Newdotnet mal wieder, kann trotz Anleitung Newsdotnet7_22.dll nicht löschen

#0
10.07.2006, 18:14
...neu hier

Beiträge: 8
#1 Hallo, hab nun aufmerksam alle Beschreibungen gelesen die ich finden konnte, leider funktioniert es bei mir nicht!!!! :-(((
Also hab es mit Killbox probiert, datei nach dem reboot noch da, habs mit Lspfix probiert, auch nich, online komme ich nun komischerweiße nachdem ich firefox in den autostart gelegt habe, alles andere (Mail Client, icq, msn versagt kläglich, der Prozess wird zwar gestartet aber es passiert nix :-( Hier mal mein Hijackthis log.


Logfile of HijackThis v1.99.1
Scan saved at 18:11:46, on 10.07.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Hardcopy\hardcopy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinBar\WinBar.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Dokumente und Einstellungen\Daniel\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=40013
5&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_i
d=400135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Startup: Mozilla Firefox (2).lnk = C:\Programme\Mozilla Firefox\firefox.exe
O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe
O4 - Startup: WinBar.lnk = C:\Programme\WinBar\WinBar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {59691FFA-FAF2-4327-8BD7-F8D4C42E3107} (EmandoAX Control) - https://www.e-mando.de/download/EmandoAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139999537812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139999526406
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.pro-support.de/scan/Msie/bitdefender.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

Spybot & Destroy läd ebenfalls nicht, genau so wie ad aware und antvir.... bin echt am ende :-(((
Seitenanfang Seitenende
10.07.2006, 19:14
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Voice

1.
WinsockFix (Fuer alle Betriebssysteme)
http://www.winsockfix.nl/

2.
Gehe in die Registry
Start-Ausfuehren - regedit

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net --> loeschen

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\new.net startup

HKEY_LOCAL_MACHINE\software\new.net

HKEY_LOCAL_MACHINE\SOFTWARE\Accoona

---------------------------------------------------------------------------------------------------

3.
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_
id=400135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=
400135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

PC neustarten

4.
desinstalliere:

c:\programme\accoona
C:\Programme\NewDotNet

5.
Counterspy - nach dem scan stelle alles auf "remove" und poste den scanreport
http://virus-protect.org/counterspy.html

6.
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.07.2006, 20:16
...neu hier

Themenstarter

Beiträge: 8
#3 Also erstmal danke für Deine schnelle Hilfe


Konnte aber leider nicht alles befolgen

HKEY_LOCAL_MACHINE\SOFTWARE\Accoona <~~ den Eintrag hatte ich nicht, deinstallieren ging auch nicht, da der ordner Accoona nicht zu finden ist, und in dem Ordner c:\Programme/newdotnet ist nur die dll datei drin, die ich ja so nicht löschen kann / soll!

Der scan von counterspy läuft inzwsichen 45 min.

Ja das ist der Stand bisher!
Meld mich wenn counterspy fertig ist!

Gruß Voice
Seitenanfang Seitenende
11.07.2006, 09:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 hast du schon fertig gescannt? Wenn ja, poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.07.2006, 19:11
...neu hier

Themenstarter

Beiträge: 8
#5 Hallo,

vorgestern musste ich den scan leider nach einiger zeit abbrechen, nun läuft er schon seit gut 2 stunden und ich hoffe das es nicht mehr lange dauert, da ich immer um 3 Uhr aufstehen muss, hab ich nie sonderlich viel zeit mich damit zu beschäftigen, leider ;) obald es fertig ist, geb ich laut
Seitenanfang Seitenende
12.07.2006, 21:12
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 wenn es fertig ist, poste hier den report ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.07.2006, 21:26
...neu hier

Themenstarter

Beiträge: 8
#7 So hier der Report::

Spyware Scan Details
Start Date: 12.07.2006 18:09:28
End Date: 12.07.2006 20:52:30
Total Time: 2 hrs 43 mins 2 secs

Detected spyware

NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Ignored

Infected files detected
C:\Programme\NewDotNet\newdotnet7_22.dll
c:\windows\ndnuninstall7_22.exe
C:\!KillBox\newdotnet7_22.dll
C:\!KillBox\newdotnet7_22.dll( 1)
C:\Dokumente und Einstellungen\Daniel\Desktop\backups\backup-20060708-194627-279.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net LSPStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source
HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run New.net Startup
HKEY_LOCAL_MACHINE\software\new.net
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 458774
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet7_22.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=b1d0feae458991e756b151b74bc94d40
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source NNWDAB~1
HKEY_LOCAL_MACHINE\software\new.net Prt NNWDAB638
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 0
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29796793
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo 287599522
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\software\new.net Activity 9501
HKEY_LOCAL_MACHINE\software\new.net XpiDone 1
HKEY_CURRENT_USER\Software\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net Changed 0


SearchMiracle.EliteBar Browser Plug-in more information...
Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar.
Status: Ignored

Infected files detected
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CMWTCU0X\sideb[1].exe
E:\Nicht verwendete Desktopverknüpfungen\hijackthis_199\backups\backup-20050517-085019-318.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ProgID CGBand.CGBandObj.1
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\VersionIndependentProgID CGBand.CGBandObj
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647} Elite SideBar


AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Ignored

Infected files detected
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe
C:\Programme\Mozilla Firefox\plugins\al2np.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.2 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.3 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.4 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.6 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.2 C:\Programme\Mozilla Firefox\plugins\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


WhenU.VVSN Adware Downloader more information...
Details: WhenU.VVSN is an installer application for many WhenU products, including WhenU.Save!, WhenU.Weathercast, WhenUSearch, and WhenU.ClockSync.
Status: Ignored

Infected files detected
c:\programme\themexp\themexp.org file\vvsninst.exe


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Ignored

Infected files detected
C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} IMiniBugTransporterX
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 MiniBugTransporterX Class
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CurVer MiniBugTransporter.MiniBugTransporterX.1
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx MiniBugTransporterX Class
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\Real\WeatherBug\
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0 MiniBugTransporter 1.0 Type Library
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID MiniBugTransporter.MiniBugTransporterX.1
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll, 101
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID MiniBugTransporter.MiniBugTransporterX
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class


WildMedia.Winpage Browser Plug-in more information...
Details: Winpage is an Internet Explorer Browser Helper Object (BHO) that hijacks the user's start page.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\ProgID CGBand.CGBandObj.1
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\VersionIndependentProgID CGBand.CGBandObj
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} Elite SideBar


RealVNC Commercial Remote Control Tool more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\RealVNC
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SecurityTypes None
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 ReverseSecurityTypes None
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryConnect 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PortNumber 5900
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 IdleTimeout 3600
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 HTTPPortNumber 5800
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 LocalHost 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Hosts +,
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptKeyEvents 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptPointerEvents 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptCutText 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SendCutText 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableLocalInputs 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectClients 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AlwaysShared 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 NeverShared 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectAction None
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemoveWallpaper 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemovePattern 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableEffects 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UpdateMethod 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PollConsoleWindows 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseCaptureBlt 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseHooks 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Protocol3.3 0


VNC Enterprise Edition Commercial Remote Control Tool more information...
Details: VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 SecurityTypes None
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 ReverseSecurityTypes None
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 QueryConnect 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 PortNumber 5900
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 IdleTimeout 3600
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 HTTPPortNumber 5800
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 LocalHost 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 Hosts +,
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptKeyEvents 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptPointerEvents 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptCutText 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 SendCutText 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisableLocalInputs 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisconnectClients 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AlwaysShared 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 NeverShared 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisconnectAction None
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 RemoveWallpaper 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 RemovePattern 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisableEffects 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UpdateMethod 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 PollConsoleWindows 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UseCaptureBlt 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UseHooks 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 Protocol3.3 0
HKEY_CURRENT_USER\Software\RealVNC


Accoona.Toolbar Toolbar more information...
Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CurVer ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch ADefaultSearch Class
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E}
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Distribution ID 41856242865279165331244888
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Package ID 400135
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_SOURCE webda
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_MEDIUM bund
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_CAMPAIGN webda135
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} IADefaultSearch
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\0\win32 C:\Programme\Accoona\ASearchAssist.dll
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\HELPDIR C:\Programme\Accoona\
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0 ASearchAssist 1.0 Type Library
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page http://www.accoona.com


Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\.plp
HKEY_CLASSES_ROOT\.plp\UndoClass ACDSee 7.0.plp
HKEY_CLASSES_ROOT\.plp ACDSee Pro.plp
Seitenanfang Seitenende
12.07.2006, 21:32
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 du hast alles auf " Ignored" gelassen, also nichts geloescht.
bevor du alles auf "remove" stellst:

LSPfix
http://www.spychecker.com/program/lspfix.html
schreibe mir, welche dll du rechts oder links findest.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.07.2006, 15:46
...neu hier

Themenstarter

Beiträge: 8
#9 folgende .dll stehen da:

mswsock.dll
winrnr.dll
nwprovau.dll
rsvpsp.dll

Alle links, keine rechts
Seitenanfang Seitenende
13.07.2006, 16:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 gut, dann kannst du bedenkenlos alles was vom counterspy angezeigt wird auf "remove" stellen.
dann scanne noch mal und poste wieder den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.07.2006, 16:25
...neu hier

Themenstarter

Beiträge: 8
#11 Okay, bleibt nun nur noch die Frage Wo ich da was auf Remove stellen kann??? Blind wohl blind heute

Gruß Daniel
Seitenanfang Seitenende
13.07.2006, 16:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 schau mal auf der seite, da ist es genau erklaert
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.07.2006, 17:21
...neu hier

Themenstarter

Beiträge: 8
#13 Ach gott, wenn ich Dich nich hät :-)
DANKE

So nun hier der Log von Counterspy, diesmal hab ich remove angeklickt :-)

Spyware Scan Details
Start Date: 13.07.2006 16:25:50
End Date: 13.07.2006 18:33:53
Total Time: 2 hrs 8 mins 3 secs

Detected spyware

NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Infected files detected
c:\windows\ndnuninstall7_22.exe
C:\!KillBox\newdotnet7_22.dll
C:\!KillBox\newdotnet7_22.dll( 1)
C:\Dokumente und Einstellungen\Daniel\Desktop\backups\backup-20060708-194627-279.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\New.net


SearchMiracle.EliteBar Browser Plug-in more information...
Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CMWTCU0X\sideb[1].exe
E:\Nicht verwendete Desktopverknüpfungen\hijackthis_199\backups\backup-20050517-085019-318.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ProgID CGBand.CGBandObj.1
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\VersionIndependentProgID CGBand.CGBandObj
HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647} Elite SideBar


AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Infected files detected
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe
C:\Programme\Mozilla Firefox\plugins\al2np.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.2 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.3 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.4 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.6 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.2 C:\Programme\Mozilla Firefox\plugins\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


WhenU.VVSN Adware Downloader more information...
Details: WhenU.VVSN is an installer application for many WhenU products, including WhenU.Save!, WhenU.Weathercast, WhenUSearch, and WhenU.ClockSync.
Status: Deleted

Infected files detected
c:\programme\themexp\themexp.org file\vvsninst.exe


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Infected files detected
C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} IMiniBugTransporterX
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 MiniBugTransporterX Class
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CurVer MiniBugTransporter.MiniBugTransporterX.1
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx MiniBugTransporterX Class
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\Real\WeatherBug\
HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0 MiniBugTransporter 1.0 Type Library
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID MiniBugTransporter.MiniBugTransporterX.1
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll, 101
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0}
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID MiniBugTransporter.MiniBugTransporterX
HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class


WildMedia.Winpage Browser Plug-in more information...
Details: Winpage is an Internet Explorer Browser Helper Object (BHO) that hijacks the user's start page.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\ProgID CGBand.CGBandObj.1
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\VersionIndependentProgID CGBand.CGBandObj
HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} Elite SideBar


RealVNC Commercial Remote Control Tool more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\RealVNC
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SecurityTypes None
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 ReverseSecurityTypes None
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryConnect 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PortNumber 5900
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 IdleTimeout 3600
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 HTTPPortNumber 5800
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 LocalHost 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Hosts +,
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptKeyEvents 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptPointerEvents 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptCutText 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SendCutText 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableLocalInputs 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectClients 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AlwaysShared 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 NeverShared 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectAction None
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemoveWallpaper 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemovePattern 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableEffects 0
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UpdateMethod 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PollConsoleWindows 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseCaptureBlt 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseHooks 1
HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Protocol3.3 0


VNC Enterprise Edition Commercial Remote Control Tool more information...
Details: VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 SecurityTypes None
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 ReverseSecurityTypes None
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 QueryConnect 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 PortNumber 5900
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 IdleTimeout 3600
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 HTTPPortNumber 5800
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 LocalHost 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 Hosts +,
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptKeyEvents 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptPointerEvents 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptCutText 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 SendCutText 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisableLocalInputs 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisconnectClients 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AlwaysShared 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 NeverShared 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisconnectAction None
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 RemoveWallpaper 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 RemovePattern 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisableEffects 0
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UpdateMethod 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 PollConsoleWindows 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UseCaptureBlt 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UseHooks 1
HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 Protocol3.3 0
HKEY_CURRENT_USER\Software\RealVNC


Accoona.Toolbar Toolbar more information...
Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CurVer ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch ADefaultSearch Class
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E}
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Distribution ID 41856242865279165331244888
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Package ID 400135
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_SOURCE webda
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_MEDIUM bund
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_CAMPAIGN webda135
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} IADefaultSearch
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\0\win32 C:\Programme\Accoona\ASearchAssist.dll
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\HELPDIR C:\Programme\Accoona\
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0 ASearchAssist 1.0 Type Library
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page http://www.accoona.com


Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\.plp
HKEY_CLASSES_ROOT\.plp\UndoClass ACDSee 7.0.plp
HKEY_CLASSES_ROOT\.plp ACDSee Pro.plp


DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel\cookies\daniel@doubleclick[1].txt
Dieser Beitrag wurde am 13.07.2006 um 18:39 Uhr von Voice editiert.
Seitenanfang Seitenende
14.07.2006, 17:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 wunderbar ;)

Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet.

dann ist wieder alles sauber !
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.07.2006, 17:12
...neu hier

Themenstarter

Beiträge: 8
#15 Und dann is der Rechner wieder sauber?????

Ach und reicht es wenn ich nur noch c: scanne?? Oder muss ich alle Platten scannen??
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: