Mein Pc fährt ständig runter und ich weiß nicht warum

Thema ist geschlossen!
Thema ist geschlossen!
#0
05.08.2006, 14:23
...neu hier

Beiträge: 7
#1 hallo erstmal ...

wenn ich meinen pc anschalte fährt er nach ca 10 minuten wieder herunter und startet neu. wenn er dann wieder hochgefahren ist fährt er immerwieder neu herunter. ich habe schon diverse viren scanner drüberlaufen lassen, aber keiner erkennt einen virus ...

könnt ihr mir weiterhelfen ?
Seitenanfang Seitenende
05.08.2006, 15:04
Moderator

Beiträge: 7805
#2 Arbeite das ab und zeige uns die Ergebnisse:

http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
05.08.2006, 15:32
...neu hier

Themenstarter

Beiträge: 7
#3 Logfile of HijackThis v1.99.1
Scan saved at 15:19:09, on 05.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Classic PhoneTools\CapFax.EXE
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Dokumente und Einstellungen\Kristin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gslukhkxslzoigbxlzqdpl.com/E/SmO5JJi9pGShT/_cMQ/PNW5LURDtQdFk1wKAPTkKcQm1DLsVbJvdm0YHLf_zJN.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AD115721-2B4A-027B-52BC-60568A7DF5BC} - C:\DOKUME~1\Kristin\ANWEND~1\ACIDSO~1\ToolDefy.exe
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CapFax] C:\Programme\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Agent] C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [magsdead] C:\DOKUME~1\Kristin\ANWEND~1\DRAWDU~1\oozeclosegreat.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {36AF14E3-8E6A-413E-A01F-360900AD6802} - http://www.medionshop.de (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.de
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kristin2511.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab
O18 - Protocol: bw+0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {CE2F5381-5FC8-4334-8C5C-668CE3A9FC1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe




Start Time= 05.08.2006 15:28:47,09
Running from: C:\Programme\Mozilla Firefox

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-05 15:21:06 ( .D... ) "C:\Programme\CleanUp!"
2006-08-03 23:13:20 ( .D... ) "C:\Programme\MyGlobalSearch"
2006-08-01 13:15:10 ( .D... ) "C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\TuneUp Software"
2006-07-21 13:26:04 ( .D... ) "C:\Programme\ICQToolbar"
2006-07-21 13:24:44 ( .D... ) "C:\Programme\ICQLite"
2006-07-21 13:24:44 ( .D... ) "C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\ICQLite"
2006-07-14 17:50:20 118784 ( ....R ) "C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe"
2006-07-09 17:02:08 ( .D... ) "C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\LimeWire"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-16 00:28:00 57384 ( A.... ) "C:\WINDOWS\system32\avsda.dll"
2006-05-31 12:52:34 79184 ( A.... ) "C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\GDIPFONTCACHEV1.DAT"
2006-05-19 15:09:50 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 15:09:50 112128 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 15:09:50 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-04-30 18:06:24 5598944 ( A.... ) "C:\Programme\FirefoxGoogleToolbarSetup.exe"
2006-01-23 22:16:24 1039452 ( A.... ) "C:\Programme\wrar351d.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-14 17:57 118.784 C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Dit"="Dit.exe"
"CapFax"="C:\\Programme\\Classic PhoneTools\\CapFax.EXE"
"Agent"="C:\\Programme\\Medion\\PowerCinema\\My_TV\\Agent.exe"
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"ToADiMon.exe"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart"
"MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SoundMan"="SOUNDMAN.EXE"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"magsdead"="C:\\DOKUME~1\\Kristin\\ANWEND~1\\DRAWDU~1\\oozeclosegreat.exe"
"MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.foxyoriginals.com/resources/contentfiles/foxyfun/wallpapers/pink/1024x768/walppr_1024x768_pink.jpg"
"SubscribedURL"="http://www.foxyoriginals.com/resources/contentfiles/foxyfun/wallpapers/pink/1024x768/walppr_1024x768_pink.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,02,00,00,00,13,00,00,00,10,07,00,00,06,04,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,02,00,00,00,13,00,00,00,10,07,00,00,06,04,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,6b,13,41,c0,ac,74,78,d6,b3,0b,68,de,6b,13,20,6d,\
6b,13,69,bb,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,c0
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"InfoCockpit"="C:\\Programme\\T-Online\\T-Online_Software_6\\Info-Cockpit\\INFOCOCKPIT.EXE /nosplash"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"MediaGateway"="C:\\Programme\\MediaGateway\\MediaGateway.exe"
"Link Keep Remote Dvd"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\kind five link keep\\COPYBUILD.exe"




Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 05.08.2006 15:29:02,57
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt




Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 706A-702F

Verzeichnis von C:\WINDOWS\system32

05.08.2006 15:26 1.158 wpa.dbl
05.08.2006 01:58 984 ikhcore.log
13.07.2006 23:27 374.064 perfh009.dat
13.07.2006 23:27 50.532 perfc009.dat
13.07.2006 23:27 384.216 perfh007.dat
13.07.2006 23:27 61.096 perfc007.dat
13.07.2006 23:27 879.502 PerfStringBackup.INI
07.07.2006 03:21 6.757.792 MRT.exe
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
16.06.2006 00:27 57.384 avsda.dll
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
29.05.2006 15:06 4.212 zllictbl.dat
19.05.2006 17:09 3.073.536 mshtml.dll
19.05.2006 15:09 95.744 iphlpapi.dll
19.05.2006 15:09 148.480 dnsapi.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
18.05.2006 07:36 450.560 jscript.dll
14.05.2006 10:48 181.248 rasmans.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 96.768 inseng.dll
Seitenanfang Seitenende
05.08.2006, 16:08
Moderator

Beiträge: 7805
#4 Wenn du den Messangerplus3 nicht brauchst, deinstalliere in, inklusiv dem Sponsorprogramm. DAs sollte schon reichen....
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
05.08.2006, 16:21
...neu hier

Themenstarter

Beiträge: 7
#5 und was ist wenn ich ihn brauche ?
Seitenanfang Seitenende
05.08.2006, 16:28
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 MessengerPlus! 3 istalliert den Swizzor-Trojaner...

look.zip laden - entpacken - look.bat - doppeltklicken - kopiere den Text ab, der erscheint
http://virus-protect.org/zip/look.zip

------------

C:\Programme\MyGlobalSearch ist auch Muell, ist SpyWare
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.08.2006, 16:33
...neu hier

Themenstarter

Beiträge: 7
#7 Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 706A-702F

Verzeichnis von C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten

01.08.2006 13:15 <DIR> .
01.08.2006 13:15 <DIR> ..
21.05.2006 13:48 <DIR> ACIDSO~1 AcidSoftware
04.09.2002 23:20 <DIR> Adobe
04.01.2005 11:36 <DIR> APPLEC~1 Apple Computer
05.09.2002 22:11 <DIR> CYBERL~1 CyberLink
21.05.2006 13:47 <DIR> DRAWDU~1 draw dupe
30.12.2005 00:24 <DIR> FotoWire
31.05.2006 12:52 79.184 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
06.09.2002 13:12 <DIR> Help
27.07.2006 19:50 <DIR> ICQLite
05.09.2002 01:58 <DIR> IDENTI~1 Identities
04.09.2002 23:20 <DIR> INTERT~1 InterTrust
11.07.2006 19:08 <DIR> LimeWire
16.12.2005 23:18 <DIR> MACROM~1 Macromedia
30.04.2006 18:11 <DIR> Mozilla
12.12.2005 21:26 <DIR> MSN6
30.04.2006 18:30 <DIR> Sun
16.12.2005 23:13 <DIR> T-Online
01.08.2006 13:15 <DIR> TUNEUP~1 TuneUp Software
1 Datei(en) 79.184 Bytes
19 Verzeichnis(se), 42.671.210.496 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 706A-702F

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

10.02.2006 21:44 305 ADDR_F~1.HTM addr_file.html
04.08.2006 17:52 <DIR> ANTIVI~1 AntiVir PersonalEdition Classic
08.02.2006 20:02 <DIR> APPLEC~1 Apple Computer
26.09.2002 16:08 <DIR> CYBERL~1 CyberLink
21.05.2006 13:47 <DIR> KINDFI~1 kind five link keep
22.12.2005 01:36 <DIR> MESSEN~1 Messenger Plus!
20.10.2003 12:57 <DIR> MSN6
30.12.2005 00:21 <DIR> QUICKT~1 QuickTime
05.09.2002 02:03 <DIR> SBSI
20.11.2003 16:34 <DIR> SBT
16.12.2005 21:43 <DIR> T-Online
27.05.2006 00:34 <DIR> TUNEUP~1 TuneUp Software
07.04.2006 20:59 <DIR> WINANT~1 WinAntiVirus Pro 2006
21.12.2005 20:17 <DIR> WINDOW~1 Windows Genuine Advantage
1 Datei(en) 305 Bytes
13 Verzeichnis(se), 42.671.210.496 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 706A-702F

Verzeichnis von C:\WINDOWS\tasks

18.08.2001 14:00 65 desktop.ini
05.08.2006 15:25 6 SA.DAT
2 Datei(en) 71 Bytes
0 Verzeichnis(se), 42.671.210.496 Bytes frei
Seitenanfang Seitenende
05.08.2006, 18:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 InNot

wenn man soviel Muell laedt, braucht man sich nicht zu wundern, wenn das System zerschossen ist.............

