Misc.WinSoftware.ErrorSafe Misc more information... Details: ErrorSafe is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan. Status: Deleted Infected files detected C:\WINDOWS\system32\drivers\erssdd.sys Infected registry entries detected HKEY_LOCAL_MACHINE\Software\ErrorSafe HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck\CLSID {5284AC2A-EF00-4750-9B82-B5B907D26536} HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck\CurVer ESSPCheck.ESSPCheck.1 HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck WFX5PCheck Class HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1 HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1\CLSID {5284AC2A-EF00-4750-9B82-B5B907D26536} HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1 WFX5PCheck Class HKEY_CURRENT_USER\Software\ErrorSafe HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536} HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\ProgID ESSPCheck.ESSPCheck.1 HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\VersionIndependentProgID ESSPCheck.ESSPCheck HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536} WFX5PCheck Class Morpheus P2P more information... Details: P2P file sharing program that installs a number of spyware Thread. Morpheus also displays its own popup advertsing. Status: Deleted Infected files detected c:\programme\morpheus\bittorrent_license.txt c:\programme\morpheus\python23.zip c:\programme\morpheus\python_license.txt c:\programme\morpheus\select.pyd c:\programme\morpheus\zlib.pyd c:\programme\morpheus\_socket.pyd c:\programme\morpheus\_sre.pyd Infected registry entries detected HKEY_CURRENT_USER\Software\Morpheus HKEY_CURRENT_USER\Software\Morpheus\GUI\SearchRecent dolly buster dolly buster HKEY_CURRENT_USER\Software\Morpheus\GUI\SearchRecent gta san andreas gta san andreas HKEY_CURRENT_USER\Software\Morpheus\GUI CloseOnExit 1 HKEY_CURRENT_USER\Software\Morpheus\GUI PlayListShuffle 0 HKEY_CURRENT_USER\Software\Morpheus\GUI PlayListRepeat 0 HKEY_CURRENT_USER\Software\Morpheus\GUI VideoShuffle 0 HKEY_CURRENT_USER\Software\Morpheus\GUI VideoRepeat 0 HKEY_CURRENT_USER\Software\Morpheus\Location Country HKEY_CURRENT_USER\Software\Morpheus\Location City HKEY_CURRENT_USER\Software\Morpheus\morphtorrent .torrent Handler bittorrent HKEY_CURRENT_USER\Software\Morpheus\morphtorrent .torrent Type 0 HKEY_CURRENT_USER\Software\Morpheus TryToUseUPNP 0 HKEY_CURRENT_USER\Software\Morpheus SearchIconSpinTimeout 120000 HKEY_CURRENT_USER\Software\Morpheus MQ_G2Net 5 HKEY_CURRENT_USER\Software\Morpheus MQ_GnutellaNet 5 HKEY_CURRENT_USER\Software\Morpheus MQ_NeoNet 3 HKEY_CURRENT_USER\Software\Morpheus MQ_UnknownNet 10 HKEY_CURRENT_USER\Software\Morpheus IconCacheLocation IconCache\ HKEY_CURRENT_USER\Software\Morpheus First_Run 100 HKEY_CURRENT_USER\Software\Morpheus allowmaximizewhenopen 1 HKEY_CURRENT_USER\Software\Morpheus SearchToolTip 0 HKEY_CURRENT_USER\Software\Morpheus PlayStartupSound 1 HKEY_CURRENT_USER\Software\Morpheus RunOnStartup 0 HKEY_CURRENT_USER\Software\Morpheus TrayOnMinimize 1 HKEY_CURRENT_USER\Software\Morpheus TrayOnClose 0 HKEY_CURRENT_USER\Software\Morpheus ClearSearchHistoryOnExit 0 HKEY_CURRENT_USER\Software\Morpheus enablesearchhistory 1 HKEY_CURRENT_USER\Software\Morpheus NoBannerVerionDownloadStarted 0 HKEY_CURRENT_USER\Software\Morpheus ShowSearchesInHome 0 HKEY_CURRENT_USER\Software\Morpheus SetExtAssociation 0 HKEY_CURRENT_USER\Software\Morpheus UseProxyForDownload 0 HKEY_CURRENT_USER\Software\Morpheus DefaultProxy HKEY_CURRENT_USER\Software\Morpheus ChatColorScheme 2 HKEY_CURRENT_USER\Software\Morpheus PaidVerExeName HKEY_CURRENT_USER\Software\Morpheus IsWipeUsed 0 HKEY_CURRENT_USER\Software\Morpheus AutoupdateWebCache 0 HKEY_CURRENT_USER\Software\Morpheus WebCacheURL HKEY_CURRENT_USER\Software\Morpheus NodeCapability 1 HKEY_CURRENT_USER\Software\Morpheus NodeCapabilityG2 6 HKEY_CURRENT_USER\Software\Morpheus MaxPaidResults 5 HKEY_CURRENT_USER\Software\Morpheus BTUpCount 0 HKEY_CURRENT_USER\Software\Morpheus BTBUpload 0 HKEY_CURRENT_USER\Software\Morpheus BTUpCountEnable 0 HKEY_CURRENT_USER\Software\Morpheus BTBUploadEnable 0 HKEY_CURRENT_USER\Software\Morpheus BTLowerPortEnable 1 HKEY_CURRENT_USER\Software\Morpheus BTLowerPort 29589 HKEY_CURRENT_USER\Software\Morpheus BTHighPort 29686 HKEY_CURRENT_USER\Software\Morpheus OpenwithinMorpheus 1 HKEY_CURRENT_USER\Software\Morpheus ClearVideoHistoryonStart 0 HKEY_CURRENT_USER\Software\Morpheus ClearAudioHistoryonStart 0 HKEY_CURRENT_USER\Software\Morpheus HandleMagnet 1 HKEY_CURRENT_USER\Software\Morpheus HandleTorrent 1 HKEY_CURRENT_USER\Software\Morpheus HandleMagnetDontShow 1 HKEY_CURRENT_USER\Software\Morpheus HandleTorrentDontShow 0 HKEY_CURRENT_USER\Software\Morpheus PRCode 0 HKEY_CURRENT_USER\Software\Morpheus CurName -1 HKEY_CURRENT_USER\Software\Morpheus PRPassword HKEY_CURRENT_USER\Software\Morpheus SkinPath HKEY_CURRENT_USER\Software\Morpheus MoreSearchID 0 HKEY_CLASSES_ROOT\AppID\{EA7AA9FF-166A-4C5A-8569-963DE41AAC74} HKEY_CLASSES_ROOT\AppID\{EA7AA9FF-166A-4C5A-8569-963DE41AAC74} M5Shell HKEY_CLASSES_ROOT\AppID\M5Shell.DLL HKEY_CLASSES_ROOT\AppID\M5Shell.DLL AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74} WhenU.SaveNow Adware more information... Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior. Status: Deleted Infected files detected c:\programme\save\saveupdate.exe c:\programme\save\acm.dll Infected registry entries detected HKEY_CLASSES_ROOT\ACM.ACMFactory HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\PROGRA~1\Save\ACM.dll HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1 HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\PROGRA~1\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\PROGRA~1\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ABetterInternet.Aurora Adware more information... Details: Opens popups on the desktop based on site visit history; may disable or uninstall other software; denies uninstallation Status: Deleted Infected files detected c:\windows\nail.exe C:\WINDOWS\boncpar.htm Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon Driver DrPMon.dll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc DisplayName System Startup Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16 HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 0 HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1 HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0 HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 0 HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 0 HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 0 HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 0 HKEY_CURRENT_USER\software\aurora auc3u5rrentsmode HKEY_CURRENT_USER\software\aurora aue3v5nt HKEY_CURRENT_USER\software\aurora aui3d5ofsinst HKEY_CURRENT_USER\software\aurora aui3g5nores HKEY_CURRENT_USER\software\aurora aui3n5progsex HKEY_CURRENT_USER\software\aurora aus3t5icky1s HKEY_CURRENT_USER\software\aurora aus3t5icky2s HKEY_CURRENT_USER\software\aurora aus3t5icky3s HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon Driver DrPMon.dll HKEY_CURRENT_USER\Software\aurora HKEY_CURRENT_USER\Software\aurora AUI3d5OfSInst {2CDD4DF8-26B9-4A7C-AFDB-E65EA7966AE8} HKEY_CURRENT_USER\Software\aurora AUs3t5icky1S lstlogdt%3D20060215%26cntp%3Dnull%26 HKEY_CURRENT_USER\Software\aurora AUs3t5icky2S fstcidt%3D1140013539058%26 HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 0 HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 0 HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 0 HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 0 HKEY_CURRENT_USER\Software\aurora AUD3s5tSSEnd ΐΐΝΜΑΐέΎά HKEY_CURRENT_USER\Software\aurora AU3N5a7tionSCode DE HKEY_CURRENT_USER\Software\aurora AUP3D5om Μ HKEY_CURRENT_USER\Software\aurora AUT3h5rshSCheckSIn 30 HKEY_CURRENT_USER\Software\aurora AUM3o5deSSync 9 HKEY_CURRENT_USER\Software\aurora AUBd2y5i23 98816 HKEY_CURRENT_USER\Software\aurora AUBd2y646 87266849 HKEY_CURRENT_USER\Software\aurora AUBd2yV3r 33554690 HKEY_CURRENT_USER\Software\aurora AURu71n3C5c5 720 HKEY_CURRENT_USER\Software\aurora AUNbC5c5 10 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0 HKEY_CURRENT_USER\Software\aurora AUAdC0u4t57D 1q500000000000000 HKEY_CURRENT_USER\Software\aurora AUAdC0u4t524h 15fu000000000000000000000000000000000000000000000000 HKEY_CURRENT_USER\Software\aurora AUAc7C0u4t57D 1q500000000000001ud000000000000 HKEY_CURRENT_USER\Software\aurora AUAc7C0u4t524h 15fu00000000000000000000000000000000000000000010h0h20000ct000000000000000000 HKEY_CURRENT_USER\Software\aurora AUB3D5om ά HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0 HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60 HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1 HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 0 HKEY_CURRENT_USER\Software\aurora AUI3g5noreS ΑΑΑά ΑΑ ΘΑΑΑΤάάΑάΑά HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc\Security Security HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc DisplayName System Startup Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Type 16 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Start 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc DisplayName System Startup Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ObjectName LocalSystem HKEY_CURRENT_USER\Software\aurora HKEY_CURRENT_USER\Software\aurora AUI3d5OfSInst {2CDD4DF8-26B9-4A7C-AFDB-E65EA7966AE8} HKEY_CURRENT_USER\Software\aurora AUs3t5icky1S lstlogdt%3D20060215%26cntp%3Dnull%26 HKEY_CURRENT_USER\Software\aurora AUs3t5icky2S fstcidt%3D1140013539058%26 HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 0 HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 0 HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 0 HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 0 HKEY_CURRENT_USER\Software\aurora AUD3s5tSSEnd ΐΐΝΜΑΐέΎά HKEY_CURRENT_USER\Software\aurora AU3N5a7tionSCode DE HKEY_CURRENT_USER\Software\aurora AUP3D5om Μ HKEY_CURRENT_USER\Software\aurora AUT3h5rshSCheckSIn 30 HKEY_CURRENT_USER\Software\aurora AUM3o5deSSync 9 HKEY_CURRENT_USER\Software\aurora AUBd2y5i23 98816 HKEY_CURRENT_USER\Software\aurora AUBd2y646 87266849 HKEY_CURRENT_USER\Software\aurora AUBd2yV3r 33554690 HKEY_CURRENT_USER\Software\aurora AURu71n3C5c5 720 HKEY_CURRENT_USER\Software\aurora AUNbC5c5 10 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0 HKEY_CURRENT_USER\Software\aurora AUAdC0u4t57D 1q500000000000000 HKEY_CURRENT_USER\Software\aurora AUAdC0u4t524h 15fu000000000000000000000000000000000000000000000000 HKEY_CURRENT_USER\Software\aurora AUAc7C0u4t57D 1q500000000000001ud000000000000 HKEY_CURRENT_USER\Software\aurora AUAc7C0u4t524h 15fu00000000000000000000000000000000000000000010h0h20000ct000000000000000000 HKEY_CURRENT_USER\Software\aurora AUB3D5om ά HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0 HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60 HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1 HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 0 HKEY_CURRENT_USER\Software\aurora AUI3g5noreS ΑΑΑά ΑΑ ΘΑΑΑΤάάΑ άΑά HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 UninstallString C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\boncpar.htm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 DisplayName The Best Offers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 DisplayIcon C:\WINDOWS\bestoffers.ico HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 URLInfoAbout http://www.bestoffersnetworks.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Publisher The Best Offers Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 HelpLink http://www.bestoffersnetworks.com/uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Contact support@bestoffersnetworks.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 UninstallString C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\boncpar.htm HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 DisplayName The Best Offers HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 DisplayIcon C:\WINDOWS\bestoffers.ico HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 URLInfoAbout http://www.bestoffersnetworks.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 Publisher The Best Offers Network HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 HelpLink http://www.bestoffersnetworks.com/uninstall HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 Contact support@bestoffersnetworks.com HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Type 16 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Start 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc DisplayName System Startup Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ObjectName LocalSystem ABetterInternet.DrPMon Adware more information... Status: Deleted Infected files detected c:\windows\system32\drpmon.dll iSearch.DesktopSearch Spyware more information... Details: Removes the users access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe. Status: Deleted Infected files detected c:\windows\svcproc.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon Driver DrPMon.dll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc DisplayName System Startup Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16 HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 0 HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1 HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60 HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0 HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 0 HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 0 HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 0 HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 0 ABetterInternet Adware more information... Details: ABetterInternet shows advertisements based on the web pages you view and the web sites you visit. Status: Deleted Infected files detected c:\windows\bestoffers.ico c:\windows\boncpar.htm Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Contact support@bestoffersnetworks.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 HelpLink http://www.bestoffersnetworks.com/uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Publisher The Best Offers Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 URLInfoAbout http://www.bestoffersnetworks.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 DisplayIcon C:\WINDOWS\bestoffers.ico HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 DisplayName The Best Offers HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc DisplayName System Startup Service HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16 Trojan.virtual-ie.MsMovies Adware more information... Status: Deleted Infected files detected c:\windows\system32\cmd.com c:\windows\system32\netstat.com c:\windows\system32\ping.com c:\windows\system32\regedit.com c:\windows\system32\taskkill.com c:\windows\system32\tasklist.com c:\windows\system32\tracert.com Worm.Klez.e Worm more information... Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\ICQ Lite\264825179\Samuray_345892077\Computerschlaf.jpg My Way Speedbar Browser Plug-in more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} MyWebSearch Toolbar Potentially Unwanted Software more information... Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CurVer MyWebSearch.HTMLPanel.1 HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel MyWebSearch HTML Panel HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1 HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin SearchNugget Browser Plug-in more information... Details: SearchNugget is a Browser Helper Object that displays a toolbar in Internet Explorer as well as a button and changes the Internet Explorer home page. Status: Deleted Infected files detected c:\Programme\Save\ACM.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1 ACMFactory Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\PROGRA~1\Save\ACM.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\PROGRA~1\Save\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library Backdoor.Aimbot.ca Backdoor more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP DisplayName SVKP HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP Start 2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP Type 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum 0 Root\LEGACY_SVKP\0000 ABetterInternet Cookie more information... Details: ABetterInternet shows advertisements based on the web pages you view and the web sites you visit. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@abetterinternet[2].txt Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@ad.yieldmanager[2].txt Advertising.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@advertising[1].txt Anti-Leech.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@anti-leech[1].txt ABetterInternet.Aurora Cookie Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@btg.btgrab[2].txt c:\dokumente und einstellungen\besitzer\cookies\besitzer@cliks[2].txt casalemedia.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@casalemedia[2].txt CGI-Bin Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@cgi-bin[2].txt DoubleClick Cookie more information... Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@doubleclick[1].txt FastClick.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@fastclick[1].txt c:\dokumente und einstellungen\besitzer\cookies\besitzer@media.fastclick[1].txt Offeroptimizer Cookie more information... Details: Offeroptimizer is a cookie that tracks the unique visitors to a web site and their personal preferences. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@offeroptimizer[2].txt TribalFusion.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@tribalfusion[1].txt |
|
|
||
15.02.2006, 21:10
Ehrenmitglied
Beiträge: 29434 |
#13
deinstalliere Counterspy und lade ewido (scanne + poste den scanreport)
http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2006, 23:12
...neu hier
Themenstarter Beiträge: 9 |
#14
---------------------------------------------------------
ewido anti-malware - Scan Report --------------------------------------------------------- + Erstellt am: 23:11:31, 15.02.2006 + Report-Checksumme: 35222550 + Scanergebnis: HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMo -> Adware.BetterInternet : Gesδubert mit Backup HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Gesδubert mit Backup HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Gesδubert mit Backup HKU\S-1-5-21-1220945662-963894560-725345543-1003\Software\aurora -> Adware.BetterInternet : Gesδubert mit Backup HKU\S-1-5-21-1220945662-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Gesδubert mit Backup C:\WINDOWS\system32\DrPMon.dll -> Trojan.Agent.db : Gesδubert mit Backup C:\WINDOWS\system32\onhkzuw.exe -> Trojan.Agent.ay : Gesδubert mit Backup C:\!KillBox\all32.exe -> Backdoor.Y3KRat.pro.02 : Gesδubert mit Backup C:\!KillBox\DrunkMouse.exe -> Not-A-Virus.BadJoke.Win32.MovingMouse.a : Gesδubert mit Backup C:\!KillBox\svcproc.exe -> Trojan.Stervis.e : Gesδubert mit Backup :mozilla.6:C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5njh9xe6.default\cookies-1.txt -> TrackingCookie.Popularix : Gesδubert mit Backup C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@ivwbox[1].txt -> TrackingCookie.Ivwbox : Gesδubert mit Backup C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@tacoda[1].txt -> TrackingCookie.Tacoda : Gesδubert mit Backup C:\Programme\ComputerSchock\ComputerSchock.exe -> Not-A-Virus.Hoax.Win32.ComputerSchock : Gesδubert mit Backup C:\Programme\Save -> Adware.SaveNow : Gesδubert mit Backup C:\Programme\Save\store.db-> Adware.SaveNow : Gesδubert mit Backup C:\Programme\winupdates\a.zip/Setup.exe -> Worm.VB.an : Gesδubert mit Backup C:\WINDOWS\Downloaded Program Files\drsmartload100a.exe -> Downloader.Adload.j : Gesδubert mit Backup C:\WINDOWS\Downloaded Program Files\UERSU_0001_LPNetInstaller.exe-> Not-A-Virus.Downloader.Win32.Agent.d : Gesδubert mit Backup C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Gesδubert mit Backup C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Gesδubert mit Backup C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Gesδubert mit Backup ::Report Ende |
|
|
||
16.02.2006, 00:01
Ehrenmitglied
Beiträge: 29434 |
#15
scanne mit panda und kopiere den scanreport
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
gkcjs.exe
lsass.exe
service.exe
smss.exe
csrss.exe
sched.exe
jusched.exe
vsmon.exe
sploosv.exe
dil.exe
usw.
Bitte um hilfe weiss net was loss is mein rechner ist auch total langsam geworden bitte um hilfe.