Newdotnet mal wieder, kann trotz Anleitung Newsdotnet7_22.dll nicht löschen |
||
---|---|---|
#0
| ||
10.07.2006, 18:14
...neu hier
Beiträge: 8 |
||
|
||
10.07.2006, 19:14
Ehrenmitglied
Beiträge: 29434 |
#2
Voice
1. WinsockFix (Fuer alle Betriebssysteme) http://www.winsockfix.nl/ 2. Gehe in die Registry Start-Ausfuehren - regedit HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net --> loeschen HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\new.net startup HKEY_LOCAL_MACHINE\software\new.net HKEY_LOCAL_MACHINE\SOFTWARE\Accoona --------------------------------------------------------------------------------------------------- 3. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_ id=400135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id= 400135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s PC neustarten 4. desinstalliere: c:\programme\accoona C:\Programme\NewDotNet 5. Counterspy - nach dem scan stelle alles auf "remove" und poste den scanreport http://virus-protect.org/counterspy.html 6. Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.07.2006, 20:16
...neu hier
Themenstarter Beiträge: 8 |
#3
Also erstmal danke für Deine schnelle Hilfe
Konnte aber leider nicht alles befolgen HKEY_LOCAL_MACHINE\SOFTWARE\Accoona <~~ den Eintrag hatte ich nicht, deinstallieren ging auch nicht, da der ordner Accoona nicht zu finden ist, und in dem Ordner c:\Programme/newdotnet ist nur die dll datei drin, die ich ja so nicht löschen kann / soll! Der scan von counterspy läuft inzwsichen 45 min. Ja das ist der Stand bisher! Meld mich wenn counterspy fertig ist! Gruß Voice |
|
|
||
11.07.2006, 09:18
Ehrenmitglied
Beiträge: 29434 |
#4
hast du schon fertig gescannt? Wenn ja, poste den report
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.07.2006, 19:11
...neu hier
Themenstarter Beiträge: 8 |
#5
Hallo,
vorgestern musste ich den scan leider nach einiger zeit abbrechen, nun läuft er schon seit gut 2 stunden und ich hoffe das es nicht mehr lange dauert, da ich immer um 3 Uhr aufstehen muss, hab ich nie sonderlich viel zeit mich damit zu beschäftigen, leider obald es fertig ist, geb ich laut |
|
|
||
12.07.2006, 21:12
Ehrenmitglied
Beiträge: 29434 |
||
|
||
12.07.2006, 21:26
...neu hier
Themenstarter Beiträge: 8 |
#7
So hier der Report::
Spyware Scan Details Start Date: 12.07.2006 18:09:28 End Date: 12.07.2006 20:52:30 Total Time: 2 hrs 43 mins 2 secs Detected spyware NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Ignored Infected files detected C:\Programme\NewDotNet\newdotnet7_22.dll c:\windows\ndnuninstall7_22.exe C:\!KillBox\newdotnet7_22.dll C:\!KillBox\newdotnet7_22.dll( 1) C:\Dokumente und Einstellungen\Daniel\Desktop\backups\backup-20060708-194627-279.dll Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1 HKEY_LOCAL_MACHINE\SOFTWARE\New.net LSPStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run New.net Startup HKEY_LOCAL_MACHINE\software\new.net HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 458774 HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet7_22.dll HKEY_LOCAL_MACHINE\software\new.net Tag id=b1d0feae458991e756b151b74bc94d40 HKEY_LOCAL_MACHINE\software\new.net DiscardTag HKEY_LOCAL_MACHINE\software\new.net FirstTime HKEY_LOCAL_MACHINE\software\new.net Source NNWDAB~1 HKEY_LOCAL_MACHINE\software\new.net Prt NNWDAB638 HKEY_LOCAL_MACHINE\software\new.net LSPStatus 0 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29796793 HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo 287599522 HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2 HKEY_LOCAL_MACHINE\software\new.net Search 1 HKEY_LOCAL_MACHINE\software\new.net Activity 9501 HKEY_LOCAL_MACHINE\software\new.net XpiDone 1 HKEY_CURRENT_USER\Software\New.net HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net Changed 0 SearchMiracle.EliteBar Browser Plug-in more information... Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar. Status: Ignored Infected files detected C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CMWTCU0X\sideb[1].exe E:\Nicht verwendete Desktopverknüpfungen\hijackthis_199\backups\backup-20050517-085019-318.dll Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647} HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ProgID CGBand.CGBandObj.1 HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\VersionIndependentProgID CGBand.CGBandObj HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647} Elite SideBar AntiLeech Plugin Adware (General) more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Ignored Infected files detected c:\programme\anti-leech\alnn\al2np.dll c:\programme\anti-leech\alnn\alhlp.exe c:\programme\anti-leech\alnn\npalnn.dll c:\programme\anti-leech\alnn\setup2.exe C:\Programme\Mozilla Firefox\plugins\al2np.dll Infected registry entries detected HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.2 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.3 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.4 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.6 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.2 C:\Programme\Mozilla Firefox\plugins\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u WhenU.VVSN Adware Downloader more information... Details: WhenU.VVSN is an installer application for many WhenU products, including WhenU.Save!, WhenU.Weathercast, WhenUSearch, and WhenU.ClockSync. Status: Ignored Infected files detected c:\programme\themexp\themexp.org file\vvsninst.exe Weatherbug Low Risk Adware more information... Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon. Status: Ignored Infected files detected C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll Infected registry entries detected HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} IMiniBugTransporterX HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 MiniBugTransporterX Class HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CurVer MiniBugTransporter.MiniBugTransporterX.1 HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx MiniBugTransporterX Class HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\Real\WeatherBug\ HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0 MiniBugTransporter 1.0 Type Library HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID MiniBugTransporter.MiniBugTransporterX.1 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll, 101 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID MiniBugTransporter.MiniBugTransporterX HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class WildMedia.Winpage Browser Plug-in more information... Details: Winpage is an Internet Explorer Browser Helper Object (BHO) that hijacks the user's start page. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\ProgID CGBand.CGBandObj.1 HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\VersionIndependentProgID CGBand.CGBandObj HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} Elite SideBar RealVNC Commercial Remote Control Tool more information... Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\Software\RealVNC HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SecurityTypes None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 ReverseSecurityTypes None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryConnect 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PortNumber 5900 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 IdleTimeout 3600 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 HTTPPortNumber 5800 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 LocalHost 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Hosts +, HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptKeyEvents 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptPointerEvents 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptCutText 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SendCutText 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableLocalInputs 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectClients 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AlwaysShared 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 NeverShared 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectAction None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemoveWallpaper 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemovePattern 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableEffects 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UpdateMethod 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PollConsoleWindows 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseCaptureBlt 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseHooks 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Protocol3.3 0 VNC Enterprise Edition Commercial Remote Control Tool more information... Details: VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 SecurityTypes None HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 ReverseSecurityTypes None HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 QueryConnect 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 PortNumber 5900 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 IdleTimeout 3600 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 HTTPPortNumber 5800 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 LocalHost 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 Hosts +, HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptKeyEvents 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptPointerEvents 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptCutText 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 SendCutText 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisableLocalInputs 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisconnectClients 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AlwaysShared 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 NeverShared 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisconnectAction None HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 RemoveWallpaper 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 RemovePattern 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisableEffects 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UpdateMethod 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 PollConsoleWindows 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UseCaptureBlt 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UseHooks 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 Protocol3.3 0 HKEY_CURRENT_USER\Software\RealVNC Accoona.Toolbar Toolbar more information... Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CurVer ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch ADefaultSearch Class HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Distribution ID 41856242865279165331244888 HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Package ID 400135 HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_SOURCE webda HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_MEDIUM bund HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_CAMPAIGN webda135 HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} IADefaultSearch HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\0\win32 C:\Programme\Accoona\ASearchAssist.dll HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\HELPDIR C:\Programme\Accoona\ HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0 ASearchAssist 1.0 Type Library HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page http://www.accoona.com Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\.plp HKEY_CLASSES_ROOT\.plp\UndoClass ACDSee 7.0.plp HKEY_CLASSES_ROOT\.plp ACDSee Pro.plp |
|
|
||
12.07.2006, 21:32
Ehrenmitglied
Beiträge: 29434 |
#8
du hast alles auf " Ignored" gelassen, also nichts geloescht.
bevor du alles auf "remove" stellst: LSPfix http://www.spychecker.com/program/lspfix.html schreibe mir, welche dll du rechts oder links findest. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.07.2006, 15:46
...neu hier
Themenstarter Beiträge: 8 |
||
|
||
13.07.2006, 16:18
Ehrenmitglied
Beiträge: 29434 |
#10
gut, dann kannst du bedenkenlos alles was vom counterspy angezeigt wird auf "remove" stellen.
dann scanne noch mal und poste wieder den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.07.2006, 16:25
...neu hier
Themenstarter Beiträge: 8 |
#11
Okay, bleibt nun nur noch die Frage Wo ich da was auf Remove stellen kann??? Blind wohl blind heute
Gruß Daniel |
|
|
||
13.07.2006, 16:45
Ehrenmitglied
Beiträge: 29434 |
#12
schau mal auf der seite, da ist es genau erklaert
http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.07.2006, 17:21
...neu hier
Themenstarter Beiträge: 8 |
#13
Ach gott, wenn ich Dich nich hät :-)
DANKE So nun hier der Log von Counterspy, diesmal hab ich remove angeklickt :-) Spyware Scan Details Start Date: 13.07.2006 16:25:50 End Date: 13.07.2006 18:33:53 Total Time: 2 hrs 8 mins 3 secs Detected spyware NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Deleted Infected files detected c:\windows\ndnuninstall7_22.exe C:\!KillBox\newdotnet7_22.dll C:\!KillBox\newdotnet7_22.dll( 1) C:\Dokumente und Einstellungen\Daniel\Desktop\backups\backup-20060708-194627-279.dll Infected registry entries detected HKEY_CURRENT_USER\Software\New.net SearchMiracle.EliteBar Browser Plug-in more information... Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar. Status: Deleted Infected files detected C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CMWTCU0X\sideb[1].exe E:\Nicht verwendete Desktopverknüpfungen\hijackthis_199\backups\backup-20050517-085019-318.dll Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647} HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\ProgID CGBand.CGBandObj.1 HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647}\VersionIndependentProgID CGBand.CGBandObj HKEY_CLASSES_ROOT\clsid\{BE8D0059-D24D-4919-B76F-99F4A2203647} Elite SideBar AntiLeech Plugin Adware (General) more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Deleted Infected files detected c:\programme\anti-leech\alnn\al2np.dll c:\programme\anti-leech\alnn\alhlp.exe c:\programme\anti-leech\alnn\npalnn.dll c:\programme\anti-leech\alnn\setup2.exe C:\Programme\Mozilla Firefox\plugins\al2np.dll Infected registry entries detected HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.2 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.3 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.4 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.6 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.2 C:\Programme\Mozilla Firefox\plugins\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u WhenU.VVSN Adware Downloader more information... Details: WhenU.VVSN is an installer application for many WhenU products, including WhenU.Save!, WhenU.Weathercast, WhenUSearch, and WhenU.ClockSync. Status: Deleted Infected files detected c:\programme\themexp\themexp.org file\vvsninst.exe Weatherbug Low Risk Adware more information... Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon. Status: Deleted Infected files detected C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll Infected registry entries detected HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0} HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} IMiniBugTransporterX HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 MiniBugTransporterX Class HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CLSID {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx\CurVer MiniBugTransporter.MiniBugTransporterX.1 HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx MiniBugTransporterX Class HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\Real\WeatherBug\ HKEY_CLASSES_ROOT\typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}\1.0 MiniBugTransporter 1.0 Type Library HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ProgID MiniBugTransporter.MiniBugTransporterX.1 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\ToolboxBitmap32 C:\Programme\Gemeinsame Dateien\Real\WeatherBug\MiniBugTransporter.dll, 101 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\TypeLib {3C2D2A1E-031F-4397-9614-87C932A848E0} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}\VersionIndependentProgID MiniBugTransporter.MiniBugTransporterX HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class WildMedia.Winpage Browser Plug-in more information... Details: Winpage is an Internet Explorer Browser Helper Object (BHO) that hijacks the user's start page. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\ProgID CGBand.CGBandObj.1 HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647}\VersionIndependentProgID CGBand.CGBandObj HKEY_CLASSES_ROOT\clsid\{be8d0059-d24d-4919-b76f-99f4a2203647} Elite SideBar RealVNC Commercial Remote Control Tool more information... Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\RealVNC HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SecurityTypes None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 ReverseSecurityTypes None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryConnect 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PortNumber 5900 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 IdleTimeout 3600 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 HTTPPortNumber 5800 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 LocalHost 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Hosts +, HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptKeyEvents 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptPointerEvents 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AcceptCutText 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 SendCutText 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableLocalInputs 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectClients 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 AlwaysShared 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 NeverShared 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisconnectAction None HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemoveWallpaper 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 RemovePattern 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 DisableEffects 0 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UpdateMethod 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 PollConsoleWindows 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseCaptureBlt 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 UseHooks 1 HKEY_LOCAL_MACHINE\Software\RealVNC\WinVNC4 Protocol3.3 0 VNC Enterprise Edition Commercial Remote Control Tool more information... Details: VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 SecurityTypes None HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 ReverseSecurityTypes None HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 QueryConnect 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 QueryOnlyIfLoggedOn 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 PortNumber 5900 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 IdleTimeout 3600 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 HTTPPortNumber 5800 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 LocalHost 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 Hosts +, HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptKeyEvents 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptPointerEvents 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AcceptCutText 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 SendCutText 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisableLocalInputs 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisconnectClients 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 AlwaysShared 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 NeverShared 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisconnectAction None HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 RemoveWallpaper 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 RemovePattern 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 DisableEffects 0 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UpdateMethod 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 PollConsoleWindows 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UseCaptureBlt 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 UseHooks 1 HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 Protocol3.3 0 HKEY_CURRENT_USER\Software\RealVNC Accoona.Toolbar Toolbar more information... Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CurVer ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch ADefaultSearch Class HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Distribution ID 41856242865279165331244888 HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Package ID 400135 HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_SOURCE webda HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_MEDIUM bund HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} UTM_CAMPAIGN webda135 HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} IADefaultSearch HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\0\win32 C:\Programme\Accoona\ASearchAssist.dll HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\HELPDIR C:\Programme\Accoona\ HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0 ASearchAssist 1.0 Type Library HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page http://www.accoona.com Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\.plp HKEY_CLASSES_ROOT\.plp\UndoClass ACDSee 7.0.plp HKEY_CLASSES_ROOT\.plp ACDSee Pro.plp DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\daniel\cookies\daniel@doubleclick[1].txt Dieser Beitrag wurde am 13.07.2006 um 18:39 Uhr von Voice editiert.
|
|
|
||
14.07.2006, 17:08
Ehrenmitglied
Beiträge: 29434 |
#14
wunderbar
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet. dann ist wieder alles sauber ! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.07.2006, 17:12
...neu hier
Themenstarter Beiträge: 8 |
#15
Und dann is der Rechner wieder sauber?????
Ach und reicht es wenn ich nur noch c: scanne?? Oder muss ich alle Platten scannen?? |
|
|
||
Also hab es mit Killbox probiert, datei nach dem reboot noch da, habs mit Lspfix probiert, auch nich, online komme ich nun komischerweiße nachdem ich firefox in den autostart gelegt habe, alles andere (Mail Client, icq, msn versagt kläglich, der Prozess wird zwar gestartet aber es passiert nix :-( Hier mal mein Hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 18:11:46, on 10.07.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Hardcopy\hardcopy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinBar\WinBar.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Dokumente und Einstellungen\Daniel\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=40013
5&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_i
d=400135&utm_content=leftnav&utm_source=webda&utm_medium=bund&utm_campaign=webda135
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Startup: Mozilla Firefox (2).lnk = C:\Programme\Mozilla Firefox\firefox.exe
O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe
O4 - Startup: WinBar.lnk = C:\Programme\WinBar\WinBar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {59691FFA-FAF2-4327-8BD7-F8D4C42E3107} (EmandoAX Control) - https://www.e-mando.de/download/EmandoAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139999537812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139999526406
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.pro-support.de/scan/Msie/bitdefender.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
Spybot & Destroy läd ebenfalls nicht, genau so wie ad aware und antvir.... bin echt am ende :-(((