[SpyBrowser] C:\Programme\SpyBro + pushow56.dll |
||
---|---|---|
#0
| ||
21.05.2006, 15:49
...neu hier
Beiträge: 8 |
||
|
||
21.05.2006, 15:55
Ehrenmitglied
Beiträge: 29434 |
#2
Darkmacross
1. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) SpyBro in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. ------------- 2. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 3. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 4. echo.zip entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.05.2006, 16:27
...neu hier
Themenstarter Beiträge: 8 |
#3
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 21.05.2006 16:25:58 for strings: ; 'spybro' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A2D2E71-1882-44fb-923A-2FE0958B53F5}\InProcServer32] @="\"C:\\Programme\\SpyBro\\LawEnforcer.dll\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyBrowser] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpyBrowser] "item"="SpyBro" "command"="C:\\Programme\\SpyBro\\SpyBro.exe /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser] [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser\RemoteConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser\Signatures] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Antispy] "ImagePath"="\\??\\C:\\Programme\\SpyBro\\Antispy.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Antispy] "ImagePath"="\\??\\C:\\Programme\\SpyBro\\Antispy.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Antispy] "ImagePath"="\\??\\C:\\Programme\\SpyBro\\Antispy.sys" [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run] "SpyBrowser"="C:\\Programme\\SpyBro\\SpyBro.exe /autostart" [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\Antivirus] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\General] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\GuardOptions] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\GuardOptions\EnabledMonitors] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\Monitors] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\RemoteConfig] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\ScanOptions] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\ScanOptions\CustomScan] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\ScanOptions\SelectedFolders] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\ScanOptions\StartupCustomScan] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\Scheduler] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\Scheduler\CustomScan] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\Scheduler\Event 0] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\Startup] [HKEY_USERS\S-1-5-21-2052111302-854245398-682003330-1003\Software\SpyBrowser\Statistics] ; End Of The Log... |
|
|
||
21.05.2006, 16:29
Ehrenmitglied
Beiträge: 29434 |
#4
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html 3. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 4. echo.zip entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip __________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.05.2006, 16:42
...neu hier
Themenstarter Beiträge: 8 |
#5
Verzeichnis von C:\WINDOWS\system32
