about: blank Browser hijacker

#0
06.05.2006, 23:19
Member

Beiträge: 25
#1 Guten Abend,
habe mir den Hijacker About: blank eingefangen!!
Der hijackthis egibr folgendes: (kann mir jemand helfen??)

Logfile of HijackThis v1.99.1
Scan saved at 22:58:50, on 06.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\OutLaster\shhost.exe
C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
C:\Program Files\webHancer\Programs\whAgent.exe

C:\WINDOWS\system32\LVComS.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\GEMEIN~1\WinTools\WSup.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\winsrv32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Dubi\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [shhost] C:\Programme\OutLaster\shhost.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MARKETING32.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - https://www.hood.de/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Vielen Dank!!
marc.
Seitenanfang Seitenende
06.05.2006, 23:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 1.
LSPfix
http://www.spychecker.com/program/lspfix.html
schreibe ab, welche dll du dort findest.

2.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html
PC neustarten

3.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

4.
echo.zip
entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren
http://virus-protect.org/bat/echo.zip

5.
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

shhost

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2006, 11:45
Member

Themenstarter

Beiträge: 25
#3 Hallo Sabina,

erst mal vielen Dank für die Beschreibung!!!
Beim letzten Schritt ist dieses herausgekommen:

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.0.1

; Results at 07.05.2006 11:39:49 for strings:
; 'shhost'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\shhost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shhost"="C:\\Programme\\OutLaster\\shhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost]
"UninstallString"="C:\\Programme\\OutLaster\\un-shhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\shhost]

[HKEY_USERS\S-1-5-21-2157384091-728378468-2993898689-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\OutLaster\\shhost.exe"="shhost"

; End Of The Log...
Seitenanfang Seitenende
07.05.2006, 12:07
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 du musst mir alle Daten posten,also alle Punkte abarbeiten... ...erst dann beginnt die Reinigung ;)

ich habe schon eine Seite erstellt
http://virus-protect.org/artikel/spyware/outlaster.html
aber nun muss ich noch die 4 Logs von datfindbat sehen und welche dll du in LSPfix hast, sowie welche Dateien in echo.zip erscheinen...
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2006, 12:33
Member

Themenstarter

Beiträge: 25
#5 Hallo Sabina,

hier sind die restlichen Daten ich hoffe komplett!!


Im LSP-Fix habe ich folgendes gefunden:

mswsock.dll TCP/IP
winrnr.dll NTDS
newdotnet7_22.dll New.net Name Space Provider
webhdll.dll (Protocol handler)
rsvpsp.dll (Protocol handler)

Verzeichnis von C:\WINDOWS\Downloaded Program Files

14.10.1997 18:52 697 DirectAnimation Java Classes.osd
07.06.2005 16:35 1.124.872 EPUWALcontrol.dll
09.05.2005 09:54 539 EPUWALcontrol.inf
23.04.2005 18:02 378 ImageUploader3.inf
23.04.2005 18:03 1.828.376 ImageUploader3.ocx
25.08.2003 18:12 1.096 iuctl.inf
11.10.2005 17:49 752 jinstall-1_5_0_05.inf
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf
14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx
29.06.2005 19:17 227 opuc.inf
01.09.2004 18:46 298 sinstaller.inf
27.08.2005 14:30 5.065 swflash.inf
30.06.2003 23:41 1.689 WMV9VCM.inf
14 Datei(en) 3.079.042 Bytes

Anzahl der angezeigten Dateien:
14 Datei(en) 3.079.042 Bytes
0 Verzeichnis(se), 38.056.263.680 Bytes frei

Verzeichnis von C:\

07.05.2006 11:31 0 sys.txt
07.05.2006 11:29 18.223 system.txt
07.05.2006 11:29 1.700 systemtemp.txt

C:\DOKUME~1\Marc\LOKALE~1\Temp

07.05.2006 10:59 125.972 jusched.log
06.05.2006 22:39 11.058 hijackthis.log
06.05.2006 17:10 2.374 SCSILog0.txt
06.05.2006 17:05 3.584 aae835.mst
06.05.2006 16:14 0 CacheInfo.dnl
06.05.2006 15:49 717 control.xml
30.04.2006 22:37 53.728 663_appcompat.txt
30.04.2006 22:24 0 EPSLog.txt
30.04.2006 16:30 246 EPS_PicLookup.dat
23.04.2006 23:15 874 java_install_reg.log
23.04.2006 23:14 23.536 java_install.log
23.04.2006 23:12 955 jinstall.cfg
18.04.2006 13:59 65.536 ~DF13F4.tmp
16.04.2006 21:41 373.453 TWAIN.LOG
16.04.2006 21:38 3.241.362 CNQ2410_2.SHD
16.04.2006 21:38 3 Twain001.Mtx
16.04.2006 21:38 156 Twunk001.MTX
16.04.2006 21:35 0 Twunk002.MTX
09.04.2006 17:25 40.612.196 ~WRD0001.doc
09.04.2006 17:25 83.689.418 ~WRD0000.doc
08.04.2006 11:17 0 98410B.tmp
02.04.2006 20:12 11.980 11a0_appcompat.txt
19.03.2006 22:32 39.985 epurcdever11.dll.zip
08.03.2006 17:13 0 vt8107.tmp
03.03.2006 03:25 243.512 AutoDL%3FBundleId=10380_b19770de.exe
02.02.2006 22:23 2.423.496 Patch_MSN_Messenger.EXE
11.03.2005 13:23 172.032 epurcdever11.dll
16.02.2005 11:06 218.112 HijackThis.exe

