Mein Pc fährt ständig runter und ich weiß nicht warumThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
05.08.2006, 14:23
...neu hier
Beiträge: 7 |
||
|
||
05.08.2006, 15:04
Moderator
Beiträge: 7805 |
#2
Arbeite das ab und zeige uns die Ergebnisse:
http://board.protecus.de/t23188.htm __________ MfG Ralf SEO-Spam Hunter |
|
|
||
05.08.2006, 15:32
...neu hier
Themenstarter Beiträge: 7 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 15:19:09, on 05.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Dit.exe C:\Programme\Classic PhoneTools\CapFax.EXE C:\Programme\Medion\PowerCinema\My_TV\Agent.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Programme\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\DitExp.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Dokumente und Einstellungen\Kristin\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gslukhkxslzoigbxlzqdpl.com/E/SmO5JJi9pGShT/_cMQ/PNW5LURDtQdFk1wKAPTkKcQm1DLsVbJvdm0YHLf_zJN.jpg R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {AD115721-2B4A-027B-52BC-60568A7DF5BC} - C:\DOKUME~1\Kristin\ANWEND~1\ACIDSO~1\ToolDefy.exe O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CapFax] C:\Programme\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [Agent] C:\Programme\Medion\PowerCinema\My_TV\Agent.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [magsdead] C:\DOKUME~1\Kristin\ANWEND~1\DRAWDU~1\oozeclosegreat.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {36AF14E3-8E6A-413E-A01F-360900AD6802} - http://www.medionshop.de (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.medion.de O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kristin2511.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab O18 - Protocol: bw+0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Start Time= 05.08.2006 15:28:47,09 Running from: C:\Programme\Mozilla Firefox QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-05 15:21:06 ( .D... ) "C:\Programme\CleanUp!" 2006-08-03 23:13:20 ( .D... ) "C:\Programme\MyGlobalSearch" 2006-08-01 13:15:10 ( .D... ) "C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\TuneUp Software" 2006-07-21 13:26:04 ( .D... ) "C:\Programme\ICQToolbar" 2006-07-21 13:24:44 ( .D... ) "C:\Programme\ICQLite" 2006-07-21 13:24:44 ( .D... ) "C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\ICQLite" 2006-07-14 17:50:20 118784 ( ....R ) "C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe" 2006-07-09 17:02:08 ( .D... ) "C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\LimeWire" 2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-16 00:28:00 57384 ( A.... ) "C:\WINDOWS\system32\avsda.dll" 2006-05-31 12:52:34 79184 ( A.... ) "C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\GDIPFONTCACHEV1.DAT" 2006-05-19 15:09:50 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-05-19 15:09:50 112128 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll" 2006-05-19 15:09:50 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll" 2006-04-30 18:06:24 5598944 ( A.... ) "C:\Programme\FirefoxGoogleToolbarSetup.exe" 2006-01-23 22:16:24 1039452 ( A.... ) "C:\Programme\wrar351d.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-14 17:57 118.784 C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Dit"="Dit.exe" "CapFax"="C:\\Programme\\Classic PhoneTools\\CapFax.EXE" "Agent"="C:\\Programme\\Medion\\PowerCinema\\My_TV\\Agent.exe" "Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "ToADiMon.exe"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart" "MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\"" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "SoundMan"="SOUNDMAN.EXE" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "NVIEW"="" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "magsdead"="C:\\DOKUME~1\\Kristin\\ANWEND~1\\DRAWDU~1\\oozeclosegreat.exe" "MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe" "LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="http://www.foxyoriginals.com/resources/contentfiles/foxyfun/wallpapers/pink/1024x768/walppr_1024x768_pink.jpg" "SubscribedURL"="http://www.foxyoriginals.com/resources/contentfiles/foxyfun/wallpapers/pink/1024x768/walppr_1024x768_pink.jpg" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,02,00,00,00,13,00,00,00,10,07,00,00,06,04,00,00,e8,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,02,00,00,00,13,00,00,00,10,07,00,00,06,04,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,6b,13,41,c0,ac,74,78,d6,b3,0b,68,de,6b,13,20,6d,\ 6b,13,69,bb,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,c0 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,c0 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" "InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "MediaGateway"="C:\\Programme\\MediaGateway\\MediaGateway.exe" "Link Keep Remote Dvd"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\kind five link keep\\COPYBUILD.exe" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 05.08.2006 15:29:02,57 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 706A-702F Verzeichnis von C:\WINDOWS\system32 05.08.2006 15:26 1.158 wpa.dbl 05.08.2006 01:58 984 ikhcore.log 13.07.2006 23:27 374.064 perfh009.dat 13.07.2006 23:27 50.532 perfc009.dat 13.07.2006 23:27 384.216 perfh007.dat 13.07.2006 23:27 61.096 perfc007.dat 13.07.2006 23:27 879.502 PerfStringBackup.INI 07.07.2006 03:21 6.757.792 MRT.exe 19.06.2006 16:20 702.768 WgaLogon.dll 19.06.2006 16:19 571.184 LegitCheckControl.dll 19.06.2006 16:19 304.944 WgaTray.exe 16.06.2006 00:27 57.384 avsda.dll 01.06.2006 20:47 27.648 jgpl400.dll 01.06.2006 20:47 163.840 jgdw400.dll 29.05.2006 17:30 1.494.016 shdocvw.dll 29.05.2006 15:06 4.212 zllictbl.dat 19.05.2006 17:09 3.073.536 mshtml.dll 19.05.2006 15:09 95.744 iphlpapi.dll 19.05.2006 15:09 148.480 dnsapi.dll 19.05.2006 15:09 112.128 dhcpcsvc.dll 18.05.2006 07:36 450.560 jscript.dll 14.05.2006 10:48 181.248 rasmans.dll 11.05.2006 10:57 27.136 xpsp3res.dll 10.05.2006 07:23 664.064 wininet.dll 10.05.2006 07:22 474.624 shlwapi.dll 10.05.2006 07:22 615.936 urlmon.dll 10.05.2006 07:22 448.512 mshtmled.dll 10.05.2006 07:22 39.424 pngfilt.dll 10.05.2006 07:22 146.432 msrating.dll 10.05.2006 07:22 532.480 mstime.dll 10.05.2006 07:22 96.768 inseng.dll |
|
|
||
05.08.2006, 16:08
Moderator
Beiträge: 7805 |
#4
Wenn du den Messangerplus3 nicht brauchst, deinstalliere in, inklusiv dem Sponsorprogramm. DAs sollte schon reichen....
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
05.08.2006, 16:21
...neu hier
Themenstarter Beiträge: 7 |
#5
und was ist wenn ich ihn brauche ?
|
|
|
||
05.08.2006, 16:28
Ehrenmitglied
Beiträge: 29434 |
#6
MessengerPlus! 3 istalliert den Swizzor-Trojaner...
look.zip laden - entpacken - look.bat - doppeltklicken - kopiere den Text ab, der erscheint http://virus-protect.org/zip/look.zip ------------ C:\Programme\MyGlobalSearch ist auch Muell, ist SpyWare __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.08.2006, 16:33
...neu hier
Themenstarter Beiträge: 7 |
#7
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 706A-702F Verzeichnis von C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten 01.08.2006 13:15 <DIR> . 01.08.2006 13:15 <DIR> .. 21.05.2006 13:48 <DIR> ACIDSO~1 AcidSoftware 04.09.2002 23:20 <DIR> Adobe 04.01.2005 11:36 <DIR> APPLEC~1 Apple Computer 05.09.2002 22:11 <DIR> CYBERL~1 CyberLink 21.05.2006 13:47 <DIR> DRAWDU~1 draw dupe 30.12.2005 00:24 <DIR> FotoWire 31.05.2006 12:52 79.184 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT 06.09.2002 13:12 <DIR> Help 27.07.2006 19:50 <DIR> ICQLite 05.09.2002 01:58 <DIR> IDENTI~1 Identities 04.09.2002 23:20 <DIR> INTERT~1 InterTrust 11.07.2006 19:08 <DIR> LimeWire 16.12.2005 23:18 <DIR> MACROM~1 Macromedia 30.04.2006 18:11 <DIR> Mozilla 12.12.2005 21:26 <DIR> MSN6 30.04.2006 18:30 <DIR> Sun 16.12.2005 23:13 <DIR> T-Online 01.08.2006 13:15 <DIR> TUNEUP~1 TuneUp Software 1 Datei(en) 79.184 Bytes 19 Verzeichnis(se), 42.671.210.496 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 706A-702F Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 10.02.2006 21:44 305 ADDR_F~1.HTM addr_file.html 04.08.2006 17:52 <DIR> ANTIVI~1 AntiVir PersonalEdition Classic 08.02.2006 20:02 <DIR> APPLEC~1 Apple Computer 26.09.2002 16:08 <DIR> CYBERL~1 CyberLink 21.05.2006 13:47 <DIR> KINDFI~1 kind five link keep 22.12.2005 01:36 <DIR> MESSEN~1 Messenger Plus! 20.10.2003 12:57 <DIR> MSN6 30.12.2005 00:21 <DIR> QUICKT~1 QuickTime 05.09.2002 02:03 <DIR> SBSI 20.11.2003 16:34 <DIR> SBT 16.12.2005 21:43 <DIR> T-Online 27.05.2006 00:34 <DIR> TUNEUP~1 TuneUp Software 07.04.2006 20:59 <DIR> WINANT~1 WinAntiVirus Pro 2006 21.12.2005 20:17 <DIR> WINDOW~1 Windows Genuine Advantage 1 Datei(en) 305 Bytes 13 Verzeichnis(se), 42.671.210.496 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 706A-702F Verzeichnis von C:\WINDOWS\tasks 18.08.2001 14:00 65 desktop.ini 05.08.2006 15:25 6 SA.DAT 2 Datei(en) 71 Bytes 0 Verzeichnis(se), 42.671.210.496 Bytes frei |
|
|
||
05.08.2006, 18:55
Ehrenmitglied
Beiträge: 29434 |
#8
InNot
wenn man soviel Muell laedt, braucht man sich nicht zu wundern, wenn das System zerschossen ist............. ------------------------------------------------------------------------ 1. Versteckte- und Systemdateien sichtbar machen http://virus-protect.org/invisible.html -------------------------------------------------------------------------------------------------- öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gslukhkxslzoigbxlzqdpl.com/E/SmO5JJi9pGShT/_cMQ/PNW5LURDtQdFk1wKAPTkKcQm1DLsVbJvdm0YHLf_zJN.jpgPC neustarten (in den abgesicherten Modus) --> F8 drücken, wenn der PC hochfährt das ist notwendig, denn im Normalmodus kann man die Dateien nicht löschen ** loeschen: C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\draw dupe C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\AcidSoftware C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kind five link keep C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus! C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 C:\Programme\WinAntiVirus Pro 2006 C:\Programme\Common Files\Companion Wizard C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\WinAntiVirus Pro 2006 ** deinstallieren: "Start -> Einstellungen -> Systemsteuerung -> Software" - MessengerPlus! 3 - MyGlobalSearch - MediaGateway ** boote wieder in den normalmodus ** Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften ---> Reiter Systemwiederherstellung ---> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) ** Counterspy --> löscht die Eintraege in der Registry von MessengerPlus! 3 und WinAntiVirus Pro 2006 http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Remove poste den repeort ** neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.08.2006, 17:35
...neu hier
Themenstarter Beiträge: 7 |
#9
Spyware Scan Details
Start Date: 06.08.2006 17:01:16 End Date: 06.08.2006 17:32:43 Total Time: 31 mins 27 secs Detected spyware BearShare P2P Program more information... Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected c:\programme\bearshare\bearshare.dat c:\programme\bearshare\bearshare.exe c:\programme\bearshare\bearsharezangoinstaller.exe c:\programme\bearshare\bsidle.dll c:\programme\bearshare\bsz.exe c:\programme\bearshare\freepeers.ini c:\programme\bearshare\history.txt c:\programme\bearshare\install.log c:\programme\bearshare\proinstall2.ini c:\programme\bearshare\runmsc.dll c:\programme\bearshare\unwise.exe c:\programme\bearshare\unwise.ini c:\programme\bearshare\webstats.bat c:\programme\bearshare\webstats.exe c:\programme\bearshare\webstats.ini c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\connect.txt c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\db\hostiles-chat.txt c:\programme\bearshare\db\hostiles.txt c:\programme\bearshare\db\library.2.db c:\programme\bearshare\db\library.2.db-journal.bak c:\programme\bearshare\db\library.2.db.lastgoodload.bak c:\programme\bearshare\db\library.db c:\programme\bearshare\db\library.db.lastgoodload.bak c:\programme\bearshare\db\library.db.sync c:\programme\bearshare\db\searches.ini c:\programme\bearshare\installer\bsinstallde_de5.2.5.5.exe c:\programme\bearshare\logs\hosts-state.txt c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt c:\programme\bearshare\logs\streams.txt c:\programme\bearshare\sounds\notify.wav c:\programme\bearshare\temp\tmpschneeflitchen.und.die.7.zwerge.[found via www.esel-pornos.de].(zeichentrick).mpg c:\dokumente und einstellungen\all users\startmenü\programme\bearshare.lnk c:\dokumente und einstellungen\kristin\desktop\bearshare downloads.lnk c:\dokumente und einstellungen\kristin\desktop\bearshare.lnk c:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\OFFPRV10.DLL Infected registry entries detected HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare\ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\\UNWISE.EXE C:\PROGRA~1\BEARSH~1\\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.5.6DE HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32 C:\PROGRA~1\GEMEIN~1\MICROS~1\Msinfo\OFFPRV10.DLL HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} PSFactoryBuffer HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} yxCTtt HxXTwMWRWVBJnid]cp}XYCNb\ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} XSwfjofwjoyA KPKZGj@h`lpoMnz][Ae HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} lZpL z]zENghpCFyWhfKoPIPl\ac`paAs HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kFxknrwXlh otEUZTTvQ[N}ydXulTe~RWHqCrwv^ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} uYvfdp K{mRwFMFzmU\p]p\Skv`\OvqWJpdsGR HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} emEn crQy`MziLjZ}pislbN^n HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Jabjspmz Gb|LSQRwJmkQkcmEr}O\QS HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} poxt mqJqMmLrumFN{TMh|Ud HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Cdjiw g|oKcUKpiMvOReIQVTcI^jXtzurQKHc HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} pdWmV pTxNEh|{YMC~ZpP~XtePnOEGf HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} eRrEiaaUPum CeDg{QRuG~vgQVL HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} SGhdyyqxHl FzHNGErXjYVK]}qQA HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qhbar nGQbhm{^^eJnSSFXsLNQ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ymzcwzdoc {BghohpnEGQiBABz~ZJbefUv^ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} earhM k` HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,5,6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale DE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare Changed 0 Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Deleted Infected files detected c:\programme\messengerplus! 3\plugins\colornick\catalan.lng c:\programme\messengerplus! 3\plugins\colornick\cnuninst.exe c:\programme\messengerplus! 3\plugins\colornick\colornick.xml c:\programme\messengerplus! 3\plugins\colornick\dutch.lng c:\programme\messengerplus! 3\plugins\colornick\english.lng c:\programme\messengerplus! 3\plugins\colornick\french.lng c:\programme\messengerplus! 3\plugins\colornick\italian.lng c:\programme\messengerplus! 3\plugins\colornick\leeme.rtf c:\programme\messengerplus! 3\plugins\colornick\leesmij.rtf c:\programme\messengerplus! 3\plugins\colornick\leggimi.rtf c:\programme\messengerplus! 3\plugins\colornick\lisezmoi.rtf c:\programme\messengerplus! 3\plugins\colornick\llegeix-me.rtf c:\programme\messengerplus! 3\plugins\colornick\readme.rtf c:\programme\messengerplus! 3\plugins\colornick\spanish.lng c:\dokumente und einstellungen\kristin\desktop\msgplus-362.exe WinFixer Rogue Security Program more information... Details: WinFixer is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan. Status: Deleted Infected files detected c:\windows\system32\drivers\df_u42.sys C:\Programme\Gemeinsame Dateien\WinFixer 2005\FCrXML.dll C:\Programme\Gemeinsame Dateien\WinFixer 2005\uwappchk.dll Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316} HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib {25BAE2A9-DF54-4927-AF6F-9963146D11D8} HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316} ICheckProduct HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8} HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinFixer 2005\uwappchk.dll HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinFixer 2005\ HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0 CheckProduct2Lib Zango.SearchAssistant Adware (General) more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected files detected c:\programme\mozilla firefox\plugins\npclntax.dll Hotbar Toolbar more information... Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\country.exe C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_weather.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\icons2.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\progress.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\t2_bg.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\tsd_bg.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\country.exe C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_weather.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\icons2.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\progress.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\t2_bg.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\tsd_bg.res C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\country.xip C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} Hotbar Information Window HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE15} WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected files detected C:\Programme\BearShare\RunMSC.dll Infected registry entries detected HKEY_CLASSES_ROOT\runmsc.loader.1\clsid HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\clsid HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\curver HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1 HKEY_CLASSES_ROOT\wusn.1 HKEY_CLASSES_ROOT\wusn.1 WUSN_Id HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class Zango.CommonElements Adware (General) more information... Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\zango HKEY_CURRENT_USER\Software\zango last_conn_h 29800373 HKEY_CURRENT_USER\Software\zango last_conn_l -1846849954 HKEY_CURRENT_USER\Software\zango we 2 HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b%2b HrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw%2fNv9nrsrSnWJeVY YOVwmomfWl5YZRa9a Y516%2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC HKEY_CURRENT_USER\Software\zango TimeOffset -25232 HKEY_CURRENT_USER\Software\zango geourl_current_version 12 HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12 HKEY_CURRENT_USER\Software\zango actionurl_current_version 552 HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 551 HKEY_CURRENT_USER\Software\zango keyword_current_version 949 HKEY_CURRENT_USER\Software\zango keyword_last_full_version 949 iMesh P2P Program more information... Details: iMesh is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected C:\WINDOWS\system32\GnucDNA.dll Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} _IDownloadEvent HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB} HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB} IUpload HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945} HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945} _IShareEvent HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE} HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE} _IUpdateEvent HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC} HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC} _INetworkEvent HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C} HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C} _IChatEvent HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A} HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A} ICache HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE} HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE} IShare HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A} HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A} IChat HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2} HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2} ISearch HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD} HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD} IUpdate HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F} HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F} _IUploadEvent HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973} HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973} IPrefs HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2} HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2} _ISearchEvent HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555} HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555} IDownload HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B} HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B} IMeta HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209} HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A} HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209} INetwork Hotbar.ShopperReports Low Risk Adware more information... Details: Part of Hotbar recent installation via shopperreports.com. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14} MyGlobalSearch.Toolbar Potentially Unwanted Program more information... Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id CE280C80-FF4A-4A29-AF01-207148FC73D0 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006080407 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530 RealVNC Commercial Remote Control Tool more information... Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\ORL\VNCHooks HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_GetUpdateRect 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_Timer 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_KeyPress 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_LButtonUp 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_MButtonUp 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_RButtonUp 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_Deferral 1 WhenU.WhenUSearch Low Risk Adware more information... Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\WUSN.1 HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id WinAntiVirus Pro Rogue Security Program more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Type 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Start 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Tag 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk ImagePath \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk DisplayName vspf_hk HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Group Streams Drivers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Type 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Start 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Tag 8 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf ImagePath \??\C:\WINDOWS\system32\drivers\vspf5.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DisplayName vspf HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Group PNP_TDI HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DependOnService tcpip HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DependOnGroup ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\kristin\cookies\kristin@atdmt[2].txt Radar Spy 1.0 Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\kristin\cookies\kristin@tradedoubler[1].txt Weborama Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\kristin\cookies\kristin@weborama[2].txt |
|
|
||
06.08.2006, 19:36
Ehrenmitglied
Beiträge: 29434 |
#10
1.
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet. 2. loesche manuell. falls es noch vorhanden ist: C:\WINDOWS\system32\drivers\vspf5.sys C:\Programme\Zango c:\programme\bearshare 3. scanne online mit panda und poste den report http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.08.2006, 21:51
...neu hier
Themenstarter Beiträge: 7 |
#11
Incident Status Location
Adware:adware/savenow Not disinfected Windows Registry Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_classes_root\WAP6.PCheck Not disinfected C:\Dokumente und Einstellungen\Kristin\Cookies\kristin@atwola[1].txt Spyware:Cookie/Weborama Not disinfected C:\Dokumente und Einstellungen\Kristin\Cookies\kristin@weborama[2].txt Adware:Adware/Lop Not disinfected C:\Dokumente und Einstellungen\Kristin\Desktop\backups\backup-20060806-163411-646.dll Possible Virus. Not disinfected C:\WINDOWS\Downloaded Installations\{C32ACEF8-937B-40BC-84B0-FB81EE655AB4}\Sunbelt CounterSpy.msi[unk_0076] Possible Virus. Not disinfected C:\WINDOWS\Installer\8e8b8.msi[unk_0070] ---------------- die dateien waren nich mehr da die ich manuell löschen sollte .... |
|
|
||
06.08.2006, 22:52
Ehrenmitglied
Beiträge: 29434 |
#12
gehe in die registry
Start - Ausfuehren - regedit bearbeiten - suchen - WAP6.PCheck hkey_classes_root\WAP6.PCheck <--loeschen ------------------------------------------------------------------- + PC neustarten dann sollte wieder alles o.k. sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.08.2006, 20:25
...neu hier
Themenstarter Beiträge: 7 |
#13
gut danke ... sieht alles wieder normal aus ... dankeschön ...
|
|
|
||
wenn ich meinen pc anschalte fährt er nach ca 10 minuten wieder herunter und startet neu. wenn er dann wieder hochgefahren ist fährt er immerwieder neu herunter. ich habe schon diverse viren scanner drüberlaufen lassen, aber keiner erkennt einen virus ...
könnt ihr mir weiterhelfen ?