21.05.2006 16:32 26.190 OODBS.lor 21.05.2006 16:32 59.505 kspydoc.log 21.05.2006 14:57 58.596 perfc009.dat 21.05.2006 14:57 405.118 perfh007.dat 21.05.2006 14:57 392.296 perfh009.dat 21.05.2006 14:57 70.580 perfc007.dat 21.05.2006 14:57 827.488 PerfStringBackup.INI 21.05.2006 14:09 35.776 Status.MPF 21.05.2006 12:50 2.206 wpa.dbl 19.05.2006 14:34 117 EPPICResdb 19.05.2006 14:34 6.291 EPPICResdb0000 13.05.2006 06:45 1 SI.bin 04.05.2006 06:26 5.818.784 MRT.exe 22.04.2006 16:57 107.808 FNTCACHE.DAT 31.03.2006 12:40 2.388.176 d3dx9_30.dll 31.03.2006 12:39 229.584 xactengine2_1.dll 31.03.2006 12:39 62.672 xinput1_1.dll 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 28.03.2006 04:53 23.392 nscompat.tlb 28.03.2006 04:53 16.832 amcompat.tlb 23.03.2006 22:34 3.074.560 mshtml.dll 21.03.2006 04:43 13 WinSys16.crc 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 152.064 cdfview.dll 04.03.2006 05:34 1.022.976 browseui.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 11.776 xolehlp.dll 01.03.2006 21:43 426.496 msdtcprx.dll 01.03.2006 21:43 91.136 mtxoci.dll 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 956.416 msdtctm.dll 26.02.2006 12:28 2.778 qtplugin.log 11.02.2006 20:56 34.064 lhacm.acm 11.02.2006 13:30 157.696 rmoc3260.dll 11.02.2006 13:30 25.088 prefscpl.cpl 11.02.2006 13:30 5.632 pndx5032.dll 11.02.2006 13:30 6.656 pndx5016.dll 11.02.2006 13:30 278.528 pncrt.dll 11.02.2006 13:19 7.006 jupdate-1.5.0_06-b05.log 11.02.2006 12:30 664 d3d9caps.dat 11.02.2006 11:28 485 $winnt$.inf 11.02.2006 11:25 2.951 CONFIG.NT 11.02.2006 11:24 488 logonui.exe.manifest 11.02.2006 11:24 488 WindowsLogon.manifest 11.02.2006 11:24 749 cdplayer.exe.manifest 11.02.2006 11:24 749 sapi.cpl.manifest 11.02.2006 11:24 749 nwc.cpl.manifest 11.02.2006 11:24 749 wuaucpl.cpl.manifest 11.02.2006 11:24 749 ncpa.cpl.manifest 11.02.2006 11:23 21.740 emptyregdb.dat 11.02.2006 11:20 0 h323log.txt 03.02.2006 08:43 2.332.368 d3dx9_29.dll 03.02.2006 08:42 230.096 xactengine2_0.dll 03.02.2006 08:41 14.032 x3daudio1_0.dll ---------------------------------------------------- Verzeichnis von C:\DOKUME~1\Chris\LOKALE~1\Temp 21.05.2006 16:33 16.384 Perflib_Perfdata_284.dat 1 Datei(en) 16.384 Bytes ---------------------------------------------------- Verzeichnis von C:\WINDOWS 21.05.2006 16:33 0 0.log 21.05.2006 16:33 1.549.821 WindowsUpdate.log 21.05.2006 16:33 159 wiadebug.log 21.05.2006 16:33 50 wiaservc.log 21.05.2006 16:32 2.048 bootstat.dat 21.05.2006 16:31 21.466 SchedLgU.Txt 21.05.2006 15:55 137.507 DirectX.log 21.05.2006 15:21 440.069 setupapi.log 21.05.2006 14:50 116 NeroDigital.ini 21.05.2006 12:51 227 system.tmp 21.05.2006 12:51 227 system.ini 21.05.2006 12:51 568 win.tmp 21.05.2006 12:51 568 win.ini 21.05.2006 10:18 192 winamp.ini 14.05.2006 02:31 35.624 wmsetup.log 11.05.2006 00:30 370.550 iis6.log 11.05.2006 00:30 17.301 ocmsn.log 11.05.2006 00:30 16.180 tabletoc.log 11.05.2006 00:30 145.595 tsoc.log 11.05.2006 00:30 68.483 ntdtcsetup.log 11.05.2006 00:30 1.374 imsins.log 11.05.2006 00:30 116.049 comsetup.log 11.05.2006 00:30 12.096 KB913580.log 11.05.2006 00:30 15.703 msgsocm.log 11.05.2006 00:30 54.774 netfxocm.log 11.05.2006 00:30 154.700 ocgen.log 11.05.2006 00:30 21.887 MedCtrOC.log 11.05.2006 00:30 308.305 FaxSetup.log 11.05.2006 00:30 100.908 msmqinst.log 11.05.2006 00:30 17.378 updspapi.log 30.04.2006 16:09 23 BlendSettings.ini 27.04.2006 22:31 21.829 War3Unin.dat 27.04.2006 22:28 2.829 War3Unin.pif 27.04.2006 22:28 126.976 War3Unin.exe 26.04.2006 04:31 1.374 imsins.BAK 26.04.2006 04:31 11.237 KB900485.log 25.04.2006 14:26 1.409 QTFont.for 25.04.2006 14:26 54.156 QTFont.qfn 12.04.2006 02:05 2.681 spupdsvc.log 12.04.2006 02:00 15.947 KB908531.log 12.04.2006 02:00 15.427 KB911562.log 12.04.2006 02:00 18.166 KB912812.log 12.04.2006 01:59 21.977 KB911565.log 12.04.2006 01:59 11.178 KB911567.log 28.03.2006 04:14 40.182 wmsetup10.log 28.03.2006 04:14 316.640 WMSysPr9.prx 21.03.2006 05:27 42 AlchemyMindworksUpdateList.INI 21.03.2006 05:26 256 gcspro.ini 18.02.2006 12:11 10.692 KB911927.log 18.02.2006 12:11 5.663 KB911564.log 18.02.2006 12:10 6.700 KB913446.log 17.02.2006 13:26 