------------------------------------------------------------------------

1.
Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html

--------------------------------------------------------------------------------------------------

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gslukhkxslzoigbxlzqdpl.com/E/SmO5JJi9pGShT/_cMQ/PNW5LURDtQdFk1wKAPTkKcQm1DLsVbJvdm0YHLf_zJN.jpg

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: (no name) - {AD115721-2B4A-027B-52BC-60568A7DF5BC} - C:\DOKUME~1\Kristin\ANWEND~1\ACIDSO~1\ToolDefy.exe

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [magsdead] C:\DOKUME~1\Kristin\ANWEND~1\DRAWDU~1\oozeclosegreat.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" /WinStart

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab

PC neustarten (in den abgesicherten Modus) --> F8 drücken, wenn der PC hochfährt
das ist notwendig, denn im Normalmodus kann man die Dateien nicht löschen

**
loeschen:


C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\draw dupe
C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\AcidSoftware
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kind five link keep
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006
C:\Programme\WinAntiVirus Pro 2006
C:\Programme\Common Files\Companion Wizard
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
C:\Dokumente und Einstellungen\Kristin\Anwendungsdaten\WinAntiVirus Pro 2006

**
deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software"

- MessengerPlus! 3
- MyGlobalSearch
- MediaGateway

**

boote wieder in den normalmodus

**
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften ---> Reiter Systemwiederherstellung ---> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren)

**
Counterspy --> löscht die Eintraege in der Registry von MessengerPlus! 3 und WinAntiVirus Pro 2006
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:
*Remove

poste den repeort

**
neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.08.2006, 17:35
...neu hier

Themenstarter

Beiträge: 7
#9 Spyware Scan Details
Start Date: 06.08.2006 17:01:16
End Date: 06.08.2006 17:32:43
Total Time: 31 mins 27 secs

Detected spyware

BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\bearshare.exe
c:\programme\bearshare\bearsharezangoinstaller.exe
c:\programme\bearshare\bsidle.dll
c:\programme\bearshare\bsz.exe
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\history.txt
c:\programme\bearshare\install.log
c:\programme\bearshare\proinstall2.ini
c:\programme\bearshare\runmsc.dll
c:\programme\bearshare\unwise.exe
c:\programme\bearshare\unwise.ini
c:\programme\bearshare\webstats.bat
c:\programme\bearshare\webstats.exe
c:\programme\bearshare\webstats.ini
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\connect.txt
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\db\hostiles-chat.txt
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.2.db
c:\programme\bearshare\db\library.2.db-journal.bak
c:\programme\bearshare\db\library.2.db.lastgoodload.bak
c:\programme\bearshare\db\library.db
c:\programme\bearshare\db\library.db.lastgoodload.bak
c:\programme\bearshare\db\library.db.sync
c:\programme\bearshare\db\searches.ini
c:\programme\bearshare\installer\bsinstallde_de5.2.5.5.exe
c:\programme\bearshare\logs\hosts-state.txt
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt
c:\programme\bearshare\logs\streams.txt
c:\programme\bearshare\sounds\notify.wav
c:\programme\bearshare\temp\tmpschneeflitchen.und.die.7.zwerge.[found via www.esel-pornos.de].(zeichentrick).mpg
c:\dokumente und einstellungen\all users\startmenü\programme\bearshare.lnk
c:\dokumente und einstellungen\kristin\desktop\bearshare downloads.lnk
c:\dokumente und einstellungen\kristin\desktop\bearshare.lnk
c:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\OFFPRV10.DLL

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\\UNWISE.EXE C:\PROGRA~1\BEARSH~1\\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.5.6DE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32 C:\PROGRA~1\GEMEIN~1\MICROS~1\Msinfo\OFFPRV10.DLL
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} PSFactoryBuffer
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} yxCTtt HxXTwMWRWVBJnid]cp}XYCNb\
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} XSwfjofwjoyA KPKZGj@h`lpoMnz][Ae
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} lZpL z]zENghpCFyWhfKoPIPl\ac`paAs
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kFxknrwXlh otEUZTTvQ[N}ydXulTe~RWHqCrwv^
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} uYvfdp K{mRwFMFzmU\p]p\Skv`\OvqWJpdsGR
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} emEn crQy`MziLjZ}pislbN^n
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Jabjspmz Gb|LSQRwJmkQkcmEr}O\QS
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} poxt mqJqMmLrumFN{TMh|Ud
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Cdjiw g|oKcUKpiMvOReIQVTcI^jXtzurQKHc
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} pdWmV pTxNEh|{YMC~ZpP~XtePnOEGf
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} eRrEiaaUPum CeDg{QRuG~vgQVL
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} SGhdyyqxHl FzHNGErXjYVK]}qQA
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qhbar nGQbhm{^^eJnSSFXsLNQ
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ymzcwzdoc {BghohpnEGQiBABz~ZJbefUv^
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} earhM k`
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,5,6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale DE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare Changed 0


Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Deleted

Infected files detected
c:\programme\messengerplus! 3\plugins\colornick\catalan.lng
c:\programme\messengerplus! 3\plugins\colornick\cnuninst.exe
c:\programme\messengerplus! 3\plugins\colornick\colornick.xml
c:\programme\messengerplus! 3\plugins\colornick\dutch.lng
c:\programme\messengerplus! 3\plugins\colornick\english.lng
c:\programme\messengerplus! 3\plugins\colornick\french.lng
c:\programme\messengerplus! 3\plugins\colornick\italian.lng
c:\programme\messengerplus! 3\plugins\colornick\leeme.rtf
c:\programme\messengerplus! 3\plugins\colornick\leesmij.rtf
c:\programme\messengerplus! 3\plugins\colornick\leggimi.rtf
c:\programme\messengerplus! 3\plugins\colornick\lisezmoi.rtf
c:\programme\messengerplus! 3\plugins\colornick\llegeix-me.rtf
c:\programme\messengerplus! 3\plugins\colornick\readme.rtf
c:\programme\messengerplus! 3\plugins\colornick\spanish.lng
c:\dokumente und einstellungen\kristin\desktop\msgplus-362.exe


WinFixer Rogue Security Program more information...
Details: WinFixer is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan.
Status: Deleted

Infected files detected
c:\windows\system32\drivers\df_u42.sys
C:\Programme\Gemeinsame Dateien\WinFixer 2005\FCrXML.dll
C:\Programme\Gemeinsame Dateien\WinFixer 2005\uwappchk.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib {25BAE2A9-DF54-4927-AF6F-9963146D11D8}
HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316} ICheckProduct
HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinFixer 2005\uwappchk.dll
HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinFixer 2005\
HKEY_CLASSES_ROOT\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0 CheckProduct2Lib


Zango.SearchAssistant Adware (General) more information...
Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit.
Status: Deleted

Infected files detected
c:\programme\mozilla firefox\plugins\npclntax.dll


Hotbar Toolbar more information...
Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\country.exe
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\progress.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\country.exe
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\icons2.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\progress.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\t2_bg.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\tsd_bg.res
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\country.xip
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\Dokumente und Einstellungen\Elfie\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} Hotbar Information Window
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE15}


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected files detected
C:\Programme\BearShare\RunMSC.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class


Zango.CommonElements Adware (General) more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\zango
HKEY_CURRENT_USER\Software\zango last_conn_h 29800373
HKEY_CURRENT_USER\Software\zango last_conn_l -1846849954
HKEY_CURRENT_USER\Software\zango we 2
HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b%2b
HrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw%2fNv9nrsrSnWJeVY
YOVwmomfWl5YZRa9a
Y516%2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC
HKEY_CURRENT_USER\Software\zango TimeOffset -25232
HKEY_CURRENT_USER\Software\zango geourl_current_version 12
HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12
HKEY_CURRENT_USER\Software\zango actionurl_current_version 552
HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 551
HKEY_CURRENT_USER\Software\zango keyword_current_version 949
HKEY_CURRENT_USER\Software\zango keyword_last_full_version 949


iMesh P2P Program more information...
Details: iMesh is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\GnucDNA.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{0BE385A3-85A5-4722-B677-68DAE891FF21} _IDownloadEvent
HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}
HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{272C0D60-0561-4C83-B3DB-EB0A71F9D2EB} IUpload
HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}
HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{284477E4-A7CB-4055-9E1B-0EA7CBA28945} _IShareEvent
HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}
HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{70CA4938-6A0F-4641-A9A9-C936E4C1E7DE} _IUpdateEvent
HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}
HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7468213E-010E-4EC6-A17D-642E909BA7EC} _INetworkEvent
HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}
HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{A916AF3C-976D-4358-8736-95BEA0B5FD2C} _IChatEvent
HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}
HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B86F4810-19A9-4050-9AC9-B5CF60B5799A} ICache
HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}
HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{BB5B7E14-F8B4-4365-A24D-F4965C33E1EE} IShare
HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}
HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{BE45F056-E005-437B-BE88-23ACF70B0B6A} IChat
HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}
HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{C13D4627-02F5-4B03-897A-BF6A90022DD2} ISearch
HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}
HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{C636F1FC-6AE4-4E6A-90AB-6D61D821A0DD} IUpdate
HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}
HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{CB971AC0-6408-40DA-A540-92F9F256F51F} _IUploadEvent
HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}
HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{D5694DFE-43B6-4E05-AA29-8C556C968973} IPrefs
HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}
HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E2032EC2-A9AC-4ED7-9BDB-EBECACF076F2} _ISearchEvent
HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}
HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{EBAB4A71-8C34-461A-B57D-DD041D439555} IDownload
HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}
HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{F06FEA43-0CC3-4BF6-A85B-5EFB1C07AA4B} IMeta
HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}
HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\TypeLib {2850BDC7-2330-4E31-9FA0-88268846539A}
HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{FC94A0F7-9C7C-4AE2-9106-5C212332B209} INetwork


Hotbar.ShopperReports Low Risk Adware more information...
Details: Part of Hotbar recent installation via shopperreports.com.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14}


MyGlobalSearch.Toolbar Potentially Unwanted Program more information...
Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id CE280C80-FF4A-4A29-AF01-207148FC73D0
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006080407
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530


RealVNC Commercial Remote Control Tool more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\ORL\VNCHooks
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_GetUpdateRect 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_Timer 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_KeyPress 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_LButtonUp 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_MButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_RButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_Deferral 1


WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id


WinAntiVirus Pro Rogue Security Program more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Security Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Start 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Tag 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk ImagePath \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk DisplayName vspf_hk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Group Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Security Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Start 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Tag 8
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf ImagePath \??\C:\WINDOWS\system32\drivers\vspf5.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DisplayName vspf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Group PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DependOnService tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DependOnGroup


ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\kristin\cookies\kristin@atdmt[2].txt


Radar Spy 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\kristin\cookies\kristin@tradedoubler[1].txt


Weborama Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\kristin\cookies\kristin@weborama[2].txt
Seitenanfang Seitenende
06.08.2006, 19:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 1.
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet.

2.
loesche manuell. falls es noch vorhanden ist:

C:\WINDOWS\system32\drivers\vspf5.sys
C:\Programme\Zango
c:\programme\bearshare

3.
scanne online mit panda und poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.08.2006, 21:51
...neu hier

Themenstarter

Beiträge: 7
#11 Incident Status Location

Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_classes_root\WAP6.PCheck
Not disinfected C:\Dokumente und Einstellungen\Kristin\Cookies\kristin@atwola[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Dokumente und Einstellungen\Kristin\Cookies\kristin@weborama[2].txt
Adware:Adware/Lop Not disinfected C:\Dokumente und Einstellungen\Kristin\Desktop\backups\backup-20060806-163411-646.dll
Possible Virus. Not disinfected C:\WINDOWS\Downloaded Installations\{C32ACEF8-937B-40BC-84B0-FB81EE655AB4}\Sunbelt CounterSpy.msi[unk_0076]
Possible Virus. Not disinfected C:\WINDOWS\Installer\8e8b8.msi[unk_0070]

----------------

die dateien waren nich mehr da die ich manuell löschen sollte ....
Seitenanfang Seitenende
06.08.2006, 22:52
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 gehe in die registry
Start - Ausfuehren - regedit
bearbeiten - suchen - WAP6.PCheck

hkey_classes_root\WAP6.PCheck <--loeschen

-------------------------------------------------------------------

+ PC neustarten

dann sollte wieder alles o.k. sein ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.08.2006, 20:25
...neu hier

Themenstarter

Beiträge: 7
#13 gut danke ... sieht alles wieder normal aus ... dankeschön ... ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: