Spyware Quake entfernen |
||
---|---|---|
#0
| ||
19.07.2006, 15:45
Ehrenmitglied
Beiträge: 29434 |
||
|
||
19.07.2006, 18:00
Member
Beiträge: 47 |
#17
1. Vundofix hat nichts gefunden.
2. Erledigt 3. Logfile: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\tiutoeep ******************* Script file located at: \??\C:\WINDOWS\pgrhaicn.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ 11Fßä#·ºÄÖ`I deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ 11Fßä#·ºÄÖ`I deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11Fßä#·ºÄÖ`I not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11Fßä#·ºÄÖ`I failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11Fßä#·ºÄÖ`I Status: 0xc0000034 File C:\WINDOWS\system32\ilkkj.ini deleted successfully. File C:\WINDOWS\system32\nvapps.xml deleted successfully. File C:\WINDOWS\system32\ixt2.dll deleted successfully. File C:\WINDOWS\system32\ismon.exe deleted successfully. File C:\WINDOWS\system32\mcrh.tmp deleted successfully. File C:\WINDOWS\system32\ixt1.dll deleted successfully. File C:\WINDOWS\system32\ixt0.dll deleted successfully. File C:\WINDOWS\system32\issearch.exe deleted successfully. File C:\WINDOWS\system32\ot.ico deleted successfully. File C:\WINDOWS\system32\ts.ico deleted successfully. File C:\WINDOWS\system32\pmnqguh.dll not found! Deletion of file C:\WINDOWS\system32\pmnqguh.dll failed! Could not process line: C:\WINDOWS\system32\pmnqguh.dll Status: 0xc0000034 File C:\WINDOWS\system32\isnotify.exe deleted successfully. File C:\WINDOWS\system32\ishost.exe deleted successfully. File C:\WINDOWS\system32\ilkkj.bak2 deleted successfully. File C:\WINDOWS\system32\ilkkj.bak1 deleted successfully. File C:\WINDOWS\system32\jkkli.dll deleted successfully. File C:\WINDOWS\system32\wvurspo.dll deleted successfully. File C:\WINDOWS\system32\winetn32.dll deleted successfully. File C:\Programme\InetGet2\stub_109_4_0_4_0.exe not found! Deletion of file C:\Programme\InetGet2\stub_109_4_0_4_0.exe failed! Could not process line: C:\Programme\InetGet2\stub_109_4_0_4_0.exe Status: 0xc0000034 Could not open file C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031}\services.dll for deletion Deletion of file C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031}\services.dll failed! Could not process line: C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031}\services.dll Status: 0xc000003a Could not open file C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031}\Update.exe for deletion Deletion of file C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031}\Update.exe failed! Could not process line: C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031}\Update.exe Status: 0xc000003a File C:\WINDOWS\system32\components\flx5.dll deleted successfully. File C:\Programme\TClock\tcdll.tclock deleted successfully. File C:\Programme\TClock\tclock.exe deleted successfully. File C:\Programme\TClock\tclock.ini deleted successfully. File C:\Programme\TClock\tclock_install.exe deleted successfully. File C:\Dokumente und Einstellungen\razor\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini deleted successfully. Error: C:\Programme\Save is a folder, not a file! Deletion of file C:\Programme\Save failed! Could not process line: C:\Programme\Save Status: 0xc00000ba File C:\Programme\Save\ACM.dll not found! Deletion of file C:\Programme\Save\ACM.dll failed! Could not process line: C:\Programme\Save\ACM.dll Status: 0xc0000034 File C:\Programme\Save\save.db deleted successfully. File C:\Programme\Save\Save.exe not found! Deletion of file C:\Programme\Save\Save.exe failed! Could not process line: C:\Programme\Save\Save.exe Status: 0xc0000034 File C:\Programme\Save\save.htm deleted successfully. File C:\Programme\Save\SaveUninst.exe deleted successfully. File C:\Programme\Save\saveupdate.exe not found! Deletion of file C:\Programme\Save\saveupdate.exe failed! Could not process line: C:\Programme\Save\saveupdate.exe Status: 0xc0000034 File C:\Programme\Save\store.db deleted successfully. File C:\WINDOWS\Temp\win1.tmp deleted successfully. File C:\WINDOWS\Temp\win10.tmp deleted successfully. File C:\WINDOWS\Temp\win11.tmp deleted successfully. File C:\WINDOWS\Temp\win12.tmp deleted successfully. File C:\WINDOWS\Temp\win5.tmp deleted successfully. File C:\WINDOWS\Temp\win6.tmp deleted successfully. File C:\WINDOWS\Temp\win7.tmp deleted successfully. File C:\WINDOWS\Temp\win8.tmp deleted successfully. File C:\WINDOWS\Temp\win9.tmp deleted successfully. File C:\WINDOWS\Temp\winA.tmp deleted successfully. File C:\WINDOWS\Temp\winB.tmp deleted successfully. File C:\WINDOWS\Temp\winC.tmp deleted successfully. File C:\WINDOWS\Temp\winD.tmp deleted successfully. File C:\WINDOWS\Temp\winE.tmp deleted successfully. File C:\WINDOWS\Temp\winF.tmp deleted successfully. File C:\Programme\ipwins\count.dat deleted successfully. File C:\Programme\ipwins\data.dat deleted successfully. File C:\Programme\ipwins\date.dat deleted successfully. File C:\Programme\ipwins\ipwins.exe deleted successfully. File C:\Programme\ipwins\settings.dat deleted successfully. File C:\Programme\ipwins\settingsDate.dat deleted successfully. File C:\Programme\ipwins\Uninst.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IpWins not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IpWins failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins failed! Status: 0xc0000034 Registry key HKEY_USERS\S-1-5-21-583907252-1644491937-682003330-1004\Software\TClock not found! Deletion of registry key HKEY_USERS\S-1-5-21-583907252-1644491937-682003330-1004\Software\TClock failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. 4. Smitfraud Logfile: SmitFraudFix v2.74 Scan done at 17:12:11,46, 19.07.2006 Run from C:\Dokumente und Einstellungen\razor\Desktop\smitfraudfix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\razor\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\razor\FAVORI~1 C:\DOKUME~1\razor\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme C:\Programme\SpyQuake2.com\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.74 Scan done at 17:20:25,65, 19.07.2006 Run from C:\Dokumente und Einstellungen\razor\Desktop\smitfraudfix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOKUME~1\razor\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End 5.gelöscht: C:\Programme\LeechGet 2005 C:\Programme\Save C:\Programme\TClock C:\Programme\ipwins C:\Programme\InetGet2 6.gelöscht: C:\WINDOWS\system32\components nicht gelöscht werden könnte: C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031} (Datei services.dll ist in verwendung und lässt sich nicht beenden) 7. HiJackthis: Gefixt: O4 - HKCU\..\Run: [TClock.exe] C:\Programme\TClock\tclock_install.exe Nicht gefixt, da kein Eintrag vorhanden: O4 - HKLM\..\Run: [IpWins] C:\Programme\ipwins\ipwins.exe O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing) O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysuh32.exe (file missing) 8. Counterspy: Lässt sich nicht updaten, da meine Lizenz abgelaufen ist (die 15 Tage Testversion hatte ich schonmal) Soll ich versuchen ohne Update zu scannen? |
|
|
||
19.07.2006, 18:24
Ehrenmitglied
Beiträge: 29434 |
#18
**
Pocket KillBox http://virus-protect.org/killbox.html Options: "Delete on Reboot" und "ALL Files"--> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klickeauf "yes" reinkopieren: C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031} PC neustarten ** scanne mit counterspy ohne update und poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.07.2006, 13:44
Member
Beiträge: 47 |
#19
Killbox bringt nach klicken auf yes die Meldung
"PendingFileRenameOperations Registry Data has been Removed by External Process!" PC neugestartet und Counterspy scannen lassen: Spyware Scan Details Start Date: 21.07.2006 02:00:11 End Date: 21.07.2006 02:51:19 Total Time: 51 mins 8 secs Detected spyware Spyware.SearchAssistant Spyware more information... Status: Quarantined Adw.Afriz.Downloader Browser Hijacker more information... Details: Adw.Afriz.Downloader silently travels to porn sites without displaying IE. Status: Quarantined Infected files detected C:\Dokumente und Einstellungen\razor\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-3b20a737-30a52726.class C:\Dokumente und Einstellungen\razor\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-3b28b8a0-76f71bfc.class C:\Dokumente und Einstellungen\razor\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-5a384b9-3e667c67.class C:\Dokumente und Einstellungen\razor\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6482d9dc-35e1284a.class WhenU.SaveNow Adware more information... Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} WhenU.WeatherCast Low Risk Adware more information... Details: a local weather information program that sits in the desktop tray and offers current weather data, forecasts, and other weather information. Weathercast is often bundled with the Save advertising program and/or the WhenUSearch desktop toolbar. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WeatherCast HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\WeatherCast Order NetPumper Adware Bundler more information... Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.1\0\win32 C:\NetPumper\NetPumperPro.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.1\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.1\HELPDIR C:\NetPumper\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.1 NetPumper Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\razor\cookies\razor@ad.yieldmanager[1].txt |
|
|
||
21.07.2006, 15:28
Ehrenmitglied
Beiträge: 29434 |
#20
razor_89
du solltest alles gefundene auf "remove" stellen, wozu den Rechner verseucht belassen mit Netpumper und WhenU.SaveNow ?? + poste bitte das neue log vom HijacktHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.07.2006, 15:46
Member
Beiträge: 47 |
#21
Da der Lizenzschlüssel von Counterspy abgelaufen ist, lässt sich damit auch nichts löschen.
Trotzdem das Log von Hijackthis posten? |
|
|
||
21.07.2006, 15:52
Ehrenmitglied
Beiträge: 29434 |
#22
Avenger
Zitat registry keys to delete:poste den report + das log vom hijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
wende vundofix an
http://virus-protect.org/artikel/tools/vundofixx.html
poste den report
2.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen
3.
Avenger:
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:
Zitat
Klicke die gruene Ampeldas Script wird nun ausgeführt, dann wird der PC automatisch neustarten
**
poste das log vom Avenger, was erscheint
**
arbeite smitfraud.fix genau ab (Option 1 und 2 - lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
**
desinstallieren ...loeschen:
C:\Programme\LeechGet 2005
C:\Programme\Save
C:\Programme\TClock
C:\Programme\ipwins
C:\Programme\InetGet2
loeschen:
C:\WINDOWS\system32\components
C:\Programme\Gemeinsame Dateien\{E043B8CF-0708-1031-0827-040403110031}
---------------------------------------------------------------------------------------
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
O4 - HKLM\..\Run: [IpWins] C:\Programme\ipwins\ipwins.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Programme\TClock\tclock_install.exe
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysuh32.exe (file missing)
PC neustarten
**
scanne mit Counterspy
stelle alles auf "remove" und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina
rund um die PC-Sicherheit