C:\WINDOWS\system32

07.05.2006 10:54 381.604 perfh009.dat
07.05.2006 10:54 53.868 perfc009.dat
07.05.2006 10:54 392.522 perfh007.dat
07.05.2006 10:54 64.806 perfc007.dat
07.05.2006 10:54 903.644 PerfStringBackup.INI
06.05.2006 23:22 8.192 udpmod.dll
06.05.2006 23:22 8.192 questmod.dll
06.05.2006 23:22 8.192 jao.dll
06.05.2006 23:22 8.192 bridge.dll
06.05.2006 23:22 8.192 a.exe
06.05.2006 23:22 8.192 runsrv32.exe
06.05.2006 23:22 8.192 txfdb32.dll
06.05.2006 23:22 8.192 runsrv32.dll
06.05.2006 23:22 8.192 wstart.dll
06.05.2006 23:22 8.192 tcpservice2.exe
06.05.2006 23:22 8.192 dailytoolbar.dll
06.05.2006 23:22 8.192 alxres.dll
06.05.2006 21:09 4.608 taskdir.dll
06.05.2006 19:34 2.206 wpa.dbl
04.05.2006 17:52 1 exuc32.tmp
04.05.2006 17:52 8.192 shellgui32.dll
04.05.2006 17:44 16.896 winapi32.dll
04.05.2006 17:44 48.644 winbl32.dll
04.05.2006 17:44 48.644 repigsp.exe
04.05.2006 17:44 71.684 winsrv32.exe
04.05.2006 17:44 8.708 rzcuxccp.exe
27.04.2006 19:52 6.152 phqghume.exe
23.04.2006 23:15 7.006 jupdate-1.5.0_06-b05.log
08.04.2006 13:22 6 reboot.txt
06.04.2006 21:48 5.143.456 MRT.exe
30.03.2006 11:26 1.492.480 shdocvw.dll
30.03.2006 03:16 18.944 xpsp3res.dll
23.03.2006 22:34 3.074.560 mshtml.dll
22.03.2006 21:49 46.592 zlbw.dll
22.03.2006 21:49 51.065 taskdir.exe
22.03.2006 21:49 51.065 parad.raw.exe
22.03.2006 21:49 4 winsub.xml
22.03.2006 21:49 60 svcp.csv
22.03.2006 21:49 7.095 voblaizdupla.exe
18.03.2006 13:09 615.424 urlmon.dll
17.03.2006 11:11 679.424 inetcomm.dll
17.03.2006 06:03 8.493.056 shell32.dll
17.03.2006 02:38 28.672 verclsid.exe
10.03.2006 06:09 5.533.696 wmp.dll
04.03.2006 05:34 664.064 wininet.dll
04.03.2006 05:34 474.624 shlwapi.dll
04.03.2006 05:34 146.432 msrating.dll
04.03.2006 05:34 532.480 mstime.dll
04.03.2006 05:34 39.424 pngfilt.dll
04.03.2006 05:34 448.512 mshtmled.dll
04.03.2006 05:34 55.808 extmgr.dll
04.03.2006 05:34 96.768 inseng.dll
04.03.2006 05:34 1.056.256 danim.dll
04.03.2006 05:34 205.312 dxtrans.dll
04.03.2006 05:34 251.392 iepeers.dll
04.03.2006 05:34 152.064 cdfview.dll
04.03.2006 05:34 1.022.976 browseui.dll
21.02.2006 16:46 327.504 FNTCACHE.DAT
24.01.2006 17:26 204.800 FoxyUninstall.exe

C:\WINDOWS

07.05.2006 10:51 0 0.log
07.05.2006 10:50 159 wiadebug.log
07.05.2006 10:50 223.168 setupapi.log
07.05.2006 10:50 1.915.729 WindowsUpdate.log
07.05.2006 10:50 50 wiaservc.log
07.05.2006 10:49 2.048 bootstat.dat
07.05.2006 10:48 32.622 SchedLgU.Txt
06.05.2006 23:22 8.192 dlmax.dll
06.05.2006 23:22 8.192 Pynix.dll
06.05.2006 23:22 8.192 BTGrab.dll
06.05.2006 23:22 8.192 ZServ.dll
06.05.2006 23:22 8.192 susp.exe
06.05.2006 23:22 8.192 alxtb1.dll
06.05.2006 23:22 8.192 alxie328.dll
06.05.2006 23:22 8.192 alexaie.dll
06.05.2006 22:58 10.809 win-sec-center-logo.gif
06.05.2006 22:58 1.014 warning-bar-ico.gif
06.05.2006 22:58 6.575 remove-spyware-btn.gif
06.05.2006 22:58 64 close-bar.gif
06.05.2006 22:58 177 blue-bg.gif
06.05.2006 22:58 545 yes-icon.gif
06.05.2006 22:58 2.400 windows-compatible.gif
06.05.2006 22:58 985 true-stories.gif
06.05.2006 22:58 196 star.gif
06.05.2006 22:58 127 star-grey.gif
06.05.2006 22:58 10.829 spyware-sheriff-header.gif
06.05.2006 22:58 18.610 spyware-sheriff-box.gif
06.05.2006 22:58 9.392 reg-freeze-header.gif
06.05.2006 22:58 20.199 reg-freeze-box.gif
06.05.2006 22:58 104 no-icon.gif
06.05.2006 22:58 7.627 info.gif
06.05.2006 22:58 7.679 infected.gif
06.05.2006 22:58 352 header-bg.gif
06.05.2006 22:58 1.028 h-line-gradient.gif
06.05.2006 22:58 2.361 free-scan-btn.gif
06.05.2006 22:58 803 footer.gif
06.05.2006 22:58 1.470 facts.gif
06.05.2006 22:58 119 corner-right.gif
06.05.2006 22:58 119 corner-left.gif
06.05.2006 22:58 2.151 buy-now-btn.gif
06.05.2006 22:58 3.808 antispylab-logo.gif
06.05.2006 22:58 9.977 adware-sheriff-header.gif
06.05.2006 22:58 18.600 adware-sheriff-box.gif
06.05.2006 22:03 291.338 comsetup.log
06.05.2006 22:03 1.891 imsins.log
06.05.2006 22:03 189.855 ntdtcsetup.log
06.05.2006 22:03 374.830 tsoc.log
06.05.2006 22:03 126.466 iis6.log
06.05.2006 22:03 42.565 ocmsn.log
06.05.2006 22:03 49.767 msgsocm.log
06.05.2006 22:03 582.653 ocgen.log
06.05.2006 22:03 888.232 FaxSetup.log
06.05.2006 22:02 4.507 imsins.BAK
06.05.2006 22:02 1.702 setuperr.log
06.05.2006 22:02 229.493 setupact.log
06.05.2006 21:26 1.824 ie4 error log.txt
06.05.2006 17:05 681 KB842787.log
06.05.2006 17:05 509 KB830363.log
06.05.2006 15:49 394.504 wmsetup.log
03.05.2006 18:09 116 NeroDigital.ini
25.04.2006 20:42 11.135 KB900485.log
16.04.2006 22:31 30.600 spupdsvc.log
16.04.2006 21:46 15.018 KB908531.log
16.04.2006 21:46 25.510 updspapi.log
16.04.2006 21:46 14.261 KB911562.log
16.04.2006 21:46 16.280 KB912812.log
16.04.2006 21:45 18.162 KB911565.log
16.04.2006 21:45 10.644 KB911567.log
08.04.2006 13:21 19.448 hpdj5600.his
08.04.2006 13:21 2.300 hpdj5600.ini
28.03.2006 17:48 7.043 MKDEMSG.LOG
28.03.2006 17:41 3.072 MKDEWE.TRN
27.03.2006 16:43 807 win.ini
27.03.2006 15:37 8.192 Thumbs.db
19.02.2006 14:28 3.166 TM.INI
19.02.2006 14:20 35 tdf.dii
17.02.2006 19:42 13.718 KB911927.log
17.02.2006 19:42 9.533 KB911564.log
17.02.2006 19:41 8.244 KB913446.log
17.02.2006 18:51 1.067.916 setupapi.log.1.old
14.02.2006 19:57 165 mandant.ini
31.01.2006 22:44 183.296 NDNuninstall7_22.exe
26.01.2006 19:31 3.347 mozver.dat
26.01.2006 18:25 37 install.log
22.01.2006 17:05 14.986 Lycos WLAN Sniffer Setup Log.txt
11.01.2006 19:21 10.111 KB908519.log
06.01.2006 23:16 11.007 KB912919.log
05.01.2006 20:38 183.296 NDNuninstall7_14.exe

0)DPF????
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\Downloaded Program Files

14.10.1997 18:52 697 DirectAnimation Java Classes.osd
07.06.2005 16:35 1.124.872 EPUWALcontrol.dll
09.05.2005 09:54 539 EPUWALcontrol.inf
23.04.2005 18:02 378 ImageUploader3.inf
23.04.2005 18:03 1.828.376 ImageUploader3.ocx
25.08.2003 18:12 1.096 iuctl.inf
11.10.2005 17:49 752 jinstall-1_5_0_05.inf
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf
14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx
29.06.2005 19:17 227 opuc.inf
01.09.2004 18:46 298 sinstaller.inf
27.08.2005 14:30 5.065 swflash.inf
30.06.2003 23:41 1.689 WMV9VCM.inf
14 Datei(en) 3.079.042 Bytes

Anzahl der angezeigten Dateien:
14 Datei(en) 3.079.042 Bytes
0 Verzeichnis(se), 38.056.263.680 Bytes frei
10)DPF????
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\Downloaded Program Files

