Home » Spyware & Browser Hijacker Support Forum » doppelte IEXPLORE.EXE im Taskmanager/Prozesse » Themenansicht

doppelte IEXPLORE.EXE im Taskmanager/Prozesse

Thema ist geschlossen!
Thema ist geschlossen!
#0
06.10.2006, 22:59
Fränk268
Member

Themenstarter

Beiträge: 13
#16 ist das nur ein Spywarescanprogramm oder löscht es auch die Spyware?
(Die anderen 6 Log-Dateien sende ich morgen. Muß leider jetzt Schluß machen, Sorry)

Spyware Scan Details
Start Date: 06.10.2006 16:54:16
End Date: 06.10.2006 22:15:57
Total Time: 5 hrs 21 mins 41 secs

Detected spyware

Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Ignored

Infected files detected
c:\programme\need2find\bar\history\search

Infected registry entries detected
HKEY_CURRENT_USER\Software\Need2Find
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.29353)
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id 19E9F562-BB33-436F-9711-E9CD3887D155
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 121.36182
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2005100407
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 88
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1


AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Ignored

Infected files detected
c:\programme\anti-leech\alie_1.0.2.2\al2np.dll
c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.2\alie.dll
c:\programme\anti-leech\alie_1.0.2.2\alie.inf
c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe
c:\programme\anti-leech\alie_1.0.2.3\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.3\alie.dll
c:\programme\anti-leech\alie_1.0.2.3\alie.inf
c:\programme\anti-leech\alie_1.0.2.3\iesetup2.exe
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe
F:\Programme\Mozilla Firefox\plugins\al2np.dll
F:\Programme\Anti-Leech\ALIE_1.0.2.3\alhlp.exe
f:\Programme\Anti-Leech\ALIE_1.0.2.3\alie.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.6 F:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.3 F:\Programme\Mozilla Firefox\plugins\
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_CLASSES_ROOT\AntiLeech.ALIE
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 F:\PROGRA~1\ANTI-L~1\ALIE_1~1.3\alie.dll
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString F:\Programme\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Mozilla, Opera, Netscape
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


Twain Tech Adware (General) more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user's browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Ignored

Infected files detected
c:\windows\smdat32m.sys


WindUpdates.MediaAccess Adware (General) more information...
Details: WindUpdates.MediaAccess is an adware program that spawns pop-ups on the desktop.
Status: Ignored

Infected files detected
I:\Briefe\2-Glasbestellung.xls


Hacktool.Rootkit Rootkit more information...
Status: Ignored

Infected files detected
I:\Umschulung\Michel\Schule Daten\totalcmd\WC32TO16.EXE


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking


eDonkey2000 P2P Program more information...
Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 F:\Programme\eDonkey2000 Lite\plugins\ed2kie.dll
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object


Grokster P2P Program more information...
Details: Grokster is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\{967DCD56-B0E3-4965-B87D-59342FFA9BAA}
HKEY_CLASSES_ROOT\AppID\{967DCD56-B0E3-4965-B87D-59342FFA9BAA} TicTacToe


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\NetPumper.AddUrl
HKEY_CLASSES_ROOT\NetPumper.AddUrl\CLSID {1AA406AB-F581-42AB-B4D1-31D2E13819EF}
HKEY_CLASSES_ROOT\NetPumper.AddUrl AddUrl Object
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro\Firstrun state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro pkid Tight
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro alid Tight
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro iid {DEC45D3D-A9CD-4975-AE6A-2DD99493D530}
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo rqnkXmwJkMJAIRKo9erlfwNV-1fWDwYMPK8nOwilSGYkwcbdaXQ1arg0N8V9VvVbE88VoMqLNVAx
+0RiKNWxDhKgJ7Oo97dp992gQzUmWgZZS2pz3yr2-v73-THqK5tXEH+Wys+ZvAY
PFfG0SocHtgXsSXlBhRDgy7-zRS2-a0ZpSGY2orDSjIgFri6TxI8gUY3lmkFTEpSU
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 G:\Programme\NetPumper\NetPumper.exe /Automation
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\ProgID NetPumper.AddUrl
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Typelib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Version 1.2
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF} AddUrl Object
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA} INetscapeInterface
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\0\win32 G:\Programme\NetPumper\NetPumper.exe
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\HELPDIR G:\Programme\NetPumper\
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2 NetPumper Library
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\0\win32 G:\Programme\NetPumper\NetPumperNNProxy.dll
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\HELPDIR G:\Programme\NetPumper\
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0 NetPumperNNProxy Library
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\Fränk Field1 632892307
HKEY_CURRENT_USER\Software\NetPumper\Fränk Field2 606579310
HKEY_CURRENT_USER\Software\NetPumper\Fränk Field3 308279413
HKEY_CURRENT_USER\Software\NetPumper\Fränk Field4 1349963470


Accoona.Toolbar Toolbar more information...
Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class


Cookie: PriceBandit Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\fränk\cookies\fränk@apmebf[2].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\fränk\cookies\fränk@atdmt[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\fränk\cookies\fränk@doubleclick[1].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\fränk\cookies\fränk@tradedoubler[1].txt
Seitenanfang Seitenende
06.10.2006, 23:44
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 ich hatte doch geschrieben, dass du nach dem scan alles auf "remove" stellen sollst..........
Status: Ignored - das ist nicht zu empfehlen ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.10.2006, 09:05
Fränk268
Member

Themenstarter

Beiträge: 13
#18 Sorry,
ich führe den scan nochmal durch und setze dann alles auf Remove.

Die gewünschten 6 Log's:

1.Log
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4360-AE0F

Verzeichnis von C:\WINDOWS\system32

07.10.2006 07:21 29.351 nvapps.xml
07.10.2006 07:20 1.374 wpa.dbl
05.10.2006 16:41 736 bknhajaq.txt
04.10.2006 20:51 166.712 FNTCACHE.DAT
24.09.2006 03:42 65.536 QuickTimeVR.qtx
24.09.2006 03:42 49.152 QuickTime.qts
11.09.2006 19:37 8.960.936 MRT.exe
29.08.2006 09:51 1.339.392 FreeImage.dll
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
28.07.2006 13:28 3.075.072 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
25.07.2006 22:33 615.936 urlmon.dll
24.07.2006 20:25 30.644 mlfcache.dat
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
14.07.2006 14:51 108.144 GEARAspi.dll
13.07.2006 15:34 8.494.592 shell32.dll
12.07.2006 05:58 383.254 perfh009.dat
12.07.2006 05:58 394.500 perfh007.dat
12.07.2006 05:58 53.608 perfc009.dat
12.07.2006 05:58 64.598 perfc007.dat
12.07.2006 05:58 899.052 PerfStringBackup.INI
05.07.2006 12:55 1.057.792 kernel32.dll

2.Log:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4360-AE0F

Verzeichnis von C:\DOKUME~1\FRNK~1\LOKALE~1\Temp

07.10.2006 08:42 1.212.416 ~DF879E.tmp
07.10.2006 07:31 200 jusched.log
07.10.2006 07:23 16.384 ~DFBD89.tmp
07.10.2006 07:23 512 ~DF9D5F.tmp
07.10.2006 07:23 16.384 ~DF9CED.tmp
07.10.2006 07:22 49.152 ~DF85C9.tmp
07.10.2006 07:21 32.768 ~DF491F.tmp
07.10.2006 07:20 16.384 ~DF84A3.tmp
06.10.2006 23:05 1.212.416 ~DFDEF.tmp
06.10.2006 21:32 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}23551.html
06.10.2006 21:32 16.384 ~DFC7C6.tmp
06.10.2006 21:32 16.384 ~DF9CAE.tmp
06.10.2006 17:17 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}30080.html
06.10.2006 16:54 1.212.416 ~DF8ABB.tmp
06.10.2006 16:51 49.152 ~DFD94E.tmp
06.10.2006 16:51 32.768 ~DFCFC9.tmp
06.10.2006 16:51 16.384 ~DFAC78.tmp
06.10.2006 15:26 49.152 ~DFFFB0.tmp
06.10.2006 15:11 16.384 ~DFD733.tmp
07.05.2006 19:12 32.855 ICQRT.dll
03.02.2005 17:30 5.739 ICQTIK.dll
17.12.2004 12:51 36.864 ICQInstall.exe
22 Datei(en) 4.043.059 Bytes
0 Verzeichnis(se), 1.311.211.520 Bytes frei

3.Log:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4360-AE0F

Verzeichnis von C:\WINDOWS

07.10.2006 07:19 0 0.log
07.10.2006 07:19 1.788.199 WindowsUpdate.log
07.10.2006 07:19 159 wiadebug.log
07.10.2006 07:19 50 wiaservc.log
07.10.2006 07:18 2.048 bootstat.dat
06.10.2006 23:13 32.580 SchedLgU.Txt
06.10.2006 23:13 656 wincmd.ini
06.10.2006 23:12 179 wcx_ftp.ini
05.10.2006 16:26 6.763 resetlog.txt
05.10.2006 15:33 210.360 setupapi.log
05.10.2006 15:01 552.728 ntbtlog.txt
05.10.2006 05:12 674 win.ini
05.10.2006 05:12 320 system.ini
04.10.2006 22:20 202 NeroDigital.ini
04.10.2006 21:44 121 GEARInstall.log
03.10.2006 13:22 186.217 setupact.log
01.10.2006 18:49 209 Q312370.log
26.09.2006 19:53 76.074 iis6.log
26.09.2006 19:53 172.219 comsetup.log
26.09.2006 19:53 189.175 tsoc.log
26.09.2006 19:53 102.895 ntdtcsetup.log
26.09.2006 19:53 27.004 ocmsn.log
26.09.2006 19:53 1.374 imsins.log
26.09.2006 19:53 10.478 KB925486.log
26.09.2006 19:53 239.114 ocgen.log
26.09.2006 19:53 24.525 msgsocm.log
26.09.2006 19:53 485.248 FaxSetup.log
21.09.2006 18:24 139 msicpl.ini
18.09.2006 20:58 632 CoDUO.INI
14.09.2006 05:43 1.374 imsins.BAK
14.09.2006 05:43 13.079 KB920685.log
14.09.2006 05:42 15.444 KB920872.log
14.09.2006 05:42 13.228 KB919007.log
14.09.2006 05:41 9.189 KB922582.log
14.09.2006 05:41 38.759 updspapi.log
09.09.2006 18:32 151.835 DirectX.log
26.08.2006 09:03 1.633 IE4 Error Log.txt
25.08.2006 09:35 192 winamp.ini
25.08.2006 08:30 5.543 spupdsvc.log
25.08.2006 08:26 22.899 WgaNotify.log
09.08.2006 11:50 16.759 KB920214.log
09.08.2006 11:50 16.475 KB921883.log
09.08.2006 11:50 16.332 KB922616.log
09.08.2006 11:49 16.762 KB921398.log
09.08.2006 11:49 20.103 KB918899.log
09.08.2006 11:49 12.715 KB920670.log
09.08.2006 11:49 12.875 KB917422.log
09.08.2006 11:48 13.128 KB920683.log
25.07.2006 07:10 0 setuperr.log
11.07.2006 22:00 12.431 KB917159.log
11.07.2006 21:59 12.306 KB914388.log
11.07.2006 21:59 10.376 KB916595.log
08.07.2006 14:58 1.063.659 setupapi.log.1.old

4.Log:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4360-AE0F

Verzeichnis von C:\WINDOWS\Temp

07.10.2006 07:21 409 WGANotify.settings
07.10.2006 07:18 43 WGAErrLog.txt
2 Datei(en) 452 Bytes
0 Verzeichnis(se), 1.311.195.136 Bytes frei

5.Log:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4360-AE0F

Verzeichnis von C:\WINDOWS\Downloaded Program Files

27.03.2006 13:00 5.019 swflash.inf
09.08.2005 15:28 65 desktop.ini
02.08.2005 16:48 495 LegitCheckControl.inf
29.06.2005 18:17 227 opuc.inf
26.05.2005 04:19 293 muweb.inf
24.01.2005 12:38 1.249 erma.inf
30.06.2003 22:41 1.689 WMV9VCM.inf
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
8 Datei(en) 10.199 Bytes
0 Verzeichnis(se), 1.311.195.136 Bytes frei

6.Log:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4360-AE0F

Verzeichnis von C:\

07.10.2006 09:02 0 sys.txt
07.10.2006 09:02 663 down.txt
07.10.2006 09:01 334 tmp.txt
07.10.2006 09:00 15.186 system.txt
07.10.2006 08:58 1.419 systemtemp.txt
07.10.2006 08:55 117.355 system32.txt
07.10.2006 07:18 804.835.328 hiberfil.sys
07.10.2006 07:17 402.653.184 pagefile.sys
06.10.2006 16:33 15.465 ComboFix.txt
05.10.2006 16:42 2.422 avenger.txt
05.10.2006 15:25 675 NoLop.log
05.10.2006 05:42 4.595 look.txt
05.10.2006 05:12 211 boot.ini
26.06.2006 15:30 0 debug1.txt
26.06.2006 15:30 8 GetFlashID.txt
26.05.2006 08:34 2.904 pspbrwse.jbf
25.05.2006 07:43 20.077 avatar_1098734579.jpg
15.05.2006 11:50 974 m_ButtonMetrics.txt
11.03.2006 19:57 105 hf.path
13.01.2006 07:32 0 BHO.log
09.01.2006 07:19 5.393 ResponseText.log
09.01.2006 07:19 5.645 ResponseXML.log
09.01.2006 07:19 427 Request.log

Wenn ser Scan von Counterspy fertig ist, schicke ich dir den Bericht.
Seitenanfang Seitenende
07.10.2006, 09:16
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 1.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

2.
lasse alles loeschen - und poste den scanreport
http://virus-protect.org/cureit.html

3.
systemwiederherstellung wieder aktivieren ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.10.2006, 09:51
Fränk268
Member

Themenstarter

Beiträge: 13
#20 Der Scan läuft schon, aber ich kann die Systemwiederherstellung nicht öffnen. Weder über Arbeitsplatz/Eigenschaften noch über Start/Programme/Zubehör/Systemprogramme. Kommen immer
Windows- Fehlermeldungen:

rstui.exe hat ein Problem festgestellt und muß beendet werden.

oder

rundll32.exe hat ein Problem festgestellt und muß beendet werden.

Reichts vielleicht noch bis nach dem Scan. Muß bestimmt neu starten damit es
wieder geht.

So der Scan ist jetzt fertig, habe alles auf remove gesetzt und gelöscht.
hier der Bericht:
Spyware Scan Details
Start Date: 07.10.2006 09:06:14
End Date: 07.10.2006 13:40:37
Total Time: 4 hrs 34 mins 23 secs

Detected spyware

Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Deleted

Infected files detected
c:\programme\need2find\bar\history\search

Infected registry entries detected
HKEY_CURRENT_USER\Software\Need2Find
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.29353)
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id 19E9F562-BB33-436F-9711-E9CD3887D155
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 121.36182
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2005100407
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 88
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1


AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Infected files detected
c:\programme\anti-leech\alie_1.0.2.2\al2np.dll
c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.2\alie.dll
c:\programme\anti-leech\alie_1.0.2.2\alie.inf
c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe
c:\programme\anti-leech\alie_1.0.2.3\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.3\alie.dll
c:\programme\anti-leech\alie_1.0.2.3\alie.inf
c:\programme\anti-leech\alie_1.0.2.3\iesetup2.exe
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe
F:\Programme\Mozilla Firefox\plugins\al2np.dll
F:\Programme\Anti-Leech\ALIE_1.0.2.3\alhlp.exe
f:\Programme\Anti-Leech\ALIE_1.0.2.3\alie.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0.6 F:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.3 F:\Programme\Mozilla Firefox\plugins\
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_CLASSES_ROOT\AntiLeech.ALIE
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 F:\PROGRA~1\ANTI-L~1\ALIE_1~1.3\alie.dll
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString F:\Programme\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Mozilla, Opera, Netscape
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


Twain Tech Adware (General) more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user's browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Deleted

Infected files detected
c:\windows\smdat32m.sys


WindUpdates.MediaAccess Adware (General) more information...
Details: WindUpdates.MediaAccess is an adware program that spawns pop-ups on the desktop.
Status: Deleted

Infected files detected
I:\Briefe\2-Glasbestellung.xls


Hacktool.Rootkit Rootkit more information...
Status: Deleted

Infected files detected
I:\Umschulung\Michel\Schule Daten\totalcmd\WC32TO16.EXE


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking


eDonkey2000 P2P Program more information...
Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 F:\Programme\eDonkey2000 Lite\plugins\ed2kie.dll
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object


Grokster P2P Program more information...
Details: Grokster is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\{967DCD56-B0E3-4965-B87D-59342FFA9BAA}
HKEY_CLASSES_ROOT\AppID\{967DCD56-B0E3-4965-B87D-59342FFA9BAA} TicTacToe


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\NetPumper.AddUrl
HKEY_CLASSES_ROOT\NetPumper.AddUrl\CLSID {1AA406AB-F581-42AB-B4D1-31D2E13819EF}
HKEY_CLASSES_ROOT\NetPumper.AddUrl AddUrl Object
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro\Firstrun state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro pkid Tight
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro alid Tight
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro iid {DEC45D3D-A9CD-4975-AE6A-2DD99493D530}
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo rqnkXmwJkMJAIRKo9erlfwNV-1fWDwYMPK8nOwilSGYkwcbdaXQ1arg0N8V9VvVbE88VoMqLNVAx+0RiKN
WxDhKgJ7Oo97dp992gQzUmWgZZS2pz3yr2-v73-THqK5tXEH+Wys+Z
vAYPFfG0SocHtgXsSXlBhRDgy7-zRS2-a0ZpSGY2orDSjIgFri6TxI8gUY3lmkFTEpSU
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 G:\Programme\NetPumper\NetPumper.exe /Automation
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\ProgID NetPumper.AddUrl
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Typelib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Version 1.2
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF} AddUrl Object
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA} INetscapeInterface
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\0\win32 G:\Programme\NetPumper\NetPumper.exe
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\HELPDIR G:\Programme\NetPumper\
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2 NetPumper Library
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\0\win32 G:\Programme\NetPumper\NetPumperNNProxy.dll
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\HELPDIR G:\Programme\NetPumper\
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0 NetPumperNNProxy Library
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\Fränk Field1 632892307
HKEY_CURRENT_USER\Software\NetPumper\Fränk Field2 606579310
HKEY_CURRENT_USER\Software\NetPumper\Fränk Field3 308279413
HKEY_CURRENT_USER\Software\NetPumper\Fränk Field4 1349963470


Accoona.Toolbar Toolbar more information...
Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class


Cookie: PriceBandit Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\fränk\cookies\fränk@apmebf[2].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\fränk\cookies\fränk@atdmt[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\fränk\cookies\fränk@doubleclick[1].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\fränk\cookies\fränk@tradedoubler[1].txt
Dieser Beitrag wurde am 07.10.2006 um 13:58 Uhr von Fränk268 editiert.
Seitenanfang Seitenende
07.10.2006, 17:51
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 Es gibt die Möglichkeit mit der WINXP CD zu booten und den Reparatur Modus zu verwenden
dann musst die WindopwsUpdates neu machen.
dann komme wieder mit einem neuen log vom HijackTHis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.10.2006, 19:28
Fränk268
Member

Themenstarter

Beiträge: 13
#22 Wie funktioniert das mit der WINXP CD? Wenn ich mit der starte und dann R drücke für reparieren, fährt das Windows nach dem der Text kommt: mit Exit können sie die Wiederherstellungskonsole beenden, von allein normal hoch ohne das ich eine weitere Taste gedrückt habe. Ist das normal?

Ist dann das Windows schon wieder neu hergestellt?

Ich habe Windows XP Home.
Seitenanfang Seitenende
09.10.2006, 09:37
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 schau mal hier, waehle "reparieren, nicht formatieren"
http://www.informationsarchiv.net/foren/p_beitrag-143645.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.10.2006, 05:58
Fränk268
Member

Themenstarter

Beiträge: 13
#24 Ich habe das Setup mit reparieren 3 mal probiert. Die ersten 2 mal kam beim suchen nach einer installierten Windowsversion, jedes mal ein Bluescreen mit Fehleranzeige der setupdd.exe.
Beim 2. mal hat das Setup ein chkdsk gemacht und irgendwas repariert.
Beim 3. mal hat das Setup keine Festplatte mehr gefunden.
Dann habe ich die Festplatte ausgebaut und an einen anderen PC als Slave angeschlossen um zu versuchen Daten zu retten, siehe da sie funktioniert einwandfrei.
Ist es vieleicht möglich das der Bootsektor der Platte defekt ist?
Seitenanfang Seitenende
11.10.2006, 10:00
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#25 wenn die platte an einem anderen Rechner funktioniert, kann sie nicht defekt sein....
schliesse sie noch mal normal an und berichte, ob der rechner normal hochfahert.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.10.2006, 22:04
Fränk268
Member

Themenstarter

Beiträge: 13
#26 Ja die Platte ist neu hochgefahren aber Die Systemherrstellung geht immer noch nicht. Wollte XP jetzt nochmal drüber installieren, ging aber nicht.
Habe mir jetzt eine neue Platte gekauft und benutze die Alte als 2. Platte zusätzlich. Da läuft sie ohne murren.
Ist wiedermal viel Arbeit alles neu zu installieren.

Trotzdem Danke für Eure Hilfe.
War sehr zufieden mit Euch und werde Euch weiterempfehlen.

MfG Fränk268
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12