1.490 ATIWDM.LOG 12.02.2006 17:00 2.826 KB885884.log 12.02.2006 16:27 400 ODBC.INI 12.02.2006 10:36 1.146.377 setupapi.log.0.old 11.02.2006 21:56 6.525 EPSTPLOG.TXT 11.02.2006 21:55 93 EPSMTL32.TXT 11.02.2006 21:36 188.047 setupact.log 11.02.2006 21:12 179.502 EPSTPLOG.BAK 11.02.2006 21:11 2.227 epsswt_log.txt 11.02.2006 13:37 25 CDE DX4200EFGIPSD.ini 11.02.2006 13:33 4.156 KB885295.log 11.02.2006 13:32 227 SYSTEM.I~I 11.02.2006 13:31 731 aolback.exe.lnk 11.02.2006 13:28 335 nsreg.dat 11.02.2006 12:50 4.637 Ascd_tmp.ini 11.02.2006 12:42 30.239 KB899587.log 11.02.2006 12:42 29.357 KB896422.log 11.02.2006 12:41 29.213 KB885835.log 11.02.2006 12:41 28.098 KB885836.log 11.02.2006 12:41 28.908 KB885250.log 11.02.2006 12:41 29.043 KB901017.log 11.02.2006 12:41 29.361 KB899591.log 11.02.2006 12:41 29.556 KB896424.log 11.02.2006 12:41 29.238 KB893756.log 11.02.2006 12:41 27.175 KB896423.log 11.02.2006 12:41 27.661 KB873339.log 11.02.2006 12:40 27.732 KB888113.log 11.02.2006 12:40 28.274 KB887742.log 11.02.2006 12:40 27.668 KB887472.log 11.02.2006 12:40 29.000 KB896358.log 11.02.2006 12:40 23.063 KB910437.log 11.02.2006 12:40 32.154 KB905915.log 11.02.2006 12:40 24.663 KB891781.log 11.02.2006 12:40 31.060 KB902400.log 11.02.2006 12:39 21.713 KB890046.log 11.02.2006 12:39 20.623 KB893066.log 11.02.2006 12:39 20.647 KB899589.log 11.02.2006 12:39 21.037 KB905414.log 11.02.2006 12:39 20.023 KB901214.log 11.02.2006 12:39 19.286 KB888302.log 11.02.2006 12:39 21.105 KB900725.log 11.02.2006 12:39 18.212 KB912919.log 11.02.2006 12:39 12.493 KB886185.log 11.02.2006 12:39 17.397 KB904706.log 11.02.2006 12:39 18.016 KB905749.log 11.02.2006 12:38 16.806 KB896428.log 11.02.2006 12:38 17.483 KB894391.log 11.02.2006 12:38 15.188 KB908519.log 11.02.2006 12:38 17.633 KB890859.log 11.02.2006 12:28 9.932 KB893803v2.log 11.02.2006 12:27 10.023 KB898461.log 11.02.2006 11:30 829 OEWABLog.txt 11.02.2006 11:30 823.568 setuplog.txt 11.02.2006 11:28 8.192 REGLOCS.OLD 11.02.2006 11:25 0 control.ini 11.02.2006 11:25 4.161 ODBCINST.INI 11.02.2006 11:24 749 WindowsShell.Manifest 11.02.2006 11:23 1.023 sessmgr.setup.log 11.02.2006 11:22 37 vbaddin.ini 11.02.2006 11:22 36 vb.ini 11.02.2006 11:22 133 DtcInstall.log 11.02.2006 11:21 200 cmsetacl.log 11.02.2006 11:10 0 Sti_Trace.log 11.02.2006 11:07 1.348 regopt.log 11.02.2006 11:06 0 setuperr.log --------------------------------------------- Verzeichnis von C:\ 21.05.2006 16:41 0 sys.txt 21.05.2006 16:40 8.708 system.txt 21.05.2006 16:39 298 systemtemp.txt 21.05.2006 16:37 100.468 system32.txt 21.05.2006 16:32 1.610.612.736 pagefile.sys 21.05.2006 12:51 210 boot.ini 05.03.2006 11:22 6.610 Azureus_Stats.xml 26.02.2006 11:24 949 telefon.txt 11.02.2006 11:25 0 MSDOS.SYS 11.02.2006 11:25 0 CONFIG.SYS 11.02.2006 11:25 0 IO.SYS 11.02.2006 11:25 0 AUTOEXEC.BAT Hoffe hab alles richtig gemacht. Edit: zu. 4 10)DPF???? Datentr„ger in Laufwerk C: ist System Volumeseriennummer: C875-39B1 Verzeichnis von C:\WINDOWS\Downloaded Program Files 25.07.2002 18:13 24.576 dwusplay.dll 25.07.2002 18:13 196.608 dwusplay.exe 07.06.2005 16:35 1.124.872 EPUWALcontrol.dll 09.05.2005 09:54 539 EPUWALcontrol.inf 25.07.2002 18:05 172.032 isusweb.dll 19.05.2004 11:01 678 mcinsctl.inf 6 Datei(en) 1.519.305 Bytes |
|
|
||
21.05.2006, 17:48
Ehrenmitglied
Beiträge: 29434 |
#6
Darkmacross