14.10.1997 18:52 697 DirectAnimation Java Classes.osd
07.06.2005 16:35 1.124.872 EPUWALcontrol.dll
09.05.2005 09:54 539 EPUWALcontrol.inf
23.04.2005 18:02 378 ImageUploader3.inf
23.04.2005 18:03 1.828.376 ImageUploader3.ocx
25.08.2003 18:12 1.096 iuctl.inf
11.10.2005 17:49 752 jinstall-1_5_0_05.inf
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf
14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx
29.06.2005 19:17 227 opuc.inf
01.09.2004 18:46 298 sinstaller.inf
27.08.2005 14:30 5.065 swflash.inf
30.06.2003 23:41 1.689 WMV9VCM.inf
14 Datei(en) 3.079.042 Bytes

Anzahl der angezeigten Dateien:
14 Datei(en) 3.079.042 Bytes
0 Verzeichnis(se), 38.054.559.744 Bytes frei


REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.0.1

; Results at 07.05.2006 11:39:49 for strings:
; 'shhost'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\shhost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shhost"="C:\\Programme\\OutLaster\\shhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost]
"UninstallString"="C:\\Programme\\OutLaster\\un-shhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\shhost]

[HKEY_USERS\S-1-5-21-2157384091-728378468-2993898689-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\OutLaster\\shhost.exe"="shhost"

; End Of The Log...



Gruß
Marc.
Seitenanfang Seitenende
07.05.2006, 13:11
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 es ist eine schwere Verseuchung ..und wir muessen alles in Teilschritten abarbeiten.

a) das letzte Log von Datfindbat fehlt.... ( C:\ )
---------------------------------------------------------------------

LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing"--Remove
- und loesche die

newdotnet7_22.dll
webhdll.dll

(eventuell musst du die dll von links nach rechts bringen)

-------------------------------------------------------------

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O4 - HKLM\..\Run: [shhost] C:\Programme\OutLaster\shhost.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe

O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MARKETING32.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
PC neustarten


Avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\shhost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost

Files to delete:
C:\WINDOWS\system32\udpmod.dll
C:\WINDOWS\system32\questmod.dll
C:\WINDOWS\system32\jao.dll
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\taskdir.exe
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\txfdb32.dll
C:\WINDOWS\system32\runsrv32.dll
C:\WINDOWS\system32\wstart.dll
C:\WINDOWS\system32\tcpservice2.exe
C:\WINDOWS\system32\dailytoolbar.dll
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\taskdir.dll
C:\WINDOWS\system32\exuc32.tmp
C:\WINDOWS\system32\shellgui32.dll
C:\WINDOWS\system32\winapi32.dll
C:\WINDOWS\system32\winbl32.dll
C:\WINDOWS\system32\repigsp.exe
C:\WINDOWS\system32\winsrv32.exe
C:\WINDOWS\system32\rzcuxccp.exe
C:\WINDOWS\system32\phqghume.exe
C:\WINDOWS\dlmax.dll
C:\WINDOWS\Pynix.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\ZServ.dll
C:\WINDOWS\susp.exe
C:\WINDOWS\alxtb1.dll
C:\WINDOWS\alxie328.dll
C:\WINDOWS\alexaie.dll
C:\WINDOWS\win-sec-center-logo.gif
C:\WINDOWS\warning-bar-ico.gif
C:\WINDOWS\remove-spyware-btn.gif
C:\WINDOWS\close-bar.gif
C:\WINDOWS\blue-bg.gif
C:\WINDOWS\yes-icon.gif
C:\WINDOWS\windows-compatible.gif
C:\WINDOWS\true-stories.gif
C:\WINDOWS\star.gif
C:\WINDOWS\star-grey.gif
C:\WINDOWS\spyware-sheriff-header.gif
C:\WINDOWS\spyware-sheriff-box.gif
C:\WINDOWS\reg-freeze-header.gif
C:\WINDOWS\reg-freeze-box.gif
C:\WINDOWS\no-icon.gif
C:\WINDOWS\info.gif
C:\WINDOWS\infected.gif
C:\WINDOWS\header-bg.gif
C:\WINDOWS\h-line-gradient.gif
C:\WINDOWS\free-scan-btn.gif
C:\WINDOWS\footer.gif
C:\WINDOWS\facts.gif
C:\WINDOWS\corner-right.gif
C:\WINDOWS\corner-left.gif
C:\WINDOWS\buy-now-btn.gif
C:\WINDOWS\antispylab-logo.gif
C:\WINDOWS\adware-sheriff-header.gif
C:\WINDOWS\adware-sheriff-box.gif
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\NDNuninstall7_14.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste den Text, der nach dem Neustart erscheint

**
HijackThis (Uninstall Manager)

*öffne HijackThis
*click Config - Misc Tools - "Open Uninstall Manager" - "Save List" (generates uninstall_list.txt)
*click - Save - *nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2006, 13:21
Member

Themenstarter

Beiträge: 25
#7 Hallo Sabina,

hier das letzte log: Rest kommt

Verzeichnis von C:\

07.05.2006 13:18 0 sys.txt
07.05.2006 13:18 18.223 system.txt
07.05.2006 13:18 1.799 systemtemp.txt
07.05.2006 13:17 108.203 system32.txt
07.05.2006 12:29 2.286 DirDPF.txt
07.05.2006 12:29 2 DirDPFCns.txt
07.05.2006 10:49 536.399.872 hiberfil.sys
07.05.2006 10:49 805.306.368 pagefile.sys
04.05.2006 19:09 213.102 hpfr5600.log
22.03.2006 21:13 16 mxfilerelatedcache.mxc2


Hier der Rest: avenger.txt

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nqwoikcp

*******************

Script file located at: \??\C:\dddknwtc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\udpmod.dll deleted successfully.
File C:\WINDOWS\system32\questmod.dll deleted successfully.
File C:\WINDOWS\system32\jao.dll deleted successfully.
File C:\WINDOWS\system32\bridge.dll deleted successfully.
File C:\WINDOWS\system32\a.exe deleted successfully.
File C:\WINDOWS\system32\taskdir.exe deleted successfully.


File C:\WINDOWS\system32\susp.exe not found!
Deletion of file C:\WINDOWS\system32\susp.exe failed!

Could not process line:
C:\WINDOWS\system32\susp.exe
Status: 0xc0000034

File C:\WINDOWS\system32\runsrv32.exe deleted successfully.
File C:\WINDOWS\system32\txfdb32.dll deleted successfully.
File C:\WINDOWS\system32\runsrv32.dll deleted successfully.
File C:\WINDOWS\system32\wstart.dll deleted successfully.
File C:\WINDOWS\system32\tcpservice2.exe deleted successfully.
File C:\WINDOWS\system32\dailytoolbar.dll deleted successfully.
File C:\WINDOWS\system32\alxres.dll deleted successfully.
File C:\WINDOWS\system32\taskdir.dll deleted successfully.
File C:\WINDOWS\system32\exuc32.tmp deleted successfully.
File C:\WINDOWS\system32\shellgui32.dll deleted successfully.
File C:\WINDOWS\system32\winapi32.dll deleted successfully.
File C:\WINDOWS\system32\winbl32.dll deleted successfully.
File C:\WINDOWS\system32\repigsp.exe deleted successfully.
File C:\WINDOWS\system32\winsrv32.exe deleted successfully.
File C:\WINDOWS\system32\rzcuxccp.exe deleted successfully.
File C:\WINDOWS\system32\phqghume.exe deleted successfully.
File C:\WINDOWS\dlmax.dll deleted successfully.
File C:\WINDOWS\Pynix.dll deleted successfully.
File C:\WINDOWS\BTGrab.dll deleted successfully.
File C:\WINDOWS\ZServ.dll deleted successfully.
File C:\WINDOWS\susp.exe deleted successfully.
File C:\WINDOWS\alxtb1.dll deleted successfully.
File C:\WINDOWS\alxie328.dll deleted successfully.
File C:\WINDOWS\alexaie.dll deleted successfully.
File C:\WINDOWS\win-sec-center-logo.gif deleted successfully.
File C:\WINDOWS\warning-bar-ico.gif deleted successfully.
File C:\WINDOWS\remove-spyware-btn.gif deleted successfully.
File C:\WINDOWS\close-bar.gif deleted successfully.
File C:\WINDOWS\blue-bg.gif deleted successfully.
File C:\WINDOWS\yes-icon.gif deleted successfully.
File C:\WINDOWS\windows-compatible.gif deleted successfully.
File C:\WINDOWS\true-stories.gif deleted successfully.
File C:\WINDOWS\star.gif deleted successfully.
File C:\WINDOWS\star-grey.gif deleted successfully.
File C:\WINDOWS\spyware-sheriff-header.gif deleted successfully.
File C:\WINDOWS\spyware-sheriff-box.gif deleted successfully.
File C:\WINDOWS\reg-freeze-header.gif deleted successfully.
File C:\WINDOWS\reg-freeze-box.gif deleted successfully.
File C:\WINDOWS\no-icon.gif deleted successfully.
File C:\WINDOWS\info.gif deleted successfully.
File C:\WINDOWS\infected.gif deleted successfully.
File C:\WINDOWS\header-bg.gif deleted successfully.
File C:\WINDOWS\h-line-gradient.gif deleted successfully.
File C:\WINDOWS\free-scan-btn.gif deleted successfully.
File C:\WINDOWS\footer.gif deleted successfully.
File C:\WINDOWS\facts.gif deleted successfully.
File C:\WINDOWS\corner-right.gif deleted successfully.
File C:\WINDOWS\corner-left.gif deleted successfully.
File C:\WINDOWS\buy-now-btn.gif deleted successfully.
File C:\WINDOWS\antispylab-logo.gif deleted successfully.
File C:\WINDOWS\adware-sheriff-header.gif deleted successfully.
File C:\WINDOWS\adware-sheriff-box.gif deleted successfully.
File C:\WINDOWS\NDNuninstall7_22.exe deleted successfully.
File C:\WINDOWS\NDNuninstall7_14.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\shhost deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shhost deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Dieser Beitrag wurde am 07.05.2006 um 14:01 Uhr von timerider999 editiert.
Seitenanfang Seitenende
07.05.2006, 14:12
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 kopiere in den avenger:

Zitat

Files to delete:
C:\mxfilerelatedcache.mxc2
gruene Ampel klicken..neustarten

HijackThis (Uninstall Manager)

*öffne HijackThis
*click Config - Misc Tools - "Open Uninstall Manager" - "Save List" (generates uninstall_list.txt)
*click - Save - *nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2006, 14:20
Member

Themenstarter

Beiträge: 25
#9 Jetzt kommt dieses:


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mxmnosof

*******************

Script file located at: \??\C:\Program Files\uqprruko.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\mxfilerelatedcache.mxc2 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
07.05.2006, 14:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 HijackThis (Uninstall Manager)

*öffne HijackThis
*click Config - Misc Tools - "Open Uninstall Manager" - "Save List" (generates uninstall_list.txt)
*click - Save - *nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2006, 14:40
Member

Themenstarter

Beiträge: 25
#11 Hier die nächste:


Ad-Aware SE Personal
Adobe Reader 7.0.5 - Deutsch
Adobe Reader 7.0.7
ALDI Foto Manager Free Sued (D)
ALDI Online Druck Service (Sued)
ALDI Sued Foto Service (D)
ArcSoft PhotoStudio 5.5
ATI - Dienstprogramm zur Deinstallation der Software
ATI Control Panel
ATI Display Driver
CA eTrust Antivirus
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
CleanUp!
C-Media 3D Audio
DesktopWonder V 1.0
DivX Codec
EAX Unified
eMule.de 44b v16 webcache
Ethereal 0.10.13
eTrust Antivirus Registration
Google Earth
HaufeReader
HijackThis 1.99.1
Home Cinema XL II
hp deskjet 5600
InCD
Informationen über Ihren PC
InstantCopy
iRaTe 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Logitech Desktop Messenger
Logitech MouseWare 9.76
Logitech Print Service
Logitech QuickCam
Logitech Resource Center
Logitech® Camera-Treiber
Lunar
LunarPlus 30-Minuten-Demo
Lycos WLAN Sniffer
Macromedia Flash Player 8
Manual CanoScan LiDE 500F
maxx PDFMAILER Standard
Medi@Show
Medicopter 4 deinstallieren
Medion Flash XL
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft AutoRoute v11.0
Microsoft Encarta Enzyklopädie 2004
Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
Microsoft Office Professional Edition 2003
Microsoft Outlook-Sicherung für Persönliche Ordner
Microsoft Picture It! Foto Premium 9
Microsoft Windows-Journal-Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite-Add-Ins für Microsoft Word
MindManager 2002
Mozilla Firefox (1.0.6)
MSN Messenger 7.5
MUSICMATCH(R) Jukebox
MySQL Server 5.0
Nero Media Player
Nero OEM
NeroVision Express 3
New.net Domains 7.22
Nvu 1.0
Opera
Orpheus Demo
Outlook Backup Assistant 2.2
phase5
Pinnacle Hollywood FX for Studio
PowerCinema 2.0
PowerDirector
PowerDVD
PowerProducer
Race Driver
RealOne Player
SAMSUNG CDMA Modem Driver Set
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Search Assistant
Shockwave
Sicherheitsupdate für Step by Step Interactive Training (KB898458)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows XP (KB890046)
Sicherheitsupdate für Windows XP (KB893756)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896422)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896424)
Sicherheitsupdate für Windows XP (KB896428)
Sicherheitsupdate für Windows XP (KB896688)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899588)
Sicherheitsupdate für Windows XP (KB899591)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB904706)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB905915)
Sicherheitsupdate für Windows XP (KB908519)
Sicherheitsupdate für Windows XP (KB908531)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows XP (KB911567)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB912812)
Sicherheitsupdate für Windows XP (KB912919)
Sicherheitsupdate für Windows XP (KB913446)
SiSoftware Sandra Lite 2005.SR1 (Win64/32/CE)
SmartSound Quicktracks Plugin
Steuer 2005
Steuer Hilfesammlung Version 12
Studio 9
Synthesizer Access Modul
TuneUp Utilities 2006
Update für Windows XP (KB894391)
Update für Windows XP (KB896727)
Update für Windows XP (KB898461)
Update für Windows XP (KB900485)
Update für Windows XP (KB910437)
USB Wireless Keyboard Driver Ver1.24M
VideoLive Mail
Viewpoint Media Player
VMware Workstation
webHancer Customer Companion
webHancer Survey Companion
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
Windows XP-Hotfix - KB834707
Windows XP-Hotfix - KB867282
Windows XP-Hotfix - KB873333
Windows XP-Hotfix - KB873339
Windows XP-Hotfix - KB885250
Windows XP-Hotfix - KB885835
Windows XP-Hotfix - KB885836
Windows XP-Hotfix - KB885884
Windows XP-Hotfix - KB886185
Windows XP-Hotfix - KB887472
Windows XP-Hotfix - KB887742
Windows XP-Hotfix - KB888113
Windows XP-Hotfix - KB888302
Windows XP-Hotfix - KB890047
Windows XP-Hotfix - KB890175
Windows XP-Hotfix - KB890859
Windows XP-Hotfix - KB890923
Windows XP-Hotfix - KB891781
Windows XP-Hotfix - KB893066
Windows XP-Hotfix - KB893086
Windows-Sicherungsprogramm
WinPcap 3.1
Win-Tools Easy Installer (by WebSearch)
WinZip
X10 Hardware(TM)
XoftSpy
Seitenanfang Seitenende
07.05.2006, 14:57
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 boote in den abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt)

1.
deinstalliere:

Win-Tools Easy Installer (by WebSearch)
New.net Domains 7.22
webHancer Customer Companion
webHancer Survey Companion
OutLaster
DesktopWonder V 1.0

2.
loesche:

C:\Program Files\webHancer
C:\Programme\Gemeinsame Dateien\WinTools
C:\Programme\OutLaster
C:\Programme\NEWDOT

boote wieder in den Normalmodus

3.
Counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove --> Status: Deleted
*Quarantaine

wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2006, 15:42
Member

Themenstarter

Beiträge: 25
#13 sorry counterspy läuft im Hintergrund.

Melde mich dann wieder!!

Marc.


Hallo Sabina,

1. die Datei OutLaster konnte ich über software nicht finden.
2. C:\ Programme\NEWDOT lässt sich nicht löschen, da schreibgeschützt,
kann ich auch nicht aufheben

3. Der Counterspy schliesst sich immer wenn ich auf Scan now gehe


Was soll ich machen??

Gruß Marc.
Dieser Beitrag wurde am 07.05.2006 um 15:54 Uhr von timerider999 editiert.
Seitenanfang Seitenende
07.05.2006, 16:43
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 gehe in den abgesicherten Modus und scanne dort mit Counterspy, dann alles auf *remove stellen
vergiss nicht, dann den scanreport zu posten (wenn du wieder im Normalmodus bist)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.05.2006, 22:01
Member

Themenstarter

Beiträge: 25
#15 Hallo sabina,

hier endlich der Bericht von counter spy:

Spyware Scan Details
Start Date: 07.05.2006 20:15:51
End Date: 07.05.2006 21:52:23
Total Time: 1 hrs 36 mins 32 secs

Detected spyware

NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Ignored

Infected files detected
c:\Programme\NewDotNet\newdotnet7_22.dll
c:\programme\newdotnet\readme.html
c:\programme\newdotnet\uninstall6_38.exe
c:\programme\newdotnet\uninstall7_22.exe
c:\windows\ndnuninstall6_38.exe
C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Temp\backups\backup-20060507-133411-402.dll
C:\WINDOWS\NDNuninstall6_98.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\tldctl2.urllink.1
HKEY_CLASSES_ROOT\tldctl2.urllink.1\CLSID {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_CLASSES_ROOT\tldctl2.urllink.1 URLLink
HKEY_CLASSES_ROOT\tldctl2.urllink
HKEY_CLASSES_ROOT\tldctl2.urllink\CLSID {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_CLASSES_ROOT\tldctl2.urllink\CurVer Tldctl2.URLLink.1
HKEY_CLASSES_ROOT\tldctl2.urllink URLLink
HKEY_CLASSES_ROOT\tldctl2.urllink\clsid
HKEY_CLASSES_ROOT\tldctl2.urllink\clsid {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net LSPStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source
HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run New.net Startup
HKEY_LOCAL_MACHINE\software\new.net
HKEY_LOCAL_MACHINE\software\new.net Activity 10610
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 458774
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet7_22.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=828d06d47cff59b85c50e935ac32601a
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source new_net
HKEY_LOCAL_MACHINE\software\new.net Prt NN100
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 0
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29783186
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -101433602
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\software\new.net XpiDone 1
HKEY_CURRENT_USER\Software\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag


webHancer Adware (General) more information...
Details: WebHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user.
Status: Ignored

Infected files detected
c:\programme\whinstall\whagent.inf
c:\programme\whinstall\whinstaller.ini
C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1008\Dc58\whAgent_update.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey Changed 0
HKEY_LOCAL_MACHINE\software\webhancer
HKEY_LOCAL_MACHINE\software\webhancer\CC DistTag OVERNET
HKEY_LOCAL_MACHINE\software\webhancer\CC id 129374547
HKEY_LOCAL_MACHINE\software\webhancer
HKEY_LOCAL_MACHINE\software\webhancer BaseDir C:\Program Files\webHancer
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer BaseDir C:\Program Files\webHancer


Trojan.Vxgame Trojan more information...
Details: Vxgame is a trojan that silently downloads additional malware from the internet and alters the system's security settings by disabling the Windows firewall.
Status: Ignored

Infected files detected
c:\windows\system32\svcp.csv
c:\windows\system32\winsub.xml


Trojan.svcHost Trojan more information...
Details: Trojan.svcHost is a trojan that downloads and installs adware and malware from the internet without the user's knowledge and consent.
Status: Ignored

Infected files detected
c:\windows\system32\zlbw.dll


Proxy-Lager Backdoor more information...
Details: Proxy-Lager is an application that creates a backdoor on the infected machine which is used by attackers to perform malicious activities.
Status: Ignored

Infected files detected
c:\windows\system32\parad.raw.exe
C:\WINDOWS\system32\voblaizdupla.exe


IBIS.WinTools Browser Plug-in more information...
Details: Bubba WinTools purpose is currently unknown. Bubba.wintools installs a Browser Helper Object, a URLSearchHook and drops several files in Common files\WinTools\. Bubba.wintools runs at startup
Status: Ignored

Infected files detected
C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1008\Dc59\WToolsA.exe


Trojan.Blarul.D Backdoor more information...
Status: Ignored

Infected files detected
C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1008\Dc60\shhost.exe


IBIS.WebSearch Toolbar Toolbar more information...
Details: WebSearch Toolbar is an Internet Explorer search hijacker.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}
HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6}
HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}
HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}\Implemented Categories
HKEY_CLASSES_ROOT\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711}
HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\Implemented Categories
HKEY_CLASSES_ROOT\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
HKEY_CLASSES_ROOT\protocols\name-space handler\res
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto C C
HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}
HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}\Implemented Categories
HKEY_CLASSES_ROOT\clsid\{2C4E6D22-B71F-491F-AAD3-B6972A650D50}
HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}
HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}\Implemented Categories
HKEY_CLASSES_ROOT\clsid\{AF8B3C81-CD19-45FB-B6BE-160D27711DE8}


Alexa Toolbar Potential Privacy Risk more information...
Details: Alexa is a free, ad-based product which installs itself into your Internet Explorer or Netscape browser. It ads a bar which has a series of links into your browser which gives quite a bit of information about each web page that you visit.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Toolbar
HKEY_CLASSES_ROOT\AlxTB.BHO
HKEY_CLASSES_ROOT\Interface\{0BBB0424-E98E-4405-9A94-481854765C80}
HKEY_CLASSES_ROOT\Interface\{0F3332B5-BC98-48AF-9FAC-05FEC94EBE73}
HKEY_CLASSES_ROOT\Interface\{3E60160F-0ED6-4DCC-B6B6-850CDE4FD217}
HKEY_CLASSES_ROOT\Interface\{A69107CC-BEC8-4A34-B474-211B0F46A764}
HKEY_CLASSES_ROOT\Interface\{B7B84995-8B92-46BF-94AA-FA2F3DD23B84}
HKEY_CLASSES_ROOT\Interface\{FA77AD79-09CF-41FB-B171-CC856F9E737F}
HKEY_CLASSES_ROOT\TypeLib\{547AB549-4DD8-4EA0-B070-F6EA062148FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar
HKEY_CLASSES_ROOT\Popup.PopupKiller


VX2.Transponder Browser Plug-in more information...
Details: VX2 is an Internet Explorer Browser Helper Object that monitors web page requests and data entered into forms, sending this information to its home server, and opens pop-up advertisement windows. VX2 also collects and sends personal information.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\respondmiter
HKEY_LOCAL_MACHINE\software\respondmiter Adware.Srv32 C:\WINDOWS\system32\runsrv32.exe
HKEY_LOCAL_MACHINE\software\transponder
HKEY_LOCAL_MACHINE\software\transponder Adware.Srv32 C:\WINDOWS\system32\runsrv32.exe


Transponder TPS108 Browser Plug-in more information...
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\software\tps108
HKEY_LOCAL_MACHINE\software\software\tps108 Adware.Srv32 C:\WINDOWS\system32\runsrv32.exe


eDonkey2000 P2P Program more information...
Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object


DailyToolbar Toolbar more information...
Details: DailyToolbar is a pornographic-related toolbar that periodically generates pop-up advertisements.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\IEToolbar.AffiliateCtl
HKEY_CLASSES_ROOT\DailyToolbar.IEBand
HKEY_CLASSES_ROOT\AppID\{951B3138-AE8E-4676-A05A-250A5F111631}
HKEY_CLASSES_ROOT\AppID\DailyToolbar.DLL
HKEY_CLASSES_ROOT\AppID\DailyToolbar.DLL DailyToolbar dailytoolbar.dll
HKEY_LOCAL_MACHINE\SOFTWARE\DailyToolbar
HKEY_CLASSES_ROOT\DailyToolbar.SysMgr
HKEY_LOCAL_MACHINE\SOFTWARE\NIX Solutions\DailyToolbar
HKEY_LOCAL_MACHINE\Software\NIX Solutions


Bridge/WinFavorites Adware (General) more information...
Details: Bridge monitors your Internet surfing activities. It can log keystrokes and sending them to a webserver online. Also is known to popup advertising.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\Jao.jao
HKEY_CLASSES_ROOT\Bridge.brdg


TMKSoft.Admess Adware (General) more information...
Details: Admess opens Web pages and displays advertisements with adult content. Admess is related to Xplugin by the same vendor.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\WStart.WHttpHelper
HKEY_CLASSES_ROOT\WStart.WHttpHelper.1
HKEY_CLASSES_ROOT\AppID\{F6BDB4E5-D6AA-4D1F-8B67-BCB0F2246E21}


DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\winapi32.MyBHO
HKEY_CLASSES_ROOT\winapi32.MyBHO\Clsid {62E2E094-F989-48C6-B947-6E79DA2294F9}
HKEY_CLASSES_ROOT\winapi32.MyBHO winapi32.MyBHO


Trojan.Downloader.Various Trojan more information...
Details: Trojan.Downloader.Various is a group of Trojan Downloaders which install download and install multiple unwanted applications of adware and malware from remote servers.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\winapi32.MyBHO
HKEY_CLASSES_ROOT\winapi32.MyBHO\Clsid {62E2E094-F989-48C6-B947-6E79DA2294F9}
HKEY_CLASSES_ROOT\winapi32.MyBHO winapi32.MyBHO
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: