Irgendwelche komischen programme im task manager

#0
13.02.2006, 21:33
...neu hier

Beiträge: 9
#1 Ich hab so daten im task drin die ich nie im leben geshen hab sowie:
gkcjs.exe
lsass.exe
service.exe
smss.exe
csrss.exe
sched.exe
jusched.exe
vsmon.exe
sploosv.exe
dil.exe
usw.
Bitte um hilfe weiss net was loss is mein rechner ist auch total langsam geworden bitte um hilfe.
Seitenanfang Seitenende
13.02.2006, 21:40
Moderator
Avatar joschi

Beiträge: 6466
#2 Dateinamen ohne die Pfade bringen in puncto Malware herzlich wenig.
Zur Recherche von Dateinamen:

http://sysinfo.org/startuplist.php
http://www.spywaredata.com/spyware/search/index.php
http://www.dateiname.info/ oder
www.google.de

Wenn Du Dir nicht im Klaren bist, ob evtl eine Datei schadhaft ist:
Hier prόfen. http://virusscan.jotti.org/de/

(gkcjs.exe solltest Du evtl. mal prόfen)
__________
Durchsuchen --> Aussuchen --> Untersuchen
Seitenanfang Seitenende
14.02.2006, 13:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#3 ener

Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es φffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfόgen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.02.2006, 15:40
...neu hier

Themenstarter

Beiträge: 9
#4 Okay hab ich gemacht hier hab ihr den log:
Logfile of HijackThis v1.99.1
Scan saved at 15:39:40, on 14.02.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\mwyynnz.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\all32.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Dit.exe
C:\Programme\Razer\Copperhead\razerhid.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Razer\Copperhead\razerofa.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\ArcorOnline\Arcor.exe
C:\Programme\Team_RC2\TeamSpeak.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\Neuer Ordner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finding.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - (no file)
O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Programme\GMX\GMX Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [l33t32] C:\WINDOWS\system32\all32.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [eqrciom] C:\WINDOWS\system32\mwyynnz.exe r
O4 - HKCU\..\Run: [l33t32] C:\WINDOWS\system32\all32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST-Infobereich.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: palstart.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119CUDE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Dokumente und Einstellungen\Besitzer\Desktop\Fόr Gφbel\massdown.exe (file missing)
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - C:\Dokumente und Einstellungen\Besitzer\Desktop\Fόr Gφbel\massdown.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: PicGrab - {9AA2562D-2F30-4EEC-B9FF-DF075521E52F} - C:\Programme\PicGrab\iestarter.exe (file missing) (HKCU)
O9 - Extra button: (no name) - {E1052D1D-8639-48AA-BEC0-D5CD71E53D6A} - C:\Programme\PicGrab\iestarter.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &PicGrab starten - {E1052D1D-8639-48AA-BEC0-D5CD71E53D6A} - C:\Programme\PicGrab\iestarter.exe (file missing) (HKCU)
O16 - DPF: {30000279-4144-4DD4-BE4F-6889D1E74167} - http://st.bestoffersnetworks.com/download/scm/smiley.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1124.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128429616328
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128429684265
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1219870-6ED9-4BF1-B208-9F705A8DF40F}: NameServer = 195.50.140.252 195.50.140.114
O18 - Protocol: bw+0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {9B36A4C5-C154-4A1D-A0B5-73DAA8B34ADB} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Seitenanfang Seitenende
14.02.2006, 16:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.02.2006, 19:37
...neu hier

Themenstarter

Beiträge: 9
#6 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1CED-9894

Verzeichnis von C:\WINDOWS\system32

14.02.2006 13:28 35.876 vsconfig.xml
14.02.2006 09:11 8.192 Thumbs.db
09.02.2006 11:50 383.168 perfh009.dat
09.02.2006 11:50 54.150 perfc009.dat
09.02.2006 11:50 394.276 perfh007.dat
09.02.2006 11:50 65.280 perfc007.dat
09.02.2006 11:50 795.640 PerfStringBackup.INI
06.02.2006 07:04 5.416 d3d9caps.dat
29.01.2006 16:38 2.206 wpa.dbl
26.01.2006 14:49 22 w_madriver.dll
24.01.2006 13:56 34.308 BASSMOD.dll
18.01.2006 19:45 3.069 jupdate-1.5.0_02-b09.log
18.01.2006 13:05 57.344 avsda.dll
06.01.2006 12:41 47.104 KMVIDC32.DLL
05.01.2006 04:41 2.836.320 MRT.exe
02.01.2006 18:36 304 l.dat
02.01.2006 18:36 134 se.dat
02.01.2006 18:36 3 pp.dat
02.01.2006 18:36 324 dp.dat
02.01.2006 18:36 176 st.dat

29.12.2005 03:54 280.064 gdi32.dll
23.12.2005 06:38 50.960 ust.exe
22.12.2005 21:44 39 TEVPXCW60.DLL

14.12.2005 09:24 118.784 sirenacm.dll
08.12.2005 16:11 28 mcheck.mhf
05.12.2005 06:12 61.440 pxhpinst.exe
03.12.2005 12:23 36.864 frapsvid.dll
01.12.2005 23:59 2.277.888 TUKernel.exe
01.12.2005 09:52 1.147.384 FNTCACHE.DAT
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 13:39 4.212 zllictbl.dat
24.11.2005 06:52 130 Log.inf
24.11.2005 06:52 65.536 DVDKeyAuth.dll
24.11.2005 06:48 78.896 GEARASPI.DLL
24.11.2005 00:58 3.013.632 mshtml.dll
24.11.2005 00:58 1.022.464 browseui.dll
15.11.2005 00:51 71.440 zlcommdb.dll
15.11.2005 00:51 79.624 zlcomm.dll
15.11.2005 00:51 100.104 vsxml.dll
15.11.2005 00:51 382.728 vsutil.dll
15.11.2005 00:51 71.440 vsregexp.dll
15.11.2005 00:50 227.088 vspubapi.dll
15.11.2005 00:50 104.208 vsmonapi.dll
15.11.2005 00:50 141.064 vsinit.dll
15.11.2005 00:50 372.816 vsdatant.sys
15.11.2005 00:50 83.720 vsdata.dll
15.11.2005 00:34 54.960 vsutil_loc0407.dll
06.11.2005 13:22 43.520 CmdLineExt03.dll
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
04.11.2005 19:15 740 keytxt
04.11.2005 18:34 21.504 DrunkMouse.exe
04.11.2005 18:33 444.252 viagra.exe

21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 251.392 iepeers.dll
21.10.2005 04:40 55.808 extmgr.dll
21.10.2005 04:40 152.064 cdfview.dll
21.10.2005 04:40 205.312 dxtrans.dll
20.10.2005 23:25 1.094.144 esent.dll
17.10.2005 22:20 118.272 t2embed.dll
17.10.2005 22:20 80.896 fontsub.dll
13.10.2005 17:12 2.368 SVKP.sys
13.10.2005 00:11 15.584 spmsg.dll
10.10.2005 10:12 247 spupdwxp.log
Seitenanfang Seitenende
15.02.2006, 00:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 ener

schrieb ich nicht was von 4 Textdateien ???????????

Verzeichnis von C:\WINDOWS\system32
Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp
Verzeichnis von C:\WINDOWS
Verzeichnis von C:\

+ poste das Log von Winpfind
Winpfind
http://virus-protect.org/winpfind.html


Info:
Aurora,SAHAgent,nail.exe

http://virus-protect.org/artikel/spyware/nail.html
--------------------------------------------------------------------

@Hallo ..Halliahlloooooooooooo joschi lol lol
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.02.2006, 09:19
...neu hier

Themenstarter

Beiträge: 9
#8 Hier hast du noch die restlichen daten von mir sorry deswegen.




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1CED-9894

Verzeichnis von C:\DOKUME~1\Besitzer\LOKALE~1\Temp

15.02.2006 08:55 54.970 Zwei Minuten Zeit.pdf
15.02.2006 08:50 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}17838.html
15.02.2006 08:50 16.384 ~DF5985.tmp
15.02.2006 08:50 16.384 ~DF4FF9.tmp
15.02.2006 08:50 512 ~DF500A.tmp
15.02.2006 08:49 16.384 ~DF5B6D.tmp
15.02.2006 08:48 16.384 Perflib_Perfdata_1cc.dat
15.02.2006 08:48 16.384 Perflib_Perfdata_264.dat
15.02.2006 08:46 206 jusched.log
9 Datei(en) 138.591 Bytes
0 Verzeichnis(se), 100.271.636.480 Bytes frei




olume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1CED-9894

Verzeichnis von C:\WINDOWS

15.02.2006 09:05 45 AFDGHILP.ini
15.02.2006 08:49 1.487.564 WindowsUpdate.log
15.02.2006 08:49 0 0.log
15.02.2006 08:46 2.048 bootstat.dat
15.02.2006 00:31 32.568 SchedLgU.Txt
15.02.2006 00:13 736.096 setupapi.log
14.02.2006 20:51 54.156 QTFont.qfn
14.02.2006 19:08 116 NeroDigital.ini
14.02.2006 19:07 52.736 Thumbs.db
14.02.2006 19:01 245.760 Setup1.exe
14.02.2006 19:00 73.216 ST6UNST.EXE
14.02.2006 15:41 4.392 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
14.02.2006 15:41 2.412 ModemLog_Sony Ericsson 750 USB WMC Data Modem.txt
14.02.2006 15:41 2.402 ModemLog_Sony Ericsson 750 USB WMC Modem.txt
14.02.2006 13:47 287.996 setupact.log
13.02.2006 00:52 92 CMISETUP.INI
13.02.2006 00:52 26 CMCDPLAY.INI
13.02.2006 00:52 736 setup.ini
13.02.2006 00:52 0 wininit.ini
11.02.2006 13:33 663 win.ini
11.02.2006 05:05 1.409 QTFont.for
09.02.2006 11:54 2.894 COM+.log
09.02.2006 11:50 216.230 DirectX.log
06.02.2006 06:56 720.896 iun6002ev.exe
06.02.2006 05:59 50 wiaservc.log
06.02.2006 05:59 157 wiadebug.log
04.02.2006 18:02 107.132 UninstallFirefox.exe
04.02.2006 18:02 6.322 mozver.dat
04.02.2006 16:27 0 [INI]
30.01.2006 23:43 185.989 wmsetup.log
26.01.2006 14:45 34 cdplayer.ini
18.01.2006 20:54 16.684 appleJuice Uninstall Log.txt
18.01.2006 19:47 37.924 appleJuice Setup Log.txt
18.01.2006 11:41 122.535 RSEDNClientUninstaller.exe
14.01.2006 13:12 536.432.640 MEMORY.DMP
11.01.2006 06:42 70.175 iis6.log
11.01.2006 06:42 141.570 comsetup.log
11.01.2006 06:42 84.117 ntdtcsetup.log
11.01.2006 06:42 188.108 tsoc.log
11.01.2006 06:42 16.909 ocmsn.log
11.01.2006 06:42 1.374 imsins.log
11.01.2006 06:42 10.120 KB908519.log
11.01.2006 06:42 259.264 ocgen.log
11.01.2006 06:42 24.057 msgsocm.log
11.01.2006 06:42 462.675 FaxSetup.log
06.01.2006 09:20 316.640 WMSysPr9.prx
06.01.2006 03:05 1.355 imsins.BAK
06.01.2006 03:05 13.588 KB912919.log
06.01.2006 03:05 28.817 updspapi.log
02.01.2006 14:49 283 game.ini
22.12.2005 23:49 38 iltwain.ini
22.12.2005 21:44 39 TDEVXCW60.DLL
19.12.2005 15:13 118.784 bwUnin-7.2.0.137-8876480SL.exe
19.12.2005 15:12 179 LDM.log
19.12.2005 15:12 86 KE.log
19.12.2005 03:57 7.136 Windows Update.log
14.12.2005 22:11 10.407 KB910437.log
14.12.2005 22:11 16.299 KB905915.log
02.12.2005 15:57 262 nsw.log
29.11.2005 21:50 737.280 iun6002.exe
28.11.2005 15:26 45 AFDGHIL.ini
24.11.2005 06:52 213.054 GSetup.exe
15.11.2005 18:46 186 WSST_Screen_Saver.ini
15.11.2005 01:10 151 PhotoSnapViewer.INI
14.11.2005 15:02 11.855 KB896424.log
13.11.2005 00:59 220 NetOp.INI
07.11.2005 16:54 1.125 winamp.ini
05.11.2005 18:50 400 ODBC.INI
05.11.2005 01:19 227 system.ini
21.10.2005 01:50 111 gfscore.ini
19.10.2005 15:01 26.656 KB900725.log
19.10.2005 15:01 19.277 KB896688.log
19.10.2005 15:00 19.376 KB904706.log
19.10.2005 15:00 17.186 KB905414.log
19.10.2005 15:00 16.572 KB901017.log
19.10.2005 15:00 21.913 KB902400.log
14.10.2005 21:08 14.015 KB905749.log
13.10.2005 18:16 16.195 Paltalk Messenger Setup Log.txt
10.10.2005 12:20 380 wmsetup10.log



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1CED-9894

Verzeichnis von C:\

15.02.2006 09:06 0 sys.txt
15.02.2006 09:06 10.813 system.txt
15.02.2006 09:06 773 systemtemp.txt
15.02.2006 09:06 119.042 system32.txt
15.02.2006 08:46 805.306.368 pagefile.sys
07.02.2006 10:40 125 ioSpecial.ini
27.01.2006 12:47 9.773.612 16_Der kleine Nils - Geldb”rse - (alben-dreams_dl_am).wav
27.01.2006 12:46 11.877.164 15_Der kleine Nils - Kita GoGo - (alben-dreams_dl_am).wav
27.01.2006 12:46 13.605.164 14_Der kleine Nils - Sixt s„uft ab - (alben-dreams_dl_am).wav
27.01.2006 12:46 23.754.284 13_Der kleine Nils - Denkmal-Daniel - (alben-dreams_dl_am).wav
27.01.2006 12:46 27.712.556 12_Der kleine Nils - Horror-Babysitter - (alben-dreams_dl_am).wav
27.01.2006 12:46 28.408.364 11_Der kleine Nils - Colorhund - (alben-dreams_dl_am).wav
27.01.2006 12:45 26.777.132 10_Der kleine Nils - O2 Gespr„chsblasen - (alben-dreams_dl_am).wav
18.01.2006 11:41 3.011 installer.txt
01.12.2005 23:59 389 boot.ini
13.10.2005 18:31 44 001_[ICY 200 OK] http___avan-design_de_9000_.wav
13.10.2005 18:31 44 001_[Connecting] http___avan-design_de_9000_.wav
10.10.2005 09:45 47.564 NTDETECT.COM
15.09.2005 18:54 696.320 StubInstaller.exe
31.08.2005 11:53 206 Verknpfung mit CD-Laufwerk.lnk
12.08.2005 23:47 251.184 ntldr
18.07.2005 10:05 0 IO.SYS
18.07.2005 10:05 0 CONFIG.SYS
18.07.2005 10:05 0 AUTOEXEC.BAT
18.07.2005 10:05 0 MSDOS.SYS
20.04.2004 15:17 1.290.170 duck.wav
02.04.2003 13:00 4.952 bootfont.bin
27 Datei(en) 949.639.281 Bytes
0 Verzeichnis(se), 100.271.620.096 Bytes frei
Seitenanfang Seitenende
15.02.2006, 11:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9 ener

laden und entzippen: http://virus-protect.org/reg/a.zip --> a.reg--> auf dem Desktop entpacken

-------------------------------------------------------------------------------

Start- Ausfuehren - regedit

bearbeiten--> suchen--->

SVCPROC
Nail.exe


HKEY_LOCAL_MACHINE - Software - Microsoft Windows NT - CurrentVersion -Winlogon
Shell = "explorer.exe C:\WINDOWS\Nail.exe <---lφschen

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SVCPROC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SVCPROC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ {22131A58-5F9A-3EAA-28A7-C3059A3D0632}


Sollte man Probleme haben, die Eintrδge zu lφschen
Klicke auf Bearbeiten--Berechtigung und klicke dann auf Vollzugriff --[άbernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlόssel und versuche diesen zu lφschen.



----------------------------------------------------------------------------------

φffne das HijackThis -- Button "scan" -- vor die Malware-Eintrδge Hδkchen setzen -- Button "Fix checked"

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - (no file)
O4 - HKLM\..\Run: [l33t32] C:\WINDOWS\system32\all32.exe
O4 - HKLM\..\Run: [eqrciom] C:\WINDOWS\system32\mwyynnz.exe r
O4 - HKCU\..\Run: [l33t32] C:\WINDOWS\system32\all32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119CUDE
O16 - DPF: {30000279-4144-4DD4-BE4F-6889D1E74167} - http://st.bestoffersnetworks.com/download/scm/smiley.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab

----------------------------------------------------------------------------------

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nδchste rein, erst beim letzten auf "yes"
reinkopieren: ............

C:\StubInstaller.exe
C:\WINDOWS\system32\keytxt
C:\WINDOWS\system32\DrunkMouse.exe
C:\WINDOWS\system32\viagra.exe
C:\WINDOWS\system32\l.dat
C:\WINDOWS\system32\se.dat
C:\WINDOWS\system32\pp.dat
C:\WINDOWS\system32\dp.dat
C:\WINDOWS\system32\st.dat
C:\WINDOWS\system32\ust.exe
C:\WINDOWS\system32\all32.exe
C:\WINDOWS\system32\TEVPXCW60.DLL
C:\WINDOWS\system32\w_madriver.dll
C:\WINDOWS\System32\DRPMON.DLL
C:\WINDOWS\svcproc.exe
c:\eied_s7.cab
C:\WINDOWS\Nail.exe

Computer in den abgesicherten Modus neustarten (F8 beim Starten drόcken). Die Datei "a.reg" auf dem Desktop doppelklicken und mit "ja" bestaetigen, dass sie der Registry beigefuegt wird.

-----------------------------------------------------------------------------------

deinstalliere:
Red Swoosh

C:\Programme\rsnet\rsednclient.exe
C:\Programme\rsnet\rsednclientuninstaller.exe
C:\Programme\rsnet\clientcorelib-1.010-4279.dll
C:\Programme\rsnet\clientcorelib-1.014-4316.dll
C:\Programme\rsnet\clientcorelib-1.010-4279.dll
C:\Programme\rsnet\clientcorelib-1.014-4316.dll
C:\Programme\rsnet\install.ini
C:\Programme\rsnet
C:\WINDOWS\RSEDNClientUninstaller.exe


Counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden fόr:
*Ignore
*Remove
*Quarantaine
wδhle immer Remove und starte den PC neu (dann kopiere den Scanreport ab
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.02.2006, 13:25
...neu hier

Themenstarter

Beiträge: 9
#10 I ch kann mir dem abiremocer nirgens herunterladen alle beiden links gehen nicht leider
Seitenanfang Seitenende
15.02.2006, 13:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 nun, ich bin auch erstaunt, aber wahrscheinlich erkennen alle virenscanner inzwischen den nail-Virus.
Arbeite also alles weitere ab und scanne mit Counterspy und poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.02.2006, 19:24
...neu hier

Themenstarter

Beiträge: 9
#12 Spyware Scan Details
Start Date: 15.02.2006 15:25:49
End Date: 15.02.2006 18:40:54
Total Time: 3 hrs 15 mins 5 secs

Detected spyware

Paltalk Low Risk Adware more information...
Details: Paltalk is an advertising-supported instant messaging client.
Status: Deleted

Infected files detected
c:\programme\paltalk messenger\ctrlkey.dll
c:\programme\paltalk messenger\efax3.ico
c:\programme\paltalk messenger\ftpclient.dll
c:\programme\paltalk messenger\irunin.bmp
c:\programme\paltalk messenger\irunin.dat
c:\programme\paltalk messenger\irunin.ini
c:\programme\paltalk messenger\irunin.lng
c:\programme\paltalk messenger\license.txt
c:\programme\paltalk messenger\palsound.dll
c:\programme\paltalk messenger\paltalk.exe
c:\programme\paltalk messenger\paltextctl.dll
c:\programme\paltalk messenger\upgrade.ico
c:\programme\paltalk messenger\vonage.ico
c:\programme\paltalk messenger\webvideo.dll
c:\programme\paltalk messenger\receivedfiles\brq.txt
c:\dokumente und einstellungen\besitzer\startmenό\paltalk.lnk
c:\windows\paltalk messenger setup log.txt
C:\Dokumente und Einstellungen\All Users\Startmenό\Programme\Autostart\palstart.exe
C:\WINDOWS\pss\palstart.exeCommon Startup

Infected registry entries detected
HKEY_CURRENT_USER\Software\PalTalk
HKEY_CURRENT_USER\Software\PalTalk Installer C:\Dokumente und Einstellungen\Besitzer\Desktop\pal_install_qt_r4802.exe
HKEY_CURRENT_USER\Software\PalTalk InstallerDesktop C:\Dokumente und Einstellungen\Besitzer\Desktop
HKEY_CURRENT_USER\Software\PalTalk InstallerAppDir C:\Programme\Paltalk Messenger
HKEY_CURRENT_USER\Software\PalTalk cur_build 104
HKEY_CURRENT_USER\Software\PalTalk PALWND_LEFT 782
HKEY_CURRENT_USER\Software\PalTalk PALWND_TOP 72
HKEY_CURRENT_USER\Software\PalTalk PALWND_HEIGHT 565
HKEY_CURRENT_USER\Software\PalTalk PALWND_WIDTH 242
HKEY_CURRENT_USER\Software\PalTalk noautostart 0


AntiLeech Plugin Adware more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Infected files detected
c:\programme\anti-leech\alie_1.0.2.2\al2np.dll
c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.2\alie.dll
c:\programme\anti-leech\alie_1.0.2.2\alie.inf
c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe
C:\Programme\Mozilla Firefox\ALNN\al2np.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.2\alie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.2.2\iesetup2.exe uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo qUtugvKIWu93mMjoMlrHw7SuGnv00G6Lgm4XQUf3fIHPXguR-tkpMU22V0izWTdekkU0tVg4Y85YSnDMZ7ykF53Ln7f-fhu4j0on
y8eRCXoFwrS9d6PiGR4JqU8EoEdslj3Dwcju40stxe+LtRMCtOpQpWKMJtVNYVo5wQ-UvWqxXhDKvCK+2Vfe5l08mn15E4nQaa-C4UQc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage


Misc.WinSoftware.ErrorSafe Misc more information...
Details: ErrorSafe is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\drivers\erssdd.sys

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\ErrorSafe
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck\CLSID {5284AC2A-EF00-4750-9B82-B5B907D26536}
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck\CurVer ESSPCheck.ESSPCheck.1
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck WFX5PCheck Class
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1\CLSID {5284AC2A-EF00-4750-9B82-B5B907D26536}
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1 WFX5PCheck Class
HKEY_CURRENT_USER\Software\ErrorSafe
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\ProgID ESSPCheck.ESSPCheck.1
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\VersionIndependentProgID ESSPCheck.ESSPCheck
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536} WFX5PCheck Class


Morpheus P2P more information...
Details: P2P file sharing program that installs a number of spyware Thread. Morpheus also displays its own popup advertsing.
Status: Deleted

Infected files detected
c:\programme\morpheus\bittorrent_license.txt
c:\programme\morpheus\python23.zip
c:\programme\morpheus\python_license.txt
c:\programme\morpheus\select.pyd
c:\programme\morpheus\zlib.pyd
c:\programme\morpheus\_socket.pyd
c:\programme\morpheus\_sre.pyd

Infected registry entries detected
HKEY_CURRENT_USER\Software\Morpheus
HKEY_CURRENT_USER\Software\Morpheus\GUI\SearchRecent dolly buster dolly buster
HKEY_CURRENT_USER\Software\Morpheus\GUI\SearchRecent gta san andreas gta san andreas
HKEY_CURRENT_USER\Software\Morpheus\GUI CloseOnExit 1
HKEY_CURRENT_USER\Software\Morpheus\GUI PlayListShuffle 0
HKEY_CURRENT_USER\Software\Morpheus\GUI PlayListRepeat 0
HKEY_CURRENT_USER\Software\Morpheus\GUI VideoShuffle 0
HKEY_CURRENT_USER\Software\Morpheus\GUI VideoRepeat 0
HKEY_CURRENT_USER\Software\Morpheus\Location Country
HKEY_CURRENT_USER\Software\Morpheus\Location City
HKEY_CURRENT_USER\Software\Morpheus\morphtorrent .torrent Handler bittorrent
HKEY_CURRENT_USER\Software\Morpheus\morphtorrent .torrent Type 0
HKEY_CURRENT_USER\Software\Morpheus TryToUseUPNP 0
HKEY_CURRENT_USER\Software\Morpheus SearchIconSpinTimeout 120000
HKEY_CURRENT_USER\Software\Morpheus MQ_G2Net 5
HKEY_CURRENT_USER\Software\Morpheus MQ_GnutellaNet 5
HKEY_CURRENT_USER\Software\Morpheus MQ_NeoNet 3
HKEY_CURRENT_USER\Software\Morpheus MQ_UnknownNet 10
HKEY_CURRENT_USER\Software\Morpheus IconCacheLocation IconCache\
HKEY_CURRENT_USER\Software\Morpheus First_Run 100
HKEY_CURRENT_USER\Software\Morpheus allowmaximizewhenopen 1
HKEY_CURRENT_USER\Software\Morpheus SearchToolTip 0
HKEY_CURRENT_USER\Software\Morpheus PlayStartupSound 1
HKEY_CURRENT_USER\Software\Morpheus RunOnStartup 0
HKEY_CURRENT_USER\Software\Morpheus TrayOnMinimize 1
HKEY_CURRENT_USER\Software\Morpheus TrayOnClose 0
HKEY_CURRENT_USER\Software\Morpheus ClearSearchHistoryOnExit 0
HKEY_CURRENT_USER\Software\Morpheus enablesearchhistory 1
HKEY_CURRENT_USER\Software\Morpheus NoBannerVerionDownloadStarted 0
HKEY_CURRENT_USER\Software\Morpheus ShowSearchesInHome 0
HKEY_CURRENT_USER\Software\Morpheus SetExtAssociation 0
HKEY_CURRENT_USER\Software\Morpheus UseProxyForDownload 0
HKEY_CURRENT_USER\Software\Morpheus DefaultProxy
HKEY_CURRENT_USER\Software\Morpheus ChatColorScheme 2
HKEY_CURRENT_USER\Software\Morpheus PaidVerExeName
HKEY_CURRENT_USER\Software\Morpheus IsWipeUsed 0
HKEY_CURRENT_USER\Software\Morpheus AutoupdateWebCache 0
HKEY_CURRENT_USER\Software\Morpheus WebCacheURL
HKEY_CURRENT_USER\Software\Morpheus NodeCapability 1
HKEY_CURRENT_USER\Software\Morpheus NodeCapabilityG2 6
HKEY_CURRENT_USER\Software\Morpheus MaxPaidResults 5
HKEY_CURRENT_USER\Software\Morpheus BTUpCount 0
HKEY_CURRENT_USER\Software\Morpheus BTBUpload 0
HKEY_CURRENT_USER\Software\Morpheus BTUpCountEnable 0
HKEY_CURRENT_USER\Software\Morpheus BTBUploadEnable 0
HKEY_CURRENT_USER\Software\Morpheus BTLowerPortEnable 1
HKEY_CURRENT_USER\Software\Morpheus BTLowerPort 29589
HKEY_CURRENT_USER\Software\Morpheus BTHighPort 29686
HKEY_CURRENT_USER\Software\Morpheus OpenwithinMorpheus 1
HKEY_CURRENT_USER\Software\Morpheus ClearVideoHistoryonStart 0
HKEY_CURRENT_USER\Software\Morpheus ClearAudioHistoryonStart 0
HKEY_CURRENT_USER\Software\Morpheus HandleMagnet 1
HKEY_CURRENT_USER\Software\Morpheus HandleTorrent 1
HKEY_CURRENT_USER\Software\Morpheus HandleMagnetDontShow 1
HKEY_CURRENT_USER\Software\Morpheus HandleTorrentDontShow 0
HKEY_CURRENT_USER\Software\Morpheus PRCode 0
HKEY_CURRENT_USER\Software\Morpheus CurName -1
HKEY_CURRENT_USER\Software\Morpheus PRPassword
HKEY_CURRENT_USER\Software\Morpheus SkinPath
HKEY_CURRENT_USER\Software\Morpheus MoreSearchID 0
HKEY_CLASSES_ROOT\AppID\{EA7AA9FF-166A-4C5A-8569-963DE41AAC74}
HKEY_CLASSES_ROOT\AppID\{EA7AA9FF-166A-4C5A-8569-963DE41AAC74} M5Shell
HKEY_CLASSES_ROOT\AppID\M5Shell.DLL
HKEY_CLASSES_ROOT\AppID\M5Shell.DLL AppID {EA7AA9FF-166A-4C5A-8569-963DE41AAC74}


WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Deleted

Infected files detected
c:\programme\save\saveupdate.exe
c:\programme\save\acm.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\ACM.ACMFactory
HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class
HKEY_CLASSES_ROOT\ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\PROGRA~1\Save\ACM.dll
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\PROGRA~1\Save\ACM.dll
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\PROGRA~1\Save\
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM
HKEY_CLASSES_ROOT\AppID\ACM.DLL
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}


ABetterInternet.Aurora Adware more information...
Details: Opens popups on the desktop based on site visit history; may disable or uninstall other software; denies uninstallation
Status: Deleted

Infected files detected
c:\windows\nail.exe
C:\WINDOWS\boncpar.htm

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon Driver DrPMon.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc DisplayName System Startup Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16
HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 0
HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1
HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0
HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 0
HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 0
HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 0
HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 0
HKEY_CURRENT_USER\software\aurora auc3u5rrentsmode
HKEY_CURRENT_USER\software\aurora aue3v5nt
HKEY_CURRENT_USER\software\aurora aui3d5ofsinst
HKEY_CURRENT_USER\software\aurora aui3g5nores
HKEY_CURRENT_USER\software\aurora aui3n5progsex
HKEY_CURRENT_USER\software\aurora aus3t5icky1s
HKEY_CURRENT_USER\software\aurora aus3t5icky2s
HKEY_CURRENT_USER\software\aurora aus3t5icky3s
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon Driver DrPMon.dll
HKEY_CURRENT_USER\Software\aurora
HKEY_CURRENT_USER\Software\aurora AUI3d5OfSInst {2CDD4DF8-26B9-4A7C-AFDB-E65EA7966AE8}
HKEY_CURRENT_USER\Software\aurora AUs3t5icky1S lstlogdt%3D20060215%26cntp%3Dnull%26
HKEY_CURRENT_USER\Software\aurora AUs3t5icky2S fstcidt%3D1140013539058%26
HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 0
HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 0
HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 0
HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 0
HKEY_CURRENT_USER\Software\aurora AUD3s5tSSEnd ’›–‚ΐΐ͐ŽˆΜŽˆ“˜Α—ΐƒέΎ‰άœ›œ
HKEY_CURRENT_USER\Software\aurora AU3N5a7tionSCode DE
HKEY_CURRENT_USER\Software\aurora AUP3D5om •‰„—ˆ€’†“‚‹ˆŸΜ‘Ÿ
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSCheckSIn 30
HKEY_CURRENT_USER\Software\aurora AUM3o5deSSync 9
HKEY_CURRENT_USER\Software\aurora AUBd2y5i23 98816
HKEY_CURRENT_USER\Software\aurora AUBd2y646 87266849
HKEY_CURRENT_USER\Software\aurora AUBd2yV3r 33554690
HKEY_CURRENT_USER\Software\aurora AURu71n3C5c5 720
HKEY_CURRENT_USER\Software\aurora AUNbC5c5 10
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0
HKEY_CURRENT_USER\Software\aurora AUAdC0u4t57D 1q500000000000000
HKEY_CURRENT_USER\Software\aurora AUAdC0u4t524h 15fu000000000000000000000000000000000000000000000000
HKEY_CURRENT_USER\Software\aurora AUAc7C0u4t57D 1q500000000000001ud000000000000
HKEY_CURRENT_USER\Software\aurora AUAc7C0u4t524h 15fu00000000000000000000000000000000000000000010h0h20000ct000000000000000000
HKEY_CURRENT_USER\Software\aurora AUB3D5om ›‡†ŽŠ›”›‡€”Š–άŒŸ
HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0
HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60
HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1
HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 0
HKEY_CURRENT_USER\Software\aurora AUI3g5noreS ™ƒ‹™‰Α€“ƒ„Ÿ——›Α—“†Ž—™ƒ‹‘‘ΑŒ—Ž“Ž›”„‘š›‡ά™€Ž™€Ÿ“œ‹”…—œ™›‹”Α—“„žƒŒƒŽΑ
—“”ŠΘΑ‘†•‡–•Α—“ƒ–ŒŠ†“œ‹œΑ—“˜ΤŒŸ†€„”Ÿ‚Ž†›€Šά™€Ž‰‡‚”Ž”ά™€ŽŽƒ”œ†ŸŠΑ—“ƒ†ž‚–ά™€Ž€•–Š‘‹”‹‹‘››‹”Α—““™‰”ά
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc\Security Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc DisplayName System Startup Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Security Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Type 16
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Start 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc DisplayName System Startup Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ObjectName LocalSystem
HKEY_CURRENT_USER\Software\aurora
HKEY_CURRENT_USER\Software\aurora AUI3d5OfSInst {2CDD4DF8-26B9-4A7C-AFDB-E65EA7966AE8}
HKEY_CURRENT_USER\Software\aurora AUs3t5icky1S lstlogdt%3D20060215%26cntp%3Dnull%26
HKEY_CURRENT_USER\Software\aurora AUs3t5icky2S fstcidt%3D1140013539058%26
HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 0
HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 0
HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 0
HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 0
HKEY_CURRENT_USER\Software\aurora AUD3s5tSSEnd ’›–‚ΐΐ͐ŽˆΜŽˆ“˜Α—ΐƒέΎ‰άœ›œ
HKEY_CURRENT_USER\Software\aurora AU3N5a7tionSCode DE
HKEY_CURRENT_USER\Software\aurora AUP3D5om •‰„—ˆ€’†“‚‹ˆŸΜ‘Ÿ
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSCheckSIn 30
HKEY_CURRENT_USER\Software\aurora AUM3o5deSSync 9
HKEY_CURRENT_USER\Software\aurora AUBd2y5i23 98816
HKEY_CURRENT_USER\Software\aurora AUBd2y646 87266849
HKEY_CURRENT_USER\Software\aurora AUBd2yV3r 33554690
HKEY_CURRENT_USER\Software\aurora AURu71n3C5c5 720
HKEY_CURRENT_USER\Software\aurora AUNbC5c5 10
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0
HKEY_CURRENT_USER\Software\aurora AUAdC0u4t57D 1q500000000000000
HKEY_CURRENT_USER\Software\aurora AUAdC0u4t524h 15fu000000000000000000000000000000000000000000000000
HKEY_CURRENT_USER\Software\aurora AUAc7C0u4t57D 1q500000000000001ud000000000000
HKEY_CURRENT_USER\Software\aurora AUAc7C0u4t524h 15fu00000000000000000000000000000000000000000010h0h20000ct000000000000000000
HKEY_CURRENT_USER\Software\aurora AUB3D5om ›‡†ŽŠ›”›‡€”Š–άŒŸ
HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0
HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60
HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1
HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 0
HKEY_CURRENT_USER\Software\aurora AUI3g5noreS ™ƒ‹™‰Α€“ƒ„Ÿ——›Α—“†Ž—™ƒ‹‘‘ΑŒ—Ž“Ž›”„‘š›‡ά™€Ž™€Ÿ“œ‹”…—œ™›‹”Α—“„žƒŒƒŽΑ—
“”ŠΘΑ‘†•‡–•Α—“ƒ–ŒŠ†“œ‹œΑ—“˜ΤŒŸ†€„”Ÿ‚Ž†›€Šά™€Ž‰‡‚”Ž”ά™€ŽŽƒ”œ†ŸŠΑ—“ƒ†ž‚–
ά™€Ž€•–Š‘‹”‹‹‘››‹”Α—““™‰”ά
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 UninstallString C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\boncpar.htm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 DisplayName The Best Offers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 DisplayIcon C:\WINDOWS\bestoffers.ico
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 URLInfoAbout http://www.bestoffersnetworks.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Publisher The Best Offers Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 HelpLink http://www.bestoffersnetworks.com/uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Contact support@bestoffersnetworks.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 UninstallString C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\boncpar.htm
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 DisplayName The Best Offers
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 DisplayIcon C:\WINDOWS\bestoffers.ico
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 URLInfoAbout http://www.bestoffersnetworks.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 Publisher The Best Offers Network
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 HelpLink http://www.bestoffersnetworks.com/uninstall
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\bsto-1 Contact support@bestoffersnetworks.com
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Security Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Type 16
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Start 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc DisplayName System Startup Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ObjectName LocalSystem


ABetterInternet.DrPMon Adware more information...
Status: Deleted

Infected files detected
c:\windows\system32\drpmon.dll


iSearch.DesktopSearch Spyware more information...
Details: Removes the users access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe.
Status: Deleted

Infected files detected
c:\windows\svcproc.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon Driver DrPMon.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc DisplayName System Startup Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16
HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 0
HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1
HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60
HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0
HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 0
HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 0
HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 0
HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 0


ABetterInternet Adware more information...
Details: ABetterInternet shows advertisements based on the web pages you view and the web sites you visit.
Status: Deleted

Infected files detected
c:\windows\bestoffers.ico
c:\windows\boncpar.htm

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Contact support@bestoffersnetworks.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 HelpLink http://www.bestoffersnetworks.com/uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Publisher The Best Offers Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 URLInfoAbout http://www.bestoffersnetworks.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 DisplayIcon C:\WINDOWS\bestoffers.ico
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 DisplayName The Best Offers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc DisplayName System Startup Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16


Trojan.virtual-ie.MsMovies Adware more information...
Status: Deleted

Infected files detected
c:\windows\system32\cmd.com
c:\windows\system32\netstat.com
c:\windows\system32\ping.com
c:\windows\system32\regedit.com
c:\windows\system32\taskkill.com
c:\windows\system32\tasklist.com
c:\windows\system32\tracert.com


Worm.Klez.e Worm more information...
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\ICQ Lite\264825179\Samuray_345892077\Computerschlaf.jpg


My Way Speedbar Browser Plug-in more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}


MyWebSearch Toolbar Potentially Unwanted Software more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CurVer MyWebSearch.HTMLPanel.1
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel MyWebSearch HTML Panel
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin


SearchNugget Browser Plug-in more information...
Details: SearchNugget is a Browser Helper Object that displays a toolbar in Internet Explorer as well as a button and changes the Internet Explorer home page.
Status: Deleted

Infected files detected
c:\Programme\Save\ACM.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1 ACMFactory Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\PROGRA~1\Save\ACM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\PROGRA~1\Save\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library


Backdoor.Aimbot.ca Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP DisplayName SVKP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP Start 2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP Type 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum NextInstance 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum Count 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum 0 Root\LEGACY_SVKP\0000


ABetterInternet Cookie more information...
Details: ABetterInternet shows advertisements based on the web pages you view and the web sites you visit.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@abetterinternet[2].txt


Cok.ad.yieldmanager Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@ad.yieldmanager[2].txt


Advertising.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@advertising[1].txt


Anti-Leech.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@anti-leech[1].txt


ABetterInternet.Aurora Cookie Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@btg.btgrab[2].txt
c:\dokumente und einstellungen\besitzer\cookies\besitzer@cliks[2].txt


casalemedia.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@casalemedia[2].txt


CGI-Bin Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@cgi-bin[2].txt


DoubleClick Cookie more information...
Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@doubleclick[1].txt


FastClick.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@fastclick[1].txt
c:\dokumente und einstellungen\besitzer\cookies\besitzer@media.fastclick[1].txt


Offeroptimizer Cookie more information...
Details: Offeroptimizer is a cookie that tracks the unique visitors to a web site and their personal preferences.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@offeroptimizer[2].txt


TribalFusion.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@tribalfusion[1].txt
Seitenanfang Seitenende
15.02.2006, 21:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 deinstalliere Counterspy und lade ewido (scanne + poste den scanreport)
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.02.2006, 23:12
...neu hier

Themenstarter

Beiträge: 9
#14 ---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 23:11:31, 15.02.2006
+ Report-Checksumme: 35222550

+ Scanergebnis:

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMo -> Adware.BetterInternet : Gesδubert mit Backup

HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Gesδubert mit Backup

HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Gesδubert mit Backup

HKU\S-1-5-21-1220945662-963894560-725345543-1003\Software\aurora -> Adware.BetterInternet : Gesδubert mit Backup
HKU\S-1-5-21-1220945662-963894560-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Gesδubert mit Backup

C:\WINDOWS\system32\DrPMon.dll -> Trojan.Agent.db : Gesδubert mit Backup

C:\WINDOWS\system32\onhkzuw.exe -> Trojan.Agent.ay : Gesδubert mit Backup

C:\!KillBox\all32.exe -> Backdoor.Y3KRat.pro.02 : Gesδubert mit Backup

C:\!KillBox\DrunkMouse.exe -> Not-A-Virus.BadJoke.Win32.MovingMouse.a : Gesδubert mit Backup

C:\!KillBox\svcproc.exe -> Trojan.Stervis.e : Gesδubert mit Backup
:mozilla.6:C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\5njh9xe6.default\cookies-1.txt -> TrackingCookie.Popularix : Gesδubert mit Backup

C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@ivwbox[1].txt -> TrackingCookie.Ivwbox : Gesδubert mit Backup
C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@tacoda[1].txt -> TrackingCookie.Tacoda : Gesδubert mit Backup

C:\Programme\ComputerSchock\ComputerSchock.exe ->
Not-A-Virus.Hoax.Win32.ComputerSchock : Gesδubert mit Backup

C:\Programme\Save -> Adware.SaveNow : Gesδubert mit Backup

C:\Programme\Save\store.db-> Adware.SaveNow : Gesδubert mit Backup

C:\Programme\winupdates\a.zip/Setup.exe -> Worm.VB.an : Gesδubert mit Backup

C:\WINDOWS\Downloaded Program Files\drsmartload100a.exe -> Downloader.Adload.j : Gesδubert mit Backup

C:\WINDOWS\Downloaded Program Files\UERSU_0001_LPNetInstaller.exe-> Not-A-Virus.Downloader.Win32.Agent.d : Gesδubert mit Backup

C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Gesδubert mit Backup
C:\WINDOWS\svcproc.exe -> Adware.BetterInternet : Gesδubert mit Backup
C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Gesδubert mit Backup


::Report Ende
Seitenanfang Seitenende
16.02.2006, 00:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 scanne mit panda und kopiere den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: