softomate toolbar(ad-aware se)

Thema ist geschlossen!
Thema ist geschlossen!
#0
17.09.2006, 21:01
...neu hier

Beiträge: 2
#1 hallo
adaware hat heute bei mir "softomate toolbar" als kritisches objekt gefunden.
hab ich natürlich gleich gelöscht.
aber gleich nach einem erneuten scann war das objekt wieder da.
nun meine frage ob wer damit erfahrung hat wie ich diese softomate toolbar endgültig wegkrieg von meinem pc.

achja....bevor mich wer darauf hinweist....ich habe gegoogelt und man findet auch sehr viel zu dieser toolbar nur habe ich noch nichts gefunden was mir wirklich weiterhelfen konnte.

mfg,julian
Seitenanfang Seitenende
17.09.2006, 21:11
Member

Beiträge: 130
Seitenanfang Seitenende
17.09.2006, 21:30
...neu hier

Themenstarter

Beiträge: 2
#3 soll ich dir hier in diesen thread den text reinkopieren?
inwiefern würde dir das weiterhelfen?
ansonsten schon mal vielen dank für deine antwort
mfg,julian2003
Seitenanfang Seitenende
17.09.2006, 21:48
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 poste alle logs von dem link hier, wenn es nicht weiterhelfen wuerde, wuerden wir nicht drum bitten ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2006, 11:28
Member

Beiträge: 28
#5 hallo,
da ich das gleiche Problemm mit dieser tOOLBAR habe, klinke ich mich mal hier ein.

Logfile of HijackThis v1.99.1
Scan saved at 10:12:21, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\0190WA~1\WARN0190.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Grisoft\AVG7\avgcc.exe
C:\Programme\Phoner\phoner.exe
C:\Programme\Logitech\MouseWare\System\Em_exec.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\Programme\Microsoft SQL Server\MSSQL$EAZYSALES\Binn\sqlservr.exe
C:\Programme\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\ad-aware.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\Regedit.exe
C:\Programme\Europa30\europa30.exe
Q:\Andreas\Virenschutz\hijackthis\exe-neu\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amivo.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.amivo.de/
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B660087-931C-4056-A04F-0423890E40B6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Programme\SpionageAbwehr\SpoofStick\SpoofStickBHO.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: (no name) - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Programme\SpionageAbwehr\SpoofStick\SpoofStick.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\Daemon-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - Startup: Mauseigenschaften.lnk = C:\WINDOWS\system32\control.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AVG Control Center.lnk = C:\Programme\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phoner.lnk = C:\Programme\Phoner\phoner.exe
O4 - Global Startup: Sygate Personal Firewall.lnk = C:\Programme\Sygate\SPF\Smc.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Daniel\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite5.1\ICQ5.1\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite5.1\ICQ5.1\ICQLite.exe
O9 - Extra button: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Optionen für i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_1.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123785349250
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programme\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Internet - 06-10-22 10:32:48,12 Service Pack 2
ComboFix 06.10.19 - Running from: "Q:\Andreas\Virenschutz\Combofix-Datentr„gerbereinigung"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))


2006-10-22 10:22 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-10-13 15:24 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-09-24 08:51 28,672 --------- C:\WINDOWS\system32\verclsid.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-22 10:25 -------- d-------- C:\Programme\CleanUp!
2006-10-22 10:22 -------- d-------- C:\Programme\TuneUp Utilities 2006
2006-10-22 08:46 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-22 08:37 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-10-18 09:55 -------- d-------- C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\AVG7
2006-10-16 09:51 -------- d-------- C:\Programme\StarMoney 5.0 S-Edition
2006-10-13 15:23 816288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-03 17:55 -------- d-------- C:\Programme\Phoner
2006-09-24 23:58 -------- d-------- C:\Programme\PestPatrol
2006-09-24 08:56 -------- d-------- C:\Programme\Internet Explorer
2006-09-13 10:54 -------- d-------- C:\Programme\Gemeinsame Dateien\Mobipocket Shared
2006-09-13 10:54 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-13 10:54 -------- d-------- C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\Mobipocket Reader
2006-09-13 10:53 -------- d-------- C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\AdobeUM
2006-09-13 10:45 -------- d--h----- C:\Programme\Zero G Registry
2006-09-12 17:41 -------- d-------- C:\Programme\Google
2006-09-08 18:27 -------- d-------- C:\Programme\SlySoft
2006-09-08 18:02 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-08 17:54 -------- d-------- C:\Programme\Alcohol Soft
2006-09-03 16:45 -------- d-------- C:\Programme\CDRWIN 6
2006-08-31 18:03 -------- d---s---- C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\Microsoft
2006-08-22 07:18 -------- d-------- C:\Programme\Security Task Manager
2006-07-03 12:13 78312 --a------ C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-Watch.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"0190 Warner"="C:\\PROGRA~1\\0190WA~1\\WARN0190.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Easy-PrintToolBox"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"T-DSL SpeedMgr"="\"C:\\PROGRA~1\\T-DSLS~1\\SpeedMgr.exe\""
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccRegVfy.exe\""
"DAEMON Tools-1033"="\"C:\\Programme\\Daemon-Tools\\daemon.exe\" -lang 1033"
"MMTray"="C:\\Programme\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Flag"=dword:00000084

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,29,02,00,00,00,00,00,00,2a,02,00,00,44,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e8,01,00,00,00,00,00,00,eb,01,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,e8,01,00,00,00,00,00,00,eb,01,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"Logitech Utility"="Logi_MwX.Exe"
"Gtwatch"="C:\\WINDOWS\\gtwatch.exe"
"CloneCDElbyCDFL"="\"C:\\Programme\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\TASK20060129104035.job
C:\WINDOWS\tasks\TASK20060129104156.job

Completion time: 06-10-22 10:33:44.73
C:\ComboFix.txt ... 06-10-22 10:33



datFind:

system32.txt:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: D00A-9291

Verzeichnis von C:\WINDOWS\system32

22.10.2006 08:35 292.099 ETSPTAPI.LOG
22.10.2006 08:34 176.928 OODBS.lor
19.10.2006 10:50 2.206 wpa.dbl
16.10.2006 08:24 143.614 ETSPCOMM.LOG
06.10.2006 09:53 10.677 QuickTime.qtp
06.10.2006 09:53 9.480 QuickTimeFavorites.qtr
02.10.2006 18:58 24.072 uxtuneup.dll
08.09.2006 18:02 34.308 BASSMOD.dll
28.07.2006 16:20 540.636 perfh009.dat
28.07.2006 16:20 589.546 perfh007.dat
28.07.2006 16:20 115.152 perfc009.dat
28.07.2006 16:20 141.796 perfc007.dat
28.07.2006 16:20 1.349.356 PerfStringBackup.INI
28.07.2006 13:30 3.079.168 mshtml.dll
25.07.2006 22:42 617.472 urlmon.dll
21.07.2006 18:35 13.650 PQ_DEBUG.TXT
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll


systemtemp.txt:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: D00A-9291

Verzeichnis von C:\DOKUME~1\Internet\LOKALE~1\Temp


system.txt:
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: D00A-9291

Verzeichnis von C:\WINDOWS

22.10.2006 10:20 5.974 ccscan6.ini
22.10.2006 10:19 649 cclean13.ini
22.10.2006 08:35 0 0.log
22.10.2006 08:35 157 wiadebug.log
22.10.2006 08:35 1.280.681 WindowsUpdate.log
22.10.2006 08:35 50 wiaservc.log
22.10.2006 08:34 2.048 bootstat.dat
21.10.2006 23:20 32.560 SchedLgU.Txt
17.10.2006 18:04 445 KTEL.INI
24.09.2006 08:59 1.374 imsins.log
24.09.2006 08:59 60.403 tabletoc.log
24.09.2006 08:59 617.464 tsoc.log
24.09.2006 08:59 476.403 comsetup.log
24.09.2006 08:59 62.065 ocmsn.log
24.09.2006 08:59 1.058.061 iis6.log
24.09.2006 08:59 303.005 ntdtcsetup.log
24.09.2006 08:59 16.986 KB917537.log
24.09.2006 08:59 736.435 ocgen.log
24.09.2006 08:59 39.666 medctroc.Log
24.09.2006 08:59 217.318 netfxocm.log
24.09.2006 08:59 65.148 msgsocm.log
24.09.2006 08:59 1.273.567 FaxSetup.log
24.09.2006 08:59 447.936 msmqinst.log
24.09.2006 08:58 1.374 imsins.BAK
24.09.2006 08:58 17.184 KB920685.log
24.09.2006 08:58 17.527 KB919007.log
24.09.2006 08:57 17.286 KB917422.log
24.09.2006 08:57 16.680 KB920670.log
24.09.2006 08:57 17.001 KB922616.log
24.09.2006 08:57 37.218 updspapi.log
24.09.2006 08:56 17.182 KB921398.log
24.09.2006 08:56 29.188 KB918899.log
24.09.2006 08:55 17.195 KB920683.log
24.09.2006 08:55 15.859 KB921883.log
24.09.2006 08:54 15.557 KB914388.log
24.09.2006 08:54 14.080 KB917159.log
24.09.2006 08:53 13.948 KB917953.log
24.09.2006 08:53 14.418 KB914389.log
24.09.2006 08:53 13.875 KB911280.log
24.09.2006 08:52 13.295 KB918439.log
24.09.2006 08:52 22.782 KB916281.log
24.09.2006 08:51 13.439 KB913580.log
24.09.2006 08:51 10.891 KB908531.log
24.09.2006 08:51 9.979 KB911562.log
24.09.2006 08:50 9.353 KB912812.log
24.09.2006 08:50 53.439 KB896688.log
24.09.2006 08:49 53.606 KB899588.log
24.09.2006 08:49 49.190 KB896727.log
24.09.2006 08:49 52.656 KB883939.log
24.09.2006 08:48 56.911 KB890923.log
24.09.2006 08:48 46.738 KB893066.log
24.09.2006 08:48 56.757 KB893086.log
24.09.2006 08:47 51.780 KB867282.log
24.09.2006 08:47 54.145 KB873333.log
24.09.2006 08:46 59.279 KB890047.log
24.09.2006 08:46 57.704 KB890175.log
24.09.2006 08:46 40.251 KB834707.log
08.09.2006 17:58 335.905 setupapi.log
08.09.2006 16:57 73.168 wmsetup.log
30.08.2006 19:16 116 NeroDigital.ini
06.08.2006 19:58 15.119 mozver.dat
06.08.2006 18:12 269 Clony2.ini
06.08.2006 18:12 96 ClonyCDs.ini
28.07.2006 16:19 3.724 dahotfix.log
28.07.2006 16:19 19.868 dasetup.log
15.07.2006 11:45 404 mp3wavsolutions.INI
15.07.2006 11:28 73.216 cadkasdeinst01.exe


temp.txt:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: D00A-9291

Verzeichnis von C:\WINDOWS\Temp

22.10.2006 08:35 16.384 Perflib_Perfdata_634.dat
29.09.2006 08:34 16.384 Perflib_Perfdata_1a0.dat
2 Datei(en) 32.768 Bytes
0 Verzeichnis(se), 3.694.108.672 Bytes frei

down.txt:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: D00A-9291

Verzeichnis von C:\WINDOWS\Downloaded Program Files

26.01.2006 12:57 0 ppv5exc.dat
04.01.2006 20:56 318 WebCleaner.inf
04.01.2006 20:40 2.816.864 WebCleaner.dll
19.12.2005 14:35 135.168 asinst.dll
19.12.2005 11:29 479 pestscanx.inf
15.12.2005 16:39 653.312 pestscanx.ocx
28.11.2005 17:40 525 asinst.inf
13.10.2005 15:26 779.816 ppctl.dll
30.06.2005 11:33 244 pestscan.ini
26.05.2005 04:19 291 wuweb.inf
20.04.2005 17:21 10.534 mainstrings.txt
11.04.2005 20:34 217 rfscanax.inf
11.04.2005 19:19 152.576 rfscanax.dll
21.07.2004 12:32 708.608 GoogleToolbar2.dll
26.01.2004 18:42 856 yinst.inf
26.01.2004 18:40 133.120 yinsthelper.dll
08.12.2003 13:58 3.759 swflash.inf
25.08.2003 19:12 1.096 iuctl.inf
10.07.2003 11:06 65 desktop.ini
16.04.2002 14:03 483.328 PWActiveXImgCtl.dll
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
22 Datei(en) 5.883.035 Bytes
0 Verzeichnis(se), 3.694.104.576 Bytes frei


sys.txt:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: D00A-9291

Verzeichnis von C:\

22.10.2006 11:18 0 sys.txt
22.10.2006 11:17 1.387 down.txt
22.10.2006 11:16 344 tmp.txt
22.10.2006 11:14 19.566 system.txt
22.10.2006 11:14 129 systemtemp.txt
22.10.2006 11:12 122.308 system32.txt
22.10.2006 10:33 7.740 ComboFix.txt
24.09.2006 23:41 12.407.816 AVG7QT.DAT
26.07.2006 21:04 5.021 TDSLCheck.txt
08.07.2006 18:20 2.324 INSTALL.LOG
06.07.2006 10:32 13.030 PDOXUSRS.NET

habe mich genau an die Reihenfolge gehalten wie hier beschrieben:

Zitat

Terementor postete
http://board.protecus.de/t23187.htm
Poste die logs hier ;)
nach dem Test mit Ad-Aware wird diese softomate-Toolbar immer noch gefunden??
Seitenanfang Seitenende
22.10.2006, 12:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 amerdi

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\Windows\system32\config" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2006, 12:24
Member

Beiträge: 28
#7 hallo Sabina,
vielen Dank für deine Hilfe.

Hier der Text:

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: D00A-9291

Verzeichnis von C:\Windows\System32\Com

30.10.2005 22:59 <DIR> .
30.10.2005 22:59 <DIR> ..
26.07.2005 06:39 195.072 comadmin.dll
18.08.2001 14:00 61.440 comempty.dat
18.08.2001 14:00 77.348 comexp.msc
04.08.2004 01:57 9.728 comrepl.exe
18.08.2001 14:00 5.120 comrereg.exe
18.08.2001 14:00 19.456 mtsadmin.tlb
6 Datei(en) 368.164 Bytes
2 Verzeichnis(se), 3.692.875.776 Bytes frei
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: D00A-9291


edit (Sabina)
Seitenanfang Seitenende
22.10.2006, 12:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 amerdi

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Folders to delete:
C:\Programme\Gemeinsame Dateien\fun communications
C:\Programme\Anti-Leech
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
scanne und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2006, 12:42
Member

Beiträge: 28
#9 hat net funktioniert:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error: could not create new script file.
Error code: 0
Error logged to errorlog.txt. Aborting now!
Seitenanfang Seitenende
22.10.2006, 12:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 kein Problem...wenn du dennoch neugestartet hast...scanne mit counterspy und berichte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2006, 14:19
Member

Beiträge: 28
#11 so, allerhand gefunden:

Spyware Scan Details
Start Date: 22.10.2006 13:12:01
End Date: 22.10.2006 14:16:49
Total Time: 1 hrs 4 mins 48 secs

Detected spyware

AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Ignored

Infected files detected
c:\programme\anti-leech\alie_1.0.1.6\al2np.dll
c:\programme\anti-leech\alie_1.0.1.6\alhlp.exe
c:\programme\anti-leech\alie_1.0.1.6\alie.dll
c:\programme\anti-leech\alie_1.0.1.6\alie.inf
c:\programme\anti-leech\alie_1.0.1.6\iesetup2.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_CLASSES_ROOT\AntiLeech.ALIE
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.6\alie.dll
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.1.6\iesetup2.exe uninstall


Overnet Adware Bundler more information...
Details: Overnet/eDonkey is a file sharing application that bundles third party adware and spyware with the free version.
Status: Ignored

Infected files detected
c:\dokumente und einstellungen\internet\anwendungsdaten\microsoft\internet explorer\quick launch\overnet.lnk
D:\Programme\Overnet\Plugins\ed2kie.dll
D:\Programme\Overnet\Plugins\launchmyapp.dll


Trojan Horse Trojan more information...
Status: Ignored

Infected files detected
c:\windows\system32\syspr.prx


Regfreeze Rogue Security Program more information...
Details: Regfreeze is a program that purports to scan for and repair errors in the Windows registy.
Status: Ignored

Infected files detected
c:\windows\downloaded program files\rfscanax.inf
c:\windows\downloaded program files\rfscanax.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\InprocServer32 C:\WINDOWS\Downloaded Program Files\rfscanax.dll
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\InprocServer32 ThreadingModel apartment
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\ProgID rfscanax.RegFreezeScanModule.1
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\rfscanax.dll, 1
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\TypeLib {724E046B-130B-40E3-8B40-3C122B03131B}
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388}\VersionIndependentProgID rfscanax.RegFreezeScanModule
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388} CRegFreezeScanModule Object
HKEY_CLASSES_ROOT\CLSID\{AFAB176A-0D25-436A-8555-286F6D7AA388} AppID {724E046B-130B-40E3-8B40-3C122B03131B}


CoolWebSearch.CameUp Hijacker more information...
Details: CoolWebSearch.CameUp is an adware application that hijacks the user's Internet Explorers start page, and prevents the user from changing the URL back to their preferred homepage.
Status: Ignored

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Bar_bak
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page_bak


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


eDonkey2000 P2P Program more information...
Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected files detected
d:\programme\overnet\plugins\ed2kie.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 D:\Programme\Overnet\plugins\ed2kie.dll
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object


MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID MyWebSearch.HTMLPanel.1
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID MyWebSearch.HTMLPanel
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} MyWebSearch HTML
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} My &Web Search
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID MyWebSearchToolBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID MyWebSearchToolBar.ToolbarPlugin
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} MyWebSearch Toolbar Plugin
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} DataCtrl Class
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID MyWebSearch.PseudoTransparentPlugin
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} MyWebSearch Pseudo Transparent Plugin
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} MyWebSearch Popup Menu Plugin
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} HttpControl Class
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} _IDataCtrlEvents
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728} IDataCtrl
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} IMyWebSearchHTMLPanel
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906} _IMyWebSearchHTMLPanelEvents
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchPseudoTransparent
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchPopupMenu
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchSkinWindow
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} IHttpControl
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} IHttpControlEvents
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CLSID {3E720452-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CurVer MyWebSearch.HTMLPanel.1
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel MyWebSearch HTML Panel
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 MyWebSearch Pseudo Transparent Plugin
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin\CLSID {53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin\CurVer MyWebSearchToolBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin MyWebSearch Toolbar Plugin
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1\CLSID {53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 MyWebSearch Toolbar Plugin
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1\CLSID {3E720452-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 MyWebSearch HTML Panel


WhenU.WeatherCast Low Risk Adware more information...
Details: WeatherCast is an ad supported desktop weather program that that puts an icon in the system tray displaying the local temperature. It also offers current weather data and forecasts. Weathercast is often bundled with the Save advertising program and/or th
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WeatherCast
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WeatherCast SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WeatherCast Changed 0


GirlFriend RAT more information...
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\General


Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\internet\cookies\internet@a[2].txt


Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\internet\cookies\internet@cgi-bin[2].txt


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\internet\cookies\internet@com[1].txt


Cookie: IndexTools.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\internet\cookies\internet@indextools[2].txt


Cookie: Ajan 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\internet\cookies\internet@xiti[1].txt

wie gehts weiter? :-)
Seitenanfang Seitenende
22.10.2006, 15:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 scanne noch mal - stelle alles auf remove" und loesche es somit (poste dann diesen report)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2006, 17:01
Member

Beiträge: 28
#13 also report habe ich keinen gefunden, war aber nach dem durchlauf alles sauber.
aber ad-aware findet diese toolbar immer noch??
Seitenanfang Seitenende
22.10.2006, 17:07
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 du hattest alles auf Status: Ignored - gelassen, ich hoffe, das hat sich nun erledigt...

««
poste den scanreport vom adaware
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2006, 17:36
Member

Beiträge: 28
#15 nein hatte alles auf "remove" gestellt, dann nochmal durchlaufen lassen und dann war alles auber, aber mit ad-aware ist diese toolbar immernoch da??
Seitenanfang Seitenende