Home » Viren, Trojaner & Malware Forum » Virus Alert! in meine Taskleiste. » Themenansicht

Virus Alert! in meine Taskleiste.
#0
19.05.2006, 01:43
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 nito

es gibt eine neue dll, deshalb poste bitte das log vom Silentrunner
http://virus-protect.org/silentrunner.html

-----------
1.
Laden und alles auf dem Desktop entpacken:

*) spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg

*) SmitRem2.8 --> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok

------------------------------------------------------------------
2.
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: .......

Zitat

C:\WINDOWS\system32\fyhhxw.dll
C:\WINDOWS\system32\090d6155.exe
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf
C:\WINDOWS\YAXUninst.exe
C:\WINDOWS\system32\wingzy32.dll
C:\WINDOWS\system32\amcompat.tlb
C:\WINDOWS\system32\nscompat.tlb
PC neustarten

3.
öffne das HijackThis -- Button "scan" -- vor Malware-Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
4.
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). http://www.bsi.bund.de/av/texte/wiederher.htm

**
5.
Die Datei "spyfalcon.reg" auf dem Desktop doppelklicken --> und mit "ja"/"yes" der Registry beifügen

**
6.
öffne smitRem --> Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)

**
7.
Datenträgerbereinigung: und Löschen der Temporary-Dateien
Start - Ausführen - cleanmgr (reinschreiben)
Klick: Temporäre Internet Files/Temporäre Internet Dateien -> o.k.
Klick: Temporäre Dateien -> o.k

**
8.
C:\Dokumente und Einstellungen\STEFAN~1\Lokale Einstellungen\Anwendungsdaten\090d6155.exe --> suchen/loeschen, falls es vorhanden ist

------------------------------------------------------------------------
9.
boote wieder in den Normalmodus

**
10.
deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder)
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

**
11.
scanne mit superantispyware (free)
http://virus-protect.org/artikel/tools/superantispyware.html

-----------------------------------------------------------------------
12
scanne mit kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.05.2006, 09:39
nito
...neu hier

Beiträge: 3
#17 danke für die schnelle antwort,

hier erstmal der log vom silentrunner:


"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"Steam" = "E:\Valve\Steam\\Steam.exe -silent" ["Valve Corporation"]
"Spyware Doctor" = ""C:\Programme\Spyware Doctor\swdoctor.exe" /Q" ["PCTools"]
"SpybotSD TeaTimer" = "E:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "regperf.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"]
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""E:\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"PCTVRemote" = "C:\Programme\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" ["Pinnacle Systems"]
"D-Link AirPlus Xtreme G" = "C:\Programme\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" ["D-Link"]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"PCLEPCI" = "C:\PROGRA~1\Pinnacle\PPE\PPE.EXE" ["Pinnacle Systems GmbH"]
"UnlockerAssistant" = ""E:\Programme\Unlocker\UnlockerAssistant.exe"" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "E:\Programme\Unlocker\UnlockerCOM.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{e04408db-4812-4478-8d4d-e46edcffd3b6}" = "AutoDisc Ware"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\fyhhxw.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! wingzy32\DLLName = "wingzy32.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "E:\Programme\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

HKCU\Software\Classes\batfile\

HKCU\Software\Classes\cmdfile\

(PS:Und beim starten im abgesicherten modus, als admin einlogen?)
Dieser Beitrag wurde am 19.05.2006 um 10:02 Uhr von nito editiert.
Seitenanfang Seitenende
19.05.2006, 10:58
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18

Zitat

(PS:Und beim starten im abgesicherten modus, als admin einlogen?)
ja, natuerlich ;)
dann berichte, wie es gelaufen ist.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.05.2006, 15:56
nito
...neu hier

Beiträge: 3
#19 ganz grosses danke schön sabina, es scheint geklappt zu haben, die meldung ist weg;). kann nur pkt. 12 nicht ausführen, bei dem link hängt sich mein IE immer auf, oO. aber bis dahin hat alles bestens funktioniert. kann dir nicht genug danken. mach weiter so

Mfg Nito
Seitenanfang Seitenende
26.05.2006, 23:32
Ebe
...neu hier

Beiträge: 6
#20 Jaa schön ist das nicht ich habe auch das problem.
Ich hoffe mal mir kann auch noch geholfen werden

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3054-6B4B

Verzeichnis von C:\WINDOWS\system32

26.05.2006 23:27 5.044 stdole3.tlb
26.05.2006 22:23 10.820 atmclk.exe
26.05.2006 21:58 12.800 simpole.tlb
26.05.2006 21:58 102.912 hp100.tmp
26.05.2006 21:58 151.552 dcomcfg.exe
26.05.2006 21:51 27.661 ld750B.tmp
21.05.2006 18:56 4.286 ot.ico
21.05.2006 18:12 13.646 wpa.dbl
15.05.2006 08:54 176.128 appmagr.dll
15.05.2006 08:47 35.853 regperf.exe
04.05.2006 06:26 5.818.784 MRT.exe
15.04.2006 15:53 312.350 perfh009.dat
15.04.2006 15:53 40.738 perfc009.dat
15.04.2006 15:53 317.534 perfh007.dat
15.04.2006 15:53 48.964 perfc007.dat
15.04.2006 15:53 725.674 PerfStringBackup.INI
14.04.2006 20:49 126.976 Agent.dll
30.03.2006 11:26 1.492.480 shdocvw.dll
30.03.2006 03:16 18.944 xpsp3res.dll
23.03.2006 22:34 3.074.560 mshtml.dll
18.03.2006 13:09 615.424 urlmon.dll
17.03.2006 11:11 679.424 inetcomm.dll
17.03.2006 06:03 8.493.056 shell32.dll
17.03.2006 02:38 28.672 verclsid.exe
10.03.2006 06:09 5.533.696 wmp.dll
06.03.2006 21:43 135.168 rlmtcs.dll
04.03.2006 05:34 664.064 wininet.dll
04.03.2006 05:34 474.624 shlwapi.dll
04.03.2006 05:34 532.480 mstime.dll
04.03.2006 05:34 448.512 mshtmled.dll
04.03.2006 05:34 146.432 msrating.dll
04.03.2006 05:34 39.424 pngfilt.dll
04.03.2006 05:34 96.768 inseng.dll
04.03.2006 05:34 1.056.256 danim.dll
04.03.2006 05:34 251.392 iepeers.dll
04.03.2006 05:34 205.312 dxtrans.dll
04.03.2006 05:34 55.808 extmgr.dll
04.03.2006 05:34 1.022.976 browseui.dll
04.03.2006 05:34 152.064 cdfview.dll
01.03.2006 21:43 11.776 xolehlp.dll
01.03.2006 21:43 161.280 msdtcuiu.dll
01.03.2006 21:43 66.560 mtxclu.dll
01.03.2006 21:43 426.496 msdtcprx.dll
01.03.2006 21:43 91.136 mtxoci.dll
01.03.2006 21:43 956.416 msdtctm.dll
14.02.2006 18:47 2 stera.job
19.01.2006 21:32 1.632 d3d8caps.dat
12.01.2006 12:32 543.496 LegitCheckControl.DLL
04.01.2006 05:35 68.096 webclnt.dll

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3054-6B4B

Verzeichnis von C:\DOKUME~1\H\LOKALE~1\Temp

26.05.2006 23:16 16.384 ~DF7688.tmp
26.05.2006 21:51 16.384 ~DF5757.tmp
26.05.2006 21:51 512 ~DFC14A.tmp
26.05.2006 21:51 16.384 ~DFBF78.tmp
26.05.2006 13:25 16.384 ~DF7F38.tmp
26.05.2006 13:25 16.384 ~DFB70A.tmp
25.05.2006 16:18 16.384 ~DF6685.tmp
25.05.2006 16:18 16.384 ~DF1C70.tmp
25.05.2006 13:17 16.384 ~DF6ED5.tmp
25.05.2006 13:17 16.384 ~DFCFFF.tmp

15.02.2006 00:09 16.384 ~DF80AD.tmp
15.02.2006 00:00 3.515.306 WinAntiSpyware2006Setup.exe

14.02.2006 19:24 0 GRD$LOGFILE.LOG
14.02.2006 19:10 2.920.485 sa1.exe
14.02.2006 19:09 16.384 ~DF49.tmp
14.02.2006 19:09 16.384 ~DFF89D.tmp
14.02.2006 18:51 905 wa6Support.log
14.02.2006 18:50 131.072 ~DFB80F.tmp
14.02.2006 18:47 8.927.760 ~wa6psetup.exe
14.02.2006 18:41 797.676 IMTC.xml
14.02.2006 18:41 426 IMTB.xml
14.02.2006 18:41 2.036 IMTA.xml

edit Sabina

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3054-6B4B

Verzeichnis von C:\WINDOWS

26.05.2006 21:51 0 0.log
26.05.2006 21:51 1.270.412 WindowsUpdate.log
26.05.2006 21:51 2.048 bootstat.dat
26.05.2006 13:49 32.618 SchedLgU.Txt
22.05.2006 10:08 116 NeroDigital.ini
17.05.2006 16:58 52.535 wmsetup.log
10.05.2006 09:18 77.881 iis6.log
10.05.2006 09:18 124.536 comsetup.log
10.05.2006 09:18 1.374 imsins.log
10.05.2006 09:18 194.029 tsoc.log
10.05.2006 09:18 15.232 ocmsn.log
10.05.2006 09:18 74.637 ntdtcsetup.log
10.05.2006 09:18 11.713 KB913580.log
10.05.2006 09:18 256.773 ocgen.log
10.05.2006 09:18 25.055 msgsocm.log
10.05.2006 09:18 492.459 FaxSetup.log
10.05.2006 09:18 526.990 setupapi.log
10.05.2006 09:17 30.607 updspapi.log
25.04.2006 22:30 1.374 imsins.BAK
25.04.2006 22:30 11.160 KB900485.log
15.04.2006 16:10 182.858 ntbtlog.txt
15.04.2006 16:08 180.761 setupact.log
15.04.2006 15:53 46 InoSetup.ini
12.04.2006 10:21 30.803 spupdsvc.log
12.04.2006 10:15 15.035 KB908531.log
12.04.2006 10:15 14.232 KB911562.log
12.04.2006 10:15 16.355 KB912812.log
12.04.2006 10:13 8.692 KB911565.log
12.04.2006 10:13 10.633 KB911567.log
16.03.2006 12:51 583 win.ini
16.02.2006 17:13 11.344 KB911927.log
16.02.2006 17:13 4.665 KB911564.log
16.02.2006 17:12 7.419 KB913446.log
14.02.2006 18:57 4 data4711.bak
14.02.2006 18:57 4 num41.jbd
14.02.2006 18:57 4 info147.sys
24.01.2006 17:07 50 wiaservc.log
24.01.2006 17:07 216 wiadebug.log
12.01.2006 17:53 10.063 KB908519.log
06.01.2006 00:22 10.951 KB912919.log

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3054-6B4B

Verzeichnis von C:\

26.05.2006 23:30 0 sys.txt
26.05.2006 23:30 7.466 system.txt
26.05.2006 23:29 40.284 systemtemp.txt
26.05.2006 23:28 89.713 system32.txt
26.05.2006 21:51 536.379.392 hiberfil.sys
26.05.2006 21:51 805.306.368 pagefile.sys
15.04.2006 16:08 3.505 smitfiles.txt
28.12.2005 18:40 211 boot.ini
28.12.2005 18:35 47.564 NTDETECT.COM
28.12.2005 18:35 251.184 ntldr
23.12.2005 16:33 0 IO.SYS
23.12.2005 16:33 0 CONFIG.SYS
23.12.2005 16:33 0 AUTOEXEC.BAT
23.12.2005 16:33 0 MSDOS.SYS
02.04.2003 14:00 4.952 bootfont.bin
15 Datei(en) 1.342.130.639 Bytes
0 Verzeichnis(se), 11.801.202.688 Bytes frei

Danke schon mal
;) Ich bin noch optimistisch!!
Seitenanfang Seitenende
27.05.2006, 00:59
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 Ebe

Cleanup anwenden
http://virus-protect.org/cleanup.html

-----------------------------------------------------------------------------

1.
Laden und alles auf dem Desktop entpacken:

*) spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg

*) SmitRem2.8 --> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok

------------------------------------------------------------------
2.
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: .......

Zitat

C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\simpole.tlb
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\Agent.dll
C:\DOKUME~1\H\LOKALE~1\Temp\WinAntiSpyware2006Setup.exe
C:\DOKUME~1\H\LOKALE~1\Temp\sa1.exe
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\appmagr.dll
C:\WINDOWS\system32\regperf.exe
4.
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). http://www.bsi.bund.de/av/texte/wiederher.htm

**
3.
Die Datei "spyfalcon.reg" auf dem Desktop doppelklicken --> und mit "ja"/"yes" der Registry beifügen

**
4.
suche: C:\!KillBox
und lösche alle dort eventuell befindlichen Dateien manuell

5.
.
Verzeichnis von C:\DOKUME~1\H\LOKALE~1\Temp -> muss leer sein !!!!!!!!!!!
Datenträgerbereinigung: und Löschen der Temporary-Dateien
Start - Ausführen - cleanmgr (reinschreiben)
Klick: Temporäre Internet Files/Temporäre Internet Dateien -> o.k.
Klick: Temporäre Dateien -> o.k

6.
öffne smitRem --> Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)


------------------------------------------------------------------------
7.
boote wieder in den Normalmodus

**
8.
deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder)
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

**----------------------------------------------------------------------------------------------
9.
http://www.symantec.com/avcenter/venc/data/winantispyware.html
da anscheinend noch das hier auf dem PC vorhanden ist..........winantispyware
poste das Log vom HijackThis:

Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.05.2006, 12:26
Ebe
...neu hier

Beiträge: 6
#22 Ok soweit so gut

Logfile of HijackThis v1.99.1
Scan saved at 12:24:55, on 27.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\eTrust Antivirus\Realmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Herbert\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp6691.tmp (file missing)
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Programme\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Echzeitüberwachung.lnk = C:\Programme\CA\eTrust Antivirus\Realmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136544527692
O18 - Protocol: bw+0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7C5FC59C-C142-4D42-9985-340A38E14831} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
Seitenanfang Seitenende
27.05.2006, 14:55
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 Ebe

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp6691.tmp (file missing)
O4 - HKLM\..\Run: [SpyFalcon] C:\Programme\SpyFalcon\SpyFalcon.exe /h
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
PC neustarten

»»
ueberpruefe, ob das geloescht ist:
C:\Programme\SpyFalcon

»»
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

WinAntiSpyware 2006 Scanner

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.05.2006, 17:50
Ebe
...neu hier

Beiträge: 6
#24 REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 27.05.2006 17:49:04 for strings:
; 'winantispyware 2006 scanner

winantispyware 2006 scanner

winantispyware 2006 scanner

winantispyware 2006 scanner'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
Seitenanfang Seitenende
27.05.2006, 17:52
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#25 1.
findest du einen WinAntiSpyware 2006 Scanner auf dem Rechner ????
Falls ja, alles loeschen !

2.
Counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove --> Status: Deleted
*Quarantaine

wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.05.2006, 18:34
Ebe
...neu hier

Beiträge: 6
#26 Spyware Scan Details
Start Date: 27.05.2006 18:06:50
End Date: 27.05.2006 18:28:08
Total Time: 21 mins 18 secs

Detected spyware

Media-Codec Trojan more information...
Details: Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent.
Status: Deleted

Infected files detected
c:\programme\media-codec\uninst.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\EMediaCodec.Chl
HKEY_CLASSES_ROOT\EMediaCodec.Chl\CLSID {6BF52A52-394A-11D3-B153-00C04F79FAA6}
HKEY_CLASSES_ROOT\Media-Codec.Chl
HKEY_CLASSES_ROOT\Media-Codec.Chl\CLSID {6BF52A52-394A-11D3-B153-00C04F79FAA6}


DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\security troubleshooting.url
c:\dokumente und einstellungen\herbert\favoriten\antivirus test online.url

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}
HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}
HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32 C:\WINDOWS\system32\appmagr.dll
HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA}
HKEY_CLASSES_ROOT\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA}\InprocServer32 C:\WINDOWS\system32\hp100.tmp
HKEY_CLASSES_ROOT\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} Nothing


SpyFalcon Rogue Security Program more information...
Details: SpyFalcon is a purported anti-spyware application to scan for and remove spyware from users' computers.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\herbert\startmenü\spyfalcon 3.1.lnk
c:\dokumente und einstellungen\all users\startmenü\online security guide.url

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyFalcon
HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}
HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\LocalServer32 "C:\Programme\SpyFalcon\SpyFalcon.exe"
HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\ProgID SpyFalcon.PopupBlockerConnector.1
HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}\VersionIndependentProgID SpyFalcon.PopupBlockerConnector
HKEY_CLASSES_ROOT\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A} PopupBlockerConnector Class
HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}
HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B} IIgnoreList
HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}
HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{18575620-E41D-4204-BF6F-964069D80F45} IEngineListener
HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}
HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E} ILogRecord
HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}
HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB} IPopupBlockerConnector
HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}
HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB} Thread
HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}
HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F} IBackup
HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}
HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3} ILog
HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}
HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD} Thread
HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}
HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63} IRunAs
HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}
HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20} Thread
HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}
HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C} IScannerEvents
HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}
HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041} IQuarantine
HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}
HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F} IQuarantineEvents
HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}
HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E} IPaths
HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}
HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F} ISearchItem
HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}
HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE} ILogEvents
HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}
HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}\TypeLib {B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{EFD28371-A165-4873-A158-421D208FFE5A} Thread
HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}
HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}\1.0\0\win32 C:\Programme\SpyFalcon\SpyFalcon.exe
HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}\1.0\HELPDIR C:\Programme\SpyFalcon\
HKEY_CLASSES_ROOT\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}\1.0 AVG 1.0 Type Library


WeirdOnTheWeb Adware (General) more information...
Details: WeirdOnTheWeb is an adware application that displays pop-ups and pop-unders on the computer when the application itself is not running.
Status: Quarantined

Infected files detected
C:\Programme\License_Manager\license_manager.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}
HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\LocalServer32 C:\Programme\License_Manager\license_manager.exe
HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\ProgID AMNotifier.HUBAWindow.1
HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\TypeLib {AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\VersionIndependentProgID AMNotifier.HUBAWindow
HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A} HUBAWindow Class
HKEY_CLASSES_ROOT\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A} AppID {7911272A-A32A-404E-8A51-EE18B99B18C4}
HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32 C:\Programme\License_Manager\license_manager.exe
HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR C:\Programme\License_Manager\
HKEY_CLASSES_ROOT\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0 AMNotifier 1.0 Type Library


WinAntiVirus Pro Rogue Security Program more information...
Status: Quarantined

Infected files detected
C:\Programme\Common Files\Companion Wizard\WapCHK.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\WinPGI.DLL AppID {367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32 C:\Programme\Common Files\Companion Wizard\WapCHK.dll
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR C:\Programme\Common Files\Companion Wizard\
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0 CheckProduct2Lib
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\0\win32 C:\Programme\WinAntiVirus Pro 2006\winpgi.dll
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0\HELPDIR C:\Programme\WinAntiVirus Pro 2006\
HKEY_CLASSES_ROOT\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}\1.0 PGIntegrator 1.0 Type Library
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StoreHistory 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 AllowPopupClickType 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeOpenedPopups 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddBorders 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeFitToDesktop 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddMenuAndToolbar 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 TimedPopupLimit 2
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StartBlockOnTimedPopups 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainPopupLimit 2
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainOnPopups 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 Active 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 DefaultAction 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VSScan 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VirusShield 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings MailProtect 1


Trojan.Agent Trojan more information...
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\InprocServer32 C:\WINDOWS\system32\msjava32.dll
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\ProgID MSJava32.MSvm32.1
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\ToolboxBitmap32 C:\WINDOWS\system32\msjava32.dll, 1
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\TypeLib {3A793B2A-0DD7-4C90-BA18-B92FA8EC0AF5}
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4}\VersionIndependentProgID MSJava32.MSvm32
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4} CMSvm32 Object
HKEY_CLASSES_ROOT\CLSID\{32B7F336-4B1A-4AFD-9C4D-ADD326114CC4} AppID
HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}
HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\InprocServer32 C:\WINDOWS\system32\msjava32.dll
HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\ProgID Microsoft.MSJava32.1
HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\TypeLib {3A793B2A-0DD7-4C90-BA18-B92FA8EC0AF5}
HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896}\VersionIndependentProgID Microsoft.MSJava32
HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896} CJava Object
HKEY_CLASSES_ROOT\CLSID\{43F7497C-7687-4DEA-A057-F21BD81BC896} AppID
Seitenanfang Seitenende
27.05.2006, 18:38
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#27 **
suche/loesche:
C:\WINDOWS\system32\fwsvc.sys

**
scanne bitte noch mal und poste wieder das Log vom Counterspy
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.05.2006, 19:34
Ebe
...neu hier

Beiträge: 6
#28 Also die Datei habe ich nicht gefunden in dem Ordner , auch mit versteckten Dateien. Ich habe vorhin auch erst 2 in die Quarantaine verschoben und danach gelöscht vielleicht deswegen??
Aber ich bin dabei nochmal zu scannen

Spyware Scan Details
Start Date: 27.05.2006 18:53:00
End Date: 27.05.2006 19:14:20
Total Time: 21 mins 20 secs

Detected spyware

SpyFalcon Rogue Security Program more information...
Details: SpyFalcon is a purported anti-spyware application to scan for and remove spyware from users' computers.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpyFalcon


DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}

So nach erneutem Neustart und Scan hat das Programm nix mehr gefunden.
Bin ich jetzt erlöst??
Dieser Beitrag wurde am 27.05.2006 um 20:16 Uhr von Ebe editiert.
Seitenanfang Seitenende
27.05.2006, 20:33
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#29 Kommen noch PopUps ? ich denke ..nein.
Es ist wieder alles in Ordnung. ;)

Tip:
lade den Firefix und surfe nur noch mit ihm.
http://virus-protect.org/firefox.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.05.2006, 13:19
Ebe
...neu hier

Beiträge: 6
#30 Dann erst mal ein ganz großes Dankeschön von mir!!!!!!!!
Ich werde mal schaun ob es nun wirklich weg ist und auch nicht wieder kommt. Den Tip mit Firefox habe ich auch befolgt.

Du solltest vielleicht überlegen dass zu deinem Beruf zu machen scheinst ja schwer Ahnung davon zu haben!!!
Also nochmals vielen Dank
MfG
Ebe
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 123