Mein pc dreht durch !!! popups ohne ende

Thema ist geschlossen!
Thema ist geschlossen!
#0
19.03.2006, 21:25
Member

Themenstarter

Beiträge: 18
#31 jo....ok....ähm für weitere aktionen( weiß ja nicht wie oft ich noch scannen muss , bis die sache erledigt ist) habe ich in der woche meist erst ab 19:00 Uhr zeit , nur damit du dich net wunderst warum ich die reports net poste ^^
Seitenanfang Seitenende
19.03.2006, 22:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#32 mache es heute noch...es ist ja nur der counterspy..ich hoffe, er loescht den WinAntiVirus Pro 2006 total raus ;)
tzz tzz...wie kann man sich den PC nur so verseuchen......... ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.03.2006, 04:49
Member

Themenstarter

Beiträge: 18
#33 Spyware Scan Details
Start Date: 19.03.2006 21:10:59
End Date: 19.03.2006 22:00:30
Total Time: 49 mins 31 secs

Detected spyware

RBot.steam Trojan more information...
Status: Quarantined

Infected files detected
C:\Programme\Valve\platform\steam_dev.exe


BearShare P2P Program more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Quarantined

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare Test\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare


Blazefind Browser Plug-in more information...
Details: BlazeFind installs itself as a Browser Helper Object in Internet Explorer and redirects search queries that you use in search engine as well as hijacks your Internet Explorer settings.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA installFolder C:\Program Files\WindowsSA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA installFolderBAND C:\Windows\System32\


AvenueMedia.InternetOptimizer Adware more information...
Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0


IST.SlotchBar Toolbar more information...
Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0


AntiLeech Plugin Adware more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free pkid
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free alid 21styeah
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free iid {705AE9E9-98BD-4920-97B7-36713C550EED}
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo F0qI2ykIbZen5w3x07wr2uVRVdi5baMx04zWkwVVtazYN4wPOB0QDkVYOdhWNtMNESjb1oFZVtk0EQbIYvIfFny
uBZQtsAvI0vy7ny-wq1XTBTcbGfNFQKpjzuGYwD39z7UJNzWmTPf-oGuob1iImLv1DFfvOL5Tad-0SFE0h3OofeCHa-uk
uptD0YMWY-BEFE8NXPCZXGey
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.1
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.1
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage


RealVNC Commercial Remote Control more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\ORL


WhenU.SaveNow Adware more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Quarantined

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData


IST.ISTbar Browser Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0


Weborama Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\start\cookies\start@weborama[2].txt
Seitenanfang Seitenende
20.03.2006, 12:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#34 Harbs

der Netpumper muss raus...er bringt die PopUps mit sich
also kein: Status: Ignored , sondern neuscannen und alles loeschen !!!

Quarantined --> wozu ?? Loesche doch diesen ganzen VirenMuell !!!!!!!!!

Zitat

* nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove --> Status: Deleted
*Quarantaine
wähle immer Remove und starte den PC neu
-----------------------------------------------------------------

Wenn du deinen PC magst und nicht jede Woche formatieren willst, verzichte in Zukunft auf BearShare, P2P, Netpumper und andere dubiose Tools.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.03.2006, 14:45
Member

Themenstarter

Beiträge: 18
#35 Spyware Scan Details
Start Date: 20.03.2006 13:38:06
End Date: 20.03.2006 14:12:28
Total Time: 34 mins 22 secs

Detected spyware

NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free pkid
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free alid 21styeah
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free iid {705AE9E9-98BD-4920-97B7-36713C550EED}
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo F0qI2ykIbZen5w3x07wr2uVRVdi5baMx04zWkwVVtazYN4wPOB0QDkVYOdhWNtMNESjb1oFZVtk0EQbIYvIfFnyuBZQtsAvI0vy7ny-wq1XTBTcbGfNFQKpjzuGYwD39z7UJNzWmTPf-oGuob1iImLv1DFfvOL5Tad-0SFE0h3OofeCHa-ukuptD0YMWY-BEFE8NXPCZXGey
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.1
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.1
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage


RealVNC Commercial Remote Control more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Deleted

Infected registry entries detected
Seitenanfang Seitenende
20.03.2006, 14:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#36 es muesste nun wieder alles in Ordnung sein...wie laeuft es ?
scanne noch mal mit counterspy...bis alles sauber bleibt, dann deinstalliere das tool.

TuneUp 2006 (30 Tage free) Shareware
http://virus-protect.org/reinigungstoolsregistry.html
wende an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.03.2006, 15:13
Member

Themenstarter

Beiträge: 18
#37 hey...
es läuft alles wieder ziehmlich gut , außer das ich beim runterfahren ab und zu beim inet explorer und beim card reader auf sofort beenden klicken muss .....
ansonsten echt super leistung !!!!!!!!!!!!!!!!

VIELEN VIELEN Dank , das du einem 16 J. alten Typen , der seinen PC fast complett in Ars..*patsch* geritten hat hilfst lol lol

DDDDDDDDDDAAAAAAAAAAAANNNNNNNNNNNNKKKKKKKKKKKEEEEEEEEEEEEE
Dieser Beitrag wurde am 20.03.2006 um 16:36 Uhr von Harbs editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: