Virus Alert! in meine Taskleiste. |
||
---|---|---|
#0
| ||
19.05.2006, 01:43
Ehrenmitglied
Beiträge: 29434 |
||
|
||
19.05.2006, 09:39
...neu hier
Beiträge: 3 |
#17
danke für die schnelle antwort,
hier erstmal der log vom silentrunner: "Silent Runners.vbs", revision 45, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "Steam" = "E:\Valve\Steam\\Steam.exe -silent" ["Valve Corporation"] "Spyware Doctor" = ""C:\Programme\Spyware Doctor\swdoctor.exe" /Q" ["PCTools"] "SpybotSD TeaTimer" = "E:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "wininet.dll" = "regperf.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"] "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "QuickTime Task" = ""E:\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "PCTVRemote" = "C:\Programme\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" ["Pinnacle Systems"] "D-Link AirPlus Xtreme G" = "C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" ["D-Link"] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "PCLEPCI" = "C:\PROGRA~1\Pinnacle\PPE\PPE.EXE" ["Pinnacle Systems GmbH"] "UnlockerAssistant" = ""E:\Programme\Unlocker\UnlockerAssistant.exe"" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided) -> {HKLM...CLSID} = "PCTools Site Guard" \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"] {B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided) -> {HKLM...CLSID} = "PCTools Browser Monitor" \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\rpshell.dll" ["RealNetworks, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "E:\Programme\Unlocker\UnlockerCOM.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{e04408db-4812-4478-8d4d-e46edcffd3b6}" = "AutoDisc Ware" -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\fyhhxw.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! wingzy32\DLLName = "wingzy32.dll" [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "E:\Programme\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Default executables: -------------------- HKCU\Software\Classes\batfile\ HKCU\Software\Classes\cmdfile\ (PS:Und beim starten im abgesicherten modus, als admin einlogen?) Dieser Beitrag wurde am 19.05.2006 um 10:02 Uhr von nito editiert.
|
|
|
||
19.05.2006, 10:58
Ehrenmitglied
Beiträge: 29434 |
#18
Zitat (PS:Und beim starten im abgesicherten modus, als admin einlogen?)ja, natuerlich dann berichte, wie es gelaufen ist. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.05.2006, 15:56
...neu hier
Beiträge: 3 |
#19
ganz grosses danke schön sabina, es scheint geklappt zu haben, die meldung ist weg. kann nur pkt. 12 nicht ausführen, bei dem link hängt sich mein IE immer auf, oO. aber bis dahin hat alles bestens funktioniert. kann dir nicht genug danken. mach weiter so
Mfg Nito |
|
|
||
26.05.2006, 23:32
...neu hier
Beiträge: 6 |
#20
Jaa schön ist das nicht ich habe auch das problem.
Ich hoffe mal mir kann auch noch geholfen werden Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3054-6B4B Verzeichnis von C:\WINDOWS\system32 26.05.2006 23:27 5.044 stdole3.tlb 26.05.2006 22:23 10.820 atmclk.exe 26.05.2006 21:58 12.800 simpole.tlb 26.05.2006 21:58 102.912 hp100.tmp 26.05.2006 21:58 151.552 dcomcfg.exe 26.05.2006 21:51 27.661 ld750B.tmp 21.05.2006 18:56 4.286 ot.ico 21.05.2006 18:12 13.646 wpa.dbl 15.05.2006 08:54 176.128 appmagr.dll 15.05.2006 08:47 35.853 regperf.exe 04.05.2006 06:26 5.818.784 MRT.exe 15.04.2006 15:53 312.350 perfh009.dat 15.04.2006 15:53 40.738 perfc009.dat 15.04.2006 15:53 317.534 perfh007.dat 15.04.2006 15:53 48.964 perfc007.dat 15.04.2006 15:53 725.674 PerfStringBackup.INI 14.04.2006 20:49 126.976 Agent.dll 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 23.03.2006 22:34 3.074.560 mshtml.dll 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 06.03.2006 21:43 135.168 rlmtcs.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 1.022.976 browseui.dll 04.03.2006 05:34 152.064 cdfview.dll 01.03.2006 21:43 11.776 xolehlp.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 426.496 msdtcprx.dll 01.03.2006 21:43 91.136 mtxoci.dll 01.03.2006 21:43 956.416 msdtctm.dll 14.02.2006 18:47 2 stera.job 19.01.2006 21:32 1.632 d3d8caps.dat 12.01.2006 12:32 543.496 LegitCheckControl.DLL 04.01.2006 05:35 68.096 webclnt.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3054-6B4B Verzeichnis von C:\DOKUME~1\H\LOKALE~1\Temp 26.05.2006 23:16 16.384 ~DF7688.tmp 26.05.2006 21:51 16.384 ~DF5757.tmp 26.05.2006 21:51 512 ~DFC14A.tmp 26.05.2006 21:51 16.384 ~DFBF78.tmp 26.05.2006 13:25 16.384 ~DF7F38.tmp 26.05.2006 13:25 16.384 ~DFB70A.tmp 25.05.2006 16:18 16.384 ~DF6685.tmp 25.05.2006 16:18 16.384 ~DF1C70.tmp 25.05.2006 13:17 16.384 ~DF6ED5.tmp 25.05.2006 13:17 16.384 ~DFCFFF.tmp 15.02.2006 00:09 16.384 ~DF80AD.tmp 15.02.2006 00:00 3.515.306 WinAntiSpyware2006Setup.exe 14.02.2006 19:24 0 GRD$LOGFILE.LOG 14.02.2006 19:10 2.920.485 sa1.exe 14.02.2006 19:09 16.384 ~DF49.tmp 14.02.2006 19:09 16.384 ~DFF89D.tmp 14.02.2006 18:51 905 wa6Support.log 14.02.2006 18:50 131.072 ~DFB80F.tmp 14.02.2006 18:47 8.927.760 ~wa6psetup.exe 14.02.2006 18:41 797.676 IMTC.xml 14.02.2006 18:41 426 IMTB.xml 14.02.2006 18:41 2.036 IMTA.xml edit Sabina Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3054-6B4B Verzeichnis von C:\WINDOWS 26.05.2006 21:51 0 0.log 26.05.2006 21:51 1.270.412 WindowsUpdate.log 26.05.2006 21:51 2.048 bootstat.dat 26.05.2006 13:49 32.618 SchedLgU.Txt 22.05.2006 10:08 116 NeroDigital.ini 17.05.2006 16:58 52.535 wmsetup.log 10.05.2006 09:18 77.881 iis6.log 10.05.2006 09:18 124.536 comsetup.log 10.05.2006 09:18 1.374 imsins.log 10.05.2006 09:18 194.029 tsoc.log 10.05.2006 09:18 15.232 ocmsn.log 10.05.2006 09:18 74.637 ntdtcsetup.log 10.05.2006 09:18 11.713 KB913580.log 10.05.2006 09:18 256.773 ocgen.log 10.05.2006 09:18 25.055 msgsocm.log 10.05.2006 09:18 492.459 FaxSetup.log 10.05.2006 09:18 526.990 setupapi.log 10.05.2006 09:17 30.607 updspapi.log 25.04.2006 22:30 1.374 imsins.BAK 25.04.2006 22:30 11.160 KB900485.log 15.04.2006 16:10 182.858 ntbtlog.txt 15.04.2006 16:08 180.761 setupact.log 15.04.2006 15:53 46 InoSetup.ini 12.04.2006 10:21 30.803 spupdsvc.log 12.04.2006 10:15 15.035 KB908531.log 12.04.2006 10:15 14.232 KB911562.log 12.04.2006 10:15 16.355 KB912812.log 12.04.2006 10:13 8.692 KB911565.log 12.04.2006 10:13 10.633 KB911567.log 16.03.2006 12:51 583 win.ini 16.02.2006 17:13 11.344 KB911927.log 16.02.2006 17:13 4.665 KB911564.log 16.02.2006 17:12 7.419 KB913446.log 14.02.2006 18:57 4 data4711.bak 14.02.2006 18:57 4 num41.jbd 14.02.2006 18:57 4 info147.sys 24.01.2006 17:07 50 wiaservc.log 24.01.2006 17:07 216 wiadebug.log 12.01.2006 17:53 10.063 KB908519.log 06.01.2006 00:22 10.951 KB912919.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3054-6B4B Verzeichnis von C:\ 26.05.2006 23:30 0 sys.txt 26.05.2006 23:30 7.466 system.txt 26.05.2006 23:29 40.284 systemtemp.txt 26.05.2006 23:28 89.713 system32.txt 26.05.2006 21:51 536.379.392 hiberfil.sys 26.05.2006 21:51 805.306.368 pagefile.sys 15.04.2006 16:08 3.505 smitfiles.txt 28.12.2005 18:40 211 boot.ini 28.12.2005 18:35 47.564 NTDETECT.COM 28.12.2005 18:35 251.184 ntldr 23.12.2005 16:33 0 IO.SYS 23.12.2005 16:33 0 CONFIG.SYS 23.12.2005 16:33 0 AUTOEXEC.BAT 23.12.2005 16:33 0 MSDOS.SYS 02.04.2003 14:00 4.952 bootfont.bin 15 Datei(en) 1.342.130.639 Bytes 0 Verzeichnis(se), 11.801.202.688 Bytes frei Danke schon mal Ich bin noch optimistisch!! |
|
|
||
27.05.2006, 00:59
Ehrenmitglied
Beiträge: 29434 |
#21
Ebe
Cleanup anwenden http://virus-protect.org/cleanup.html ----------------------------------------------------------------------------- 1. Laden und alles auf dem Desktop entpacken: *) spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg *) SmitRem2.8 --> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok ------------------------------------------------------------------ 2. KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ....... Zitat C:\WINDOWS\system32\stdole3.tlb4. Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). http://www.bsi.bund.de/av/texte/wiederher.htm ** 3. Die Datei "spyfalcon.reg" auf dem Desktop doppelklicken --> und mit "ja"/"yes" der Registry beifügen ** 4. suche: C:\!KillBox und lösche alle dort eventuell befindlichen Dateien manuell 5. . Verzeichnis von C:\DOKUME~1\H\LOKALE~1\Temp -> muss leer sein !!!!!!!!!!! Datenträgerbereinigung: und Löschen der Temporary-Dateien Start - Ausführen - cleanmgr (reinschreiben) Klick: Temporäre Internet Files/Temporäre Internet Dateien -> o.k. Klick: Temporäre Dateien -> o.k 6. öffne smitRem --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) ------------------------------------------------------------------------ 7. boote wieder in den Normalmodus ** 8. deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder) Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. **---------------------------------------------------------------------------------------------- 9. http://www.symantec.com/avcenter/venc/data/winantispyware.html da anscheinend noch das hier auf dem PC vorhanden ist..........winantispyware poste das Log vom HijackThis: Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.05.2006, 12:26
...neu hier
Beiträge: 6 |
#22
Ok soweit so gut
Logfile of HijackThis v1.99.1 Scan saved at 12:24:55, on 27.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\ICQLite\ICQLite.exe C:\Programme\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\MSMSGS.EXE C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\eTrust Antivirus\Realmon.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\DOKUME~1\Herbert\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp6691.tmp (file missing) O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [SpyFalcon] C:\Programme\SpyFalcon\SpyFalcon.exe /h O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Echzeitüberwachung.lnk = C:\Programme\CA\eTrust Antivirus\Realmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.billingnow.com O15 - Trusted Zone: http://*.reliablestats.com O15 - Trusted Zone: http://*.winantispyware.com O15 - Trusted Zone: http://*.winantivirus.com O15 - Trusted Zone: http://*.winantiviruspro.com O15 - Trusted Zone: http://*.winfixer.com O15 - Trusted Zone: http://*.winnanny.com O15 - Trusted Zone: http://*.winsoftware.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136544527692 O18 - Protocol: bw+0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe |
|
|
||
27.05.2006, 14:55
Ehrenmitglied
Beiträge: 29434 |
#23
Ebe
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp6691.tmp (file missing)PC neustarten »» ueberpruefe, ob das geloescht ist: C:\Programme\SpyFalcon »» Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) WinAntiSpyware 2006 Scanner in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.05.2006, 17:50
...neu hier
Beiträge: 6 |
#24
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 27.05.2006 17:49:04 for strings: ; 'winantispyware 2006 scanner winantispyware 2006 scanner winantispyware 2006 scanner winantispyware 2006 scanner' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... |
|
|
||
27.05.2006, 17:52
Ehrenmitglied
Beiträge: 29434 |
#25
1.
findest du einen WinAntiSpyware 2006 Scanner auf dem Rechner ???? Falls ja, alles loeschen ! 2. Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove --> Status: Deleted *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.05.2006, 18:34
...neu hier
Beiträge: 6 |
#26
Spyware Scan Details
Start Date: 27.05.2006 18:06:50 End Date: 27.05.2006 18:28:08 Total Time: 21 mins 18 secs Detected spyware Media-Codec Trojan more information... Details: Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent. Status: Deleted Infected files detected c:\programme\media-codec\uninst.exe Infected registry entries detected HKEY_CLASSES_ROOT\EMediaCodec.Chl HKEY_CLASSES_ROOT\EMediaCodec.Chl\CLSID {6BF52A52-394A-11D3-B153-00C04F79FAA6} HKEY_CLASSES_ROOT\Media-Codec.Chl HKEY_CLASSES_ROOT\Media-Codec.Chl\CLSID {6BF52A52-394A-11D3-B153-00C04F79FAA6} DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Deleted Infected files detected c:\dokumente und einstellungen\all users\startmenü\security troubleshooting.url c:\dokumente und einstellungen\herbert\favoriten\antivirus test online.url Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b} HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340} HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32 C:\WINDOWS\system32\appmagr.dll HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} HKEY_CLASSES_ROOT\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA}\InprocServer32 C:\WINDOWS\system32\hp100.tmp HKEY_CLASSES_ROOT\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} Nothing SpyFalcon Rogue Security Program more information... Details: SpyFalcon is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected files detected c:\dokumente und einstellungen\herbert\startmenü\spyfalcon 3.1.lnk c:\dokumente und einstellungen\all users\startmenü\online security guide.url Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyFalcon HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A} HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\LocalServer32 "C:\Programme\SpyFalcon\SpyFalcon.exe" HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\ProgID SpyFalcon.PopupBlockerConnector.1 HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\VersionIndependentProgID SpyFalcon.PopupBlockerConnector HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A} PopupBlockerConnector Class HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B} HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B} IIgnoreList HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45} HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45} IEngineListener HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E} HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E} ILogRecord HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB} HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB} IPopupBlockerConnector HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB} HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB} Thread HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F} HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F} IBackup HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3} HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3} ILog HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD} HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD} Thread HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63} HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63} IRunAs HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20} HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20} Thread HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C} HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C} IScannerEvents HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041} HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041} IQuarantine HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F} HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F} IQuarantineEvents HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E} HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E} IPaths HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F} HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F} ISearchItem HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE} HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE} ILogEvents HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A} HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A} Thread HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2} HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}\1.0\0\win32 C:\Programme\SpyFalcon\SpyFalcon.exe HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}\1.0\HELPDIR C:\Programme\SpyFalcon\ HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}\1.0 AVG 1.0 Type Library WeirdOnTheWeb Adware (General) more information... Details: WeirdOnTheWeb is an adware application that displays pop-ups and pop-unders on the computer when the application itself is not running. Status: Quarantined Infected files detected C:\Programme\License_Manager\license_manager.exe Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A} HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\LocalServer32 C:\Programme\License_Manager\license_manager.exe HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\ProgID AMNotifier.HUBAWindow.1 HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\TypeLib {AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE} HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\VersionIndependentProgID AMNotifier.HUBAWindow HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A} HUBAWindow Class HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A} AppID {7911272A-A32A-404E-8A51-EE18B99B18C4} HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE} HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32 C:\Programme\License_Manager\license_manager.exe HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR C:\Programme\License_Manager\ HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0 AMNotifier 1.0 Type Library WinAntiVirus Pro Rogue Security Program more information... Status: Quarantined Infected files detected C:\Programme\Common Files\Companion Wizard\WapCHK.dll Infected registry entries detected HKEY_CLASSES_ROOT\AppID\WinPGI.DLL AppID {367A86A5-D048-4785-86BE-4E2706AAFDD9} HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32 C:\Programme\Common Files\Companion Wizard\WapCHK.dll HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR C:\Programme\Common Files\Companion Wizard\ HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0 CheckProduct2Lib HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0\win32 C:\Programme\WinAntiVirus Pro 2006\winpgi.dll HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\HELPDIR C:\Programme\WinAntiVirus Pro 2006\ HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0 PGIntegrator 1.0 Type Library HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StoreHistory 0 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 AllowPopupClickType 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeOpenedPopups 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddBorders 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeFitToDesktop 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddMenuAndToolbar 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 TimedPopupLimit 2 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StartBlockOnTimedPopups 0 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainPopupLimit 2 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainOnPopups 0 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 Active 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 DefaultAction 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VSScan 0 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VirusShield 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings MailProtect 1 Trojan.Agent Trojan more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4} HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\InprocServer32 C:\WINDOWS\system32\msjava32.dll HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\InprocServer32 ThreadingModel apartment HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\ProgID MSJava32.MSvm32.1 HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\ToolboxBitmap32 C:\WINDOWS\system32\msjava32.dll, 1 HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\TypeLib {3A793B2A-0DD7-4C90-BA18-B92FA8EC0AF5} HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\VersionIndependentProgID MSJava32.MSvm32 HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4} CMSvm32 Object HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4} AppID HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896} HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\InprocServer32 C:\WINDOWS\system32\msjava32.dll HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\InprocServer32 ThreadingModel apartment HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\ProgID Microsoft.MSJava32.1 HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\TypeLib {3A793B2A-0DD7-4C90-BA18-B92FA8EC0AF5} HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\VersionIndependentProgID Microsoft.MSJava32 HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896} CJava Object HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896} AppID |
|
|
||
27.05.2006, 18:38
Ehrenmitglied
Beiträge: 29434 |
#27
**
suche/loesche: C:\WINDOWS\system32\fwsvc.sys ** scanne bitte noch mal und poste wieder das Log vom Counterspy __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.05.2006, 19:34
...neu hier
Beiträge: 6 |
#28
Also die Datei habe ich nicht gefunden in dem Ordner , auch mit versteckten Dateien. Ich habe vorhin auch erst 2 in die Quarantaine verschoben und danach gelöscht vielleicht deswegen??
Aber ich bin dabei nochmal zu scannen Spyware Scan Details Start Date: 27.05.2006 18:53:00 End Date: 27.05.2006 19:14:20 Total Time: 21 mins 20 secs Detected spyware SpyFalcon Rogue Security Program more information... Details: SpyFalcon is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyFalcon DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b} So nach erneutem Neustart und Scan hat das Programm nix mehr gefunden. Bin ich jetzt erlöst?? Dieser Beitrag wurde am 27.05.2006 um 20:16 Uhr von Ebe editiert.
|
|
|
||
27.05.2006, 20:33
Ehrenmitglied
Beiträge: 29434 |
#29
Kommen noch PopUps ? ich denke ..nein.
Es ist wieder alles in Ordnung. Tip: lade den Firefix und surfe nur noch mit ihm. http://virus-protect.org/firefox.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.05.2006, 13:19
...neu hier
Beiträge: 6 |
#30
Dann erst mal ein ganz großes Dankeschön von mir!!!!!!!!
Ich werde mal schaun ob es nun wirklich weg ist und auch nicht wieder kommt. Den Tip mit Firefox habe ich auch befolgt. Du solltest vielleicht überlegen dass zu deinem Beruf zu machen scheinst ja schwer Ahnung davon zu haben!!! Also nochmals vielen Dank MfG Ebe |
|
|
||
es gibt eine neue dll, deshalb poste bitte das log vom Silentrunner
http://virus-protect.org/silentrunner.html
-----------
1.
Laden und alles auf dem Desktop entpacken:
*) spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg
*) SmitRem2.8 --> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok
------------------------------------------------------------------
2.
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html
Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: .......
Zitat
PC neustarten3.
öffne das HijackThis -- Button "scan" -- vor Malware-Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten
Zitat
4.Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). http://www.bsi.bund.de/av/texte/wiederher.htm
**
5.
Die Datei "spyfalcon.reg" auf dem Desktop doppelklicken --> und mit "ja"/"yes" der Registry beifügen
**
6.
öffne smitRem --> Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)
**
7.
Datenträgerbereinigung: und Löschen der Temporary-Dateien
Start - Ausführen - cleanmgr (reinschreiben)
Klick: Temporäre Internet Files/Temporäre Internet Dateien -> o.k.
Klick: Temporäre Dateien -> o.k
**
8.
C:\Dokumente und Einstellungen\STEFAN~1\Lokale Einstellungen\Anwendungsdaten\090d6155.exe --> suchen/loeschen, falls es vorhanden ist
------------------------------------------------------------------------
9.
boote wieder in den Normalmodus
**
10.
deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder)
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
**
11.
scanne mit superantispyware (free)
http://virus-protect.org/artikel/tools/superantispyware.html
-----------------------------------------------------------------------
12
scanne mit kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina
rund um die PC-Sicherheit