Info Spybrowser http://virus-protect.org/artikel/spyware/spybrowser.html ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat REGEDIT42. KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ............ C:\Programme\SpyBro\Antispy.sys C:\Programme\SpyBro\SpyBro.exe C:\WINDOWS\system32\pushow56.dll C:\Programme\SpyBro\unins000.exe C:\Programme\SpyBro\LawEnforcer.dll ---------------------------------------------------------------------------------- 3. Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen ---------------------------------------------------------------------------------- 4. loesche: C:\Programme\SpyBro ---------------------------------------------------------------------------------- 5. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: Seekmo Search Assistant Helper - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\programme\seekmo\seekmohook.dll (file missing)PC neustarten ----------------------------------------------------------------------------------- 6. Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove --> Status: Deleted *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.05.2006, 20:58
...neu hier
Themenstarter Beiträge: 8 |
#7
Spyware Scan Details
Start Date: 21.05.2006 20:36:15 End Date: 21.05.2006 20:50:59 Total Time: 14 mins 44 secs Detected spyware ViewPoint Low Risk Adware more information... Details: ViewPoint Toolbar is an advertising supported toolbar that provides thumbnail images of search result pages. The toolbar also functions as a pop-up blocker. Status: Ignored Infected files detected c:\programme\viewpoint\viewpoint experience technology\axmetastream.dll c:\programme\viewpoint\viewpoint experience technology\classids.ini c:\programme\viewpoint\viewpoint experience technology\componentmgr.dll c:\programme\viewpoint\viewpoint experience technology\components\aolart.dll c:\programme\viewpoint\viewpoint experience technology\components\aolshell.dll c:\programme\viewpoint\viewpoint experience technology\components\aolusershell.dll c:\programme\viewpoint\viewpoint experience technology\components\cursors.dll c:\programme\viewpoint\viewpoint experience technology\components\datatracking.dll c:\programme\viewpoint\viewpoint experience technology\components\gifreader.dll c:\programme\viewpoint\viewpoint experience technology\components\jpegreader.dll c:\programme\viewpoint\viewpoint experience technology\components\lensflares.dll c:\programme\viewpoint\viewpoint experience technology\components\mts3reader.dll c:\programme\viewpoint\viewpoint experience technology\components\objectmovie.dll c:\programme\viewpoint\viewpoint experience technology\components\scenecomponent.dll c:\programme\viewpoint\viewpoint experience technology\components\servicecomponent.dll c:\programme\viewpoint\viewpoint experience technology\components\sreedmmx.dll c:\programme\viewpoint\viewpoint experience technology\components\swfview.dll c:\programme\viewpoint\viewpoint experience technology\components\vectorview.dll c:\programme\viewpoint\viewpoint experience technology\components\vmpaudio.dll c:\programme\viewpoint\viewpoint experience technology\components\vmpextras.dll c:\programme\viewpoint\viewpoint experience technology\components\vmpspeech.dll c:\programme\viewpoint\viewpoint experience technology\components\vmpvideo.dll c:\programme\viewpoint\viewpoint experience technology\components\waveletreader.dll c:\programme\viewpoint\viewpoint experience technology\components\zoomview.dll c:\programme\viewpoint\viewpoint experience technology\metastreamid.ini c:\programme\viewpoint\viewpoint experience technology\mtsaxinstaller.exe c:\programme\viewpoint\viewpoint experience technology\npviewpoint.dll c:\programme\viewpoint\viewpoint experience technology\npviewpoint.xpt Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Control HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Insertable HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ProgID AxMetaStream.MetaStreamCtl.1 HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Programmable HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ToolboxBitmap32 C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll, 101 HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\VersionIndependentProgID AxMetaStream.MetaStreamCtl HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} MetaStreamCtl Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Viewpoint Media Player HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} ComponentID Viewpoint HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Locale EN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Version 3,2,2,26 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} IsInstalled HKEY_LOCAL_MACHINE\SOFTWARE\Viewpoint HKEY_LOCAL_MACHINE\SOFTWARE\Viewpoint Application Path C:\Programme\Viewpoint HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer DisplayName Viewpoint Media Player HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer UninstallString C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1 HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1\CLSID {03F998B2-0E00-11D3-A498-00104B6EB52E} HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1\Insertable HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl.1 MetaStreamCtl Class HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl\CLSID {03F998B2-0E00-11D3-A498-00104B6EB52E} HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl\CurVer AxMetaStream.MetaStreamCtl.1 HKEY_CLASSES_ROOT\AxMetaStream.MetaStreamCtl MetaStreamCtl Class AntiLeech Plugin Adware (General) more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Deleted Infected files detected D:\Meine Progs\Gamers.IRC\download\programs\ALPlugin-1.0.1.6-setup.exe 180solutions.Seekmo Search Assistant Adware (General) more information... Details: Seekmo Search Assistant is a program installed with certain programs which enables access to free content in exchange for contextual pop-up advertising. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\seekmo HKEY_CURRENT_USER\Software\seekmo last_conn_h 29776062 HKEY_CURRENT_USER\Software\seekmo last_conn_l -1328166898 HKEY_CURRENT_USER\Software\seekmo we 2 HKEY_CURRENT_USER\Software\seekmo cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b %2bHrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw%2fNv9nr srSnWJeVYYOVwmomfWl5 YZRa9aY516%2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYe HKEY_CURRENT_USER\Software\seekmo TimeOffset -25197 HKEY_CURRENT_USER\Software\seekmo geourl_current_version 12 HKEY_CURRENT_USER\Software\seekmo geourl_last_full_version 12 HKEY_CURRENT_USER\Software\seekmo actionurl_current_version 467 HKEY_CURRENT_USER\Software\seekmo actionurl_last_full_version 467 HKEY_CURRENT_USER\Software\seekmo keyword_current_version 831 HKEY_CURRENT_USER\Software\seekmo keyword_last_full_version 831 HKEY_CLASSES_ROOT\seekmohook.SABHO HKEY_CLASSES_ROOT\seekmohook.SABHO\CLSID {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} HKEY_CLASSES_ROOT\seekmohook.SABHO\CurVer seekmohook.SABHO.1 HKEY_CLASSES_ROOT\seekmohook.SABHO Seekmo Search Assistant Helper HKEY_CLASSES_ROOT\seekmohook.SABHO.1 HKEY_CLASSES_ROOT\seekmohook.SABHO.1\CLSID {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} HKEY_CLASSES_ROOT\seekmohook.SABHO.1 Seekmo Search Assistant Helper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo DisplayName Seekmo Search Assistant HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo UninstallString c:\programme\seekmo\seekmo.exe /uninst_simple_init=y HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekmo DisplayIcon c:\programme\seekmo\seekmo.exe,2 HKEY_LOCAL_MACHINE\SOFTWARE\seekmo HKEY_LOCAL_MACHINE\SOFTWARE\seekmo cvf HKEY_LOCAL_MACHINE\SOFTWARE\seekmo umt 01766C025BDC5FF395847CF9612CD61DFB2100AA27E061A1DFC77E3E51FC0B2FE3 HKEY_LOCAL_MACHINE\SOFTWARE\seekmo duid 766C025BDC5FF395847CF9612CD61DFB2100AA27E061A1DFC77E3E51FC0B2FE3 HKEY_LOCAL_MACHINE\SOFTWARE\seekmo partner_id 469851544 HKEY_LOCAL_MACHINE\SOFTWARE\seekmo product_id 162469 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\seekmo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\seekmo SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\seekmo Changed 0 Zango.SearchAssistant Adware (General) more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} ILicenseInstaller HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} IWMDRMAx HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} IInstantiator HKEY_CLASSES_ROOT\LMgr180.WMDRMAx HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CurVer LMgr180.WMDRMAx.1 HKEY_CLASSES_ROOT\LMgr180.WMDRMAx WMDRMAx Class |
|
|
||
21.05.2006, 21:25
Ehrenmitglied
Beiträge: 29434 |
#8
Darkmacross
scanne mit Panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.05.2006, 23:31
...neu hier
Themenstarter Beiträge: 8 |
#9
Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Chris\Cookies\chris@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Dokumente und Einstellungen\Chris\Cookies\chris@advertising[2].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Chris\Cookies\chris@as1.falkag[1].txt Adware:Adware/SaveNow Not disinfected C:\Programme\DAEMON Tools\SetupDTSB.exe Hacktool:HackTool/Flood Not disinfected D:\alex\Gamers.IRC Alex\bin\dll\nHTMLn_2.92.dll Hacktool:HackTool/Flood Not disinfected D:\AOL 6.0\girc430.exe[nHTMLn_2.92.dll] Hacktool:HackTool/Flood Not disinfected D:\Meine Progs\Gamers.IRC\bin\dll\nHTMLn_2.92.dll |
|
|
||
22.05.2006, 01:37
Ehrenmitglied
Beiträge: 29434 |
#10
Darkmacross
nun weisst du, was zu loeschen ist, damit der Rechner wieder sauber ist C:\Programme\DAEMON Tools\ D:\AOL 6.0\girc430.exe D:\Meine Progs\Gamers.IRC\bin\dll\nHTMLn_2.9.dll D:\alex\Gamers.IRC Alex\bin\dll\nHTMLn_2.92.dll damit duerfte dann dein "unbekanntes" Problem geloest sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Hab mich hier umgeschaut und war sehr erstaunt wie umfassend hier die Probleme gelöst werden. Vorallem Sabina scheint ein Profi zu sein. Steckt hinter diesen Namen mehrere Personen oder weißt du einfach alles
Na ok, zurück zu meinen Problem. Ich hab in diesen Forum Hijackthis und Killbox heruntergeladen. Hier ist die Log von Hijackthis, wäre für Hilfe sehr dankbar!!
--------------------------
Logfile of HijackThis v1.99.1
Scan saved at 15:41:59, on 21.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Opera\Opera.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Chris\LOKALE~1\Temp\Rar$EX00.469\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winfuture.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winfuture.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\programme\mcafee.com\mps\mcbrhlpr.dll (file missing)
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\programme\mcafee.com\mps\popupkiller.dll (file missing)
O2 - BHO: Seekmo Search Assistant Helper - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\programme\seekmo\seekmohook.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [SpyBrowser] C:\Programme\SpyBro\SpyBro.exe /autostart
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab
O20 - AppInit_DLLs: pushow56.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus service (kavsvc) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe