Critical Sytem Error! |
||
---|---|---|
#0
| ||
17.10.2006, 21:26
Member
Beiträge: 26 |
||
|
||
18.10.2006, 17:37
Ehrenmitglied
Beiträge: 29434 |
#2
Selena
da ist viel Muell drauf, unter anderem das Faketool WinAntiVirus Pro 2006 - wer das laedt, zerschiesst sich den Rechner............ 1. Cleanup anwenden http://virus-protect.org/cleanup.html 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\3. Combofix anwenden und das log hier posten http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.10.2006, 19:03
Member
Themenstarter Beiträge: 26 |
#3
Combofix:
JOSI - 06-10-18 19:00:35,78 Service Pack 2 ComboFix 06.10.16 - Running from: "C:\Dokumente und Einstellungen\JOSI\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-18 to 2006-10-18 )))))))))))))))))))))))))))))))))) 2006-10-13 02:35 7,936 --a------ C:\WINDOWS\system32\drivers\vspf_hk5.sys 2006-10-13 02:35 6,144 --a------ C:\WINDOWS\system32\stera.exe 2006-10-13 02:35 35,328 --a------ C:\WINDOWS\system32\drivers\FOPN.sys 2006-10-13 02:35 21,504 --a------ C:\WINDOWS\system32\drivers\vspf5.sys 2006-10-13 02:34 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll 2006-10-13 01:34 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2006-10-13 01:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2006-10-13 01:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2006-10-13 01:34 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2006-10-13 00:32 106,496 --a------ C:\WINDOWS\system32\tazth.dll 2006-10-02 14:42 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2006-10-02 14:42 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2006-10-02 14:42 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2006-10-02 14:42 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2006-10-02 14:42 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2006-10-02 14:42 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2006-09-26 15:43 48,640 --a------ C:\WINDOWS\system32\Suchspur.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-18 18:52 -------- d-------- C:\Programme\CleanUp! 2006-10-17 18:31 -------- d-------- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\Skype 2006-10-16 04:43 -------- d-------- C:\Programme\Simplyzip 2006-10-16 01:59 -------- d-------- C:\Programme\WinAntiVirus Pro 2006 2006-10-15 21:23 -------- d---s---- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\Microsoft 2006-10-14 23:38 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-10-14 23:37 91856 --a------ C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe 2006-10-14 21:52 -------- d-------- C:\Programme\Yahoo! 2006-10-14 19:04 -------- d-------- C:\Programme\SpywareHeal 2006-10-14 18:33 -------- d-------- C:\Programme\HQVideoCodec 2006-10-14 18:30 -------- d-------- C:\Programme\WinRAR 2006-10-14 02:34 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2006-10-14 02:04 91336 --a------ C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\errorsafegermannewreleaseinstall[1].exe 2006-10-14 02:01 -------- d-------- C:\Programme\MalwareWipe.com 2006-10-13 02:37 -------- d-------- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\WinAntiVirus Pro 2006 2006-10-07 13:29 -------- d-------- C:\Programme\Windows Media Player 2006-10-05 14:22 -------- d-------- C:\Programme\Apple Software Update 2006-09-28 23:10 -------- d-------- C:\Programme\LimeWire 2006-09-28 18:28 -------- d-------- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\LimeWire 2006-09-26 17:10 -------- d-------- C:\Programme\Java 2006-09-26 17:07 -------- d-------- C:\Programme\Gemeinsame Dateien\Java 2006-09-26 14:35 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2006-09-26 14:32 -------- d-------- C:\Programme\iTunes 2006-09-20 18:10 -------- d-------- C:\Programme\ICQLite 2006-09-20 18:05 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic 2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-07-28 14:53 1167360 -----c--- C:\WINDOWS\__oddysee.exe 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-02 14:26 62 --ahs---- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\desktop.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "BusinessOnline Log"="\"C:\\Programme\\T-DSL Business\\BOLog.exe\"" "T-DSL SpeedMgr"="\"C:\\Programme\\T-DSL SpeedManager\\SpeedMgr.exe\"" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\HQVideoCodec\\isamonitor.exe" "pmsngr.exe"="C:\\Programme\\HQVideoCodec\\pmsngr.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "gaonic"="{f31aee4a-1530-4fef-8537-79c6973bff9a}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-10-18 19:01:33.21 C:\ComboFix.txt ... 06-10-18 19:01 C:\ComboFix2.txt ... 06-10-17 20:41 |
|
|
||
18.10.2006, 19:10
Ehrenmitglied
Beiträge: 29434 |
#4
1.
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste hier das log vom avenger, was nach neustart erscheint __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.10.2006, 19:19
Member
Themenstarter Beiträge: 26 |
#5
avenger:
))))) ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\llbmawex ******************* Script file located at: \??\C:\qreyegti.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf_hk5.sys deleted successfully. File C:\WINDOWS\system32\stera.exe deleted successfully. File C:\WINDOWS\system32\drivers\FOPN.sys deleted successfully. File C:\WINDOWS\system32\drivers\vspf5.sys deleted successfully. File C:\WINDOWS\system32\SpOrder.dll deleted successfully. File C:\WINDOWS\system32\atl71.dll deleted successfully. File C:\WINDOWS\system32\msvcp71.dll deleted successfully. File C:\WINDOWS\system32\msvcr71.dll deleted successfully. File C:\WINDOWS\system32\mfc71.dll deleted successfully. File C:\WINDOWS\system32\tazth.dll deleted successfully. File C:\WINDOWS\system32\Suchspur.dll deleted successfully. File C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe deleted successfully. Could not open folder C:\Programme\Common Files\Companion Wizard for deletion Deletion of folder C:\Programme\Common Files\Companion Wizard failed! Could not process line: C:\Programme\Common Files\Companion Wizard Status: 0xc000003a Folder C:\Programme\WinAntiVirus Pro 2006 deleted successfully. Folder C:\Programme\SpywareHeal deleted successfully. Folder C:\Programme\HQVideoCodec deleted successfully. Folder C:\Programme\MalwareWipe.com deleted successfully. Folder C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\WinAntiVirus Pro 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D945E9A-DC10-4670-83EB-99DAA616628A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
||
18.10.2006, 19:21
Ehrenmitglied
Beiträge: 29434 |
#6
scanne mit option 1 und 2 und poste beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.10.2006, 19:34
Member
Themenstarter Beiträge: 26 |
#7
hm..., dann kommt wieder das was ich mal am anfang machen sollte :
SmitFrauthFix v.2.110 Ficher Process.exe absent! Dezippez la totalite de l´archive dans un dossier. Process.exe file missing! Unzip all the arhive folder. Drücken eine beliebige Taste! und nun? |
|
|
||
18.10.2006, 23:58
Ehrenmitglied
Beiträge: 29434 |
#8
versuche das und poste den report - smitfiles.txt
http://virus-protect.org/artikel/tools/smitrem.html dann scanne mit counterspy, stelle alles auf "remove" und poste den report http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.10.2006, 21:16
Member
Themenstarter Beiträge: 26 |
#9
amitfiles.txt
sorry Sabina, ich weis nicht ob das das richtige ist, ich habe diese Anwendung nicht richtig verstanden oder nicht richtig gemacht schicke es dir trotzdem : Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Programme\HQVideoCodec 14.10.2006 18:33 <DIR> . 14.10.2006 18:33 <DIR> .. 13.10.2006 00:32 27.136 iesplugin.dll 13.10.2006 00:32 13.824 iesuninst.exe 18.10.2006 18:36 13.824 isaddon.dll 18.10.2006 18:36 6.144 isamini.exe 13.10.2006 00:32 33.280 isamonitor.exe 13.10.2006 00:32 24.576 isauninst.exe 13.10.2006 00:32 4.286 ot.ico 18.10.2006 18:36 2.656 pmmon.exe 13.10.2006 00:32 11.476 pmsngr.exe 13.10.2006 00:32 14.848 pmuninst.exe 13.10.2006 00:32 4.286 ts.ico 11 Datei(en) 156.336 Bytes 2 Verzeichnis(se), 360.558.592 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Windows\System32\Com 04.08.2006 16:02 <DIR> . 04.08.2006 16:02 <DIR> .. 26.07.2005 06:39 195.072 comadmin.dll 18.08.2001 12:00 61.440 comempty.dat 18.08.2001 12:00 77.348 comexp.msc 04.08.2004 00:57 9.728 comrepl.exe 18.08.2001 12:00 5.120 comrereg.exe 18.08.2001 12:00 19.456 mtsadmin.tlb 6 Datei(en) 368.164 Bytes 2 Verzeichnis(se), 360.558.592 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Windows\system32\config 04.08.2006 16:47 <DIR> . 04.08.2006 16:47 <DIR> .. 18.10.2006 03:43 524.288 AppEvent.Evt 18.10.2006 03:43 262.144 default 02.07.2006 15:24 94.208 default.sav 04.08.2006 16:47 262.144 default_BAK_78874 18.10.2006 03:43 24.576 SAM 04.08.2006 16:47 262.144 SAM_BAK_44767 02.07.2006 14:25 65.536 SecEvent.Evt 18.10.2006 03:43 262.144 SECURITY 04.08.2006 16:47 262.144 SECURITY_BAK_72777 18.10.2006 03:43 16.777.216 software 02.07.2006 15:24 663.552 software.sav 04.08.2006 16:47 15.728.640 software_BAK_78153 18.10.2006 03:43 524.288 SysEvent.Evt 18.10.2006 18:36 4.194.304 system 02.07.2006 15:24 421.888 system.sav 04.08.2006 15:32 <DIR> systemprofile 04.08.2006 16:47 3.407.872 system_BAK_53369 02.07.2006 15:24 262.144 userdiff 17 Datei(en) 43.999.232 Bytes 3 Verzeichnis(se), 360.558.592 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\WINDOWS\system32 Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\WINDOWS\Downloaded Program Files 07.06.2006 11:09 1.249 erma.inf 14.07.2005 17:28 365 f3initialsetup1.0.0.15.inf 10.11.2005 14:05 876 jinstall-1_5_0_06.inf 03.05.2006 03:57 876 jinstall-1_5_0_07.inf 22.06.2006 11:41 5.032 swflash.inf 5 Datei(en) 8.398 Bytes 0 Verzeichnis(se), 360.558.592 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Programme Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Dokumente und Einstellungen\JOSI 16.10.2006 04:46 <DIR> . 16.10.2006 04:46 <DIR> .. 04.08.2006 16:16 <DIR> Application Data 10.10.2006 16:47 <DIR> Contacts 17.10.2006 20:50 <DIR> Desktop 18.10.2006 18:45 <DIR> Eigene Dateien 13.10.2006 01:44 0 err.log 16.10.2006 05:09 <DIR> Favoriten 13.10.2006 02:40 908 FileAccess.log 16.10.2006 23:32 <DIR> Incomplete 18.10.2006 03:43 3.670.016 NTUSER.DAT 16.10.2006 23:31 <DIR> Shared 14.10.2006 19:04 <DIR> Startmen 15.07.2006 15:18 <DIR> WINDOWS 3 Datei(en) 3.670.924 Bytes 11 Verzeichnis(se), 360.554.496 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Dokumente und Einstellungen\JOSI\Eigene Dateien 18.10.2006 18:45 <DIR> . 18.10.2006 18:45 <DIR> .. 28.09.2006 00:07 <DIR> Bilal-Briefe 21.09.2006 20:13 <DIR> Eigene Bilder 02.10.2006 00:24 <DIR> Eigene Musik 01.10.2006 23:25 <DIR> Eigene Videos 20.09.2006 18:10 <DIR> ICQ Lite 18.10.2006 18:45 997 listen.bat 16.10.2006 23:01 <DIR> Meine empfangenen Dateien 18.10.2006 18:38 578 Meine freigegebenen Ordner.lnk 15.07.2006 19:39 <DIR> My eBooks 20.07.2006 01:54 <DIR> My Skype Content 18.08.2001 04:55 105.984 phdsext.ax 3 Datei(en) 107.559 Bytes 10 Verzeichnis(se), 360.554.496 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Program Files 13.10.2006 00:59 <DIR> . 13.10.2006 00:59 <DIR> .. 15.07.2006 22:47 <DIR> ICQLite 13.10.2006 01:49 <DIR> PestTrap 0 Datei(en) 0 Bytes 4 Verzeichnis(se), 360.554.496 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Temp 18.10.2006 18:46 <DIR> . 18.10.2006 18:46 <DIR> .. 30.07.2006 06:44 16.330.024 Install_Messenger.exe 18.10.2006 18:46 206 jusched.log 18.10.2006 01:14 <DIR> MessengerCache 17.10.2006 21:20 <DIR> msohtml 17.10.2006 21:20 <DIR> msohtml1 17.10.2006 20:31 <DIR> NI.UERSU_9999_N91S2009 17.10.2006 20:41 <DIR> NI.UWA6PU_0001_N91M2107 18.10.2006 18:37 1.589.248 ~DF65A5.tmp 18.10.2006 18:37 512 ~DF65B9.tmp 18.10.2006 18:37 1.589.248 ~DFAEE0.tmp 18.10.2006 18:37 512 ~DFB3E8.tmp 6 Datei(en) 19.509.750 Bytes 7 Verzeichnis(se), 360.554.496 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\WINDOWS\Temp 18.10.2006 18:39 <DIR> . 18.10.2006 18:39 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 360.554.496 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Temp 02.10.2006 01:30 <DIR> . 02.10.2006 01:30 <DIR> .. 28.05.2006 21:38 103 install.bat 09.05.2006 20:14 67.215 Revert.wmz 09.05.2006 20:00 744.232 umdf.exe 09.05.2006 21:02 466.944 wmdbexport.exe 09.05.2006 22:45 8.100.680 wmfdist11.exe 09.05.2006 22:59 14.334.264 wmp11.exe 6 Datei(en) 23.713.438 Bytes 2 Verzeichnis(se), 360.554.496 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Programme 17.10.2006 20:15 <DIR> . 17.10.2006 20:15 <DIR> .. 02.07.2006 15:28 <DIR> Ahead 20.09.2006 18:05 <DIR> AntiVir PersonalEdition Classic 05.10.2006 14:22 <DIR> Apple Software Update 17.10.2006 20:16 <DIR> CleanUp! 02.07.2006 13:36 <DIR> ComPlus Applications 16.07.2006 16:44 <DIR> FunWebProducts 14.10.2006 23:38 <DIR> Gemeinsame Dateien 04.08.2006 16:34 <DIR> Google 02.07.2006 14:51 <DIR> Hewlett-Packard 02.07.2006 14:52 <DIR> hp deskjet 3820 series 14.10.2006 18:33 <DIR> HQVideoCodec 20.09.2006 18:10 <DIR> ICQLite 15.07.2006 22:49 <DIR> ICQToolbar 16.08.2006 14:43 <DIR> Internet Explorer 26.09.2006 14:32 <DIR> iTunes 26.09.2006 17:10 <DIR> Java 28.09.2006 23:10 <DIR> LimeWire 14.10.2006 02:01 <DIR> MalwareWipe.com 04.08.2006 16:03 <DIR> Messenger 02.07.2006 13:42 <DIR> microsoft frontpage 02.07.2006 15:13 <DIR> Microsoft.NET 02.07.2006 13:38 <DIR> Movie Maker 02.07.2006 13:35 <DIR> MSN 02.07.2006 13:36 <DIR> MSN Gaming Zone 18.07.2006 17:25 <DIR> MSN Messenger 16.07.2006 21:36 <DIR> MyWebSearch 02.07.2006 13:38 <DIR> NetMeeting 02.07.2006 13:36 <DIR> Online Services 02.07.2006 13:39 <DIR> Online-Dienste 04.08.2006 16:00 <DIR> Outlook Express 02.07.2006 14:01 <DIR> PowerQuest 14.08.2006 00:29 <DIR> QuickTime 16.10.2006 04:43 <DIR> Simplyzip 20.07.2006 01:41 <DIR> Skype 14.10.2006 19:04 <DIR> SpywareHeal 15.07.2006 15:45 <DIR> T-Com W-LAN Manager 12.08.2006 02:10 <DIR> T-DSL Business 04.08.2006 16:43 <DIR> T-DSL SpeedManager 23.07.2006 19:30 <DIR> Thrustmaster 16.10.2006 01:59 <DIR> WinAntiVirus Pro 2006 07.10.2006 13:29 <DIR> Windows Media Player 02.07.2006 13:36 <DIR> Windows NT 14.10.2006 18:30 <DIR> WinRAR 02.07.2006 13:42 <DIR> xerox 14.10.2006 21:52 <DIR> Yahoo! 0 Datei(en) 0 Bytes 47 Verzeichnis(se), 360.550.400 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Anwendungsdaten 16.07.2006 03:25 <DIR> Ahead 13.08.2006 11:47 <DIR> Apple Computer 16.10.2006 01:54 47.104 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 28.07.2006 23:50 42.560 GDIPFONTCACHEV1.DAT 04.08.2006 16:33 <DIR> Google 12.08.2006 02:10 <DIR> Help 22.07.2006 21:41 <DIR> Identities 15.10.2006 21:20 <DIR> Microsoft 2 Datei(en) 89.664 Bytes 6 Verzeichnis(se), 360.550.400 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten 15.07.2006 19:39 <DIR> Adobe 13.08.2006 11:47 <DIR> Apple Computer 14.10.2006 02:04 91.336 errorsafegermannewreleaseinstall[1].exe 15.07.2006 22:43 <DIR> Google 12.08.2006 02:10 <DIR> Help 16.07.2006 14:03 <DIR> ICQLite 02.07.2006 13:49 <DIR> Identities 15.07.2006 19:39 <DIR> InterTrust 28.09.2006 18:28 <DIR> LimeWire 16.07.2006 09:59 <DIR> Macromedia 17.10.2006 18:31 <DIR> Skype 15.07.2006 22:43 <DIR> Sun 15.07.2006 15:45 <DIR> T-DSL SpeedManager 04.08.2006 16:37 <DIR> TuneUp Software 13.10.2006 02:37 <DIR> WinAntiVirus Pro 2006 14.10.2006 23:37 91.856 winantiviruspro2006freeinstall_de[1].exe 14.08.2006 13:47 <DIR> Yahoo! 2 Datei(en) 183.192 Bytes 15 Verzeichnis(se), 360.550.400 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 16.07.2006 22:01 305 addr_file.html 18.10.2006 01:16 <DIR> AntiVir PersonalEdition Classic 06.10.2006 23:12 <DIR> Apple Computer 06.10.2006 01:38 3.151 QTSBandwidthCache 20.07.2006 01:41 <DIR> Skype 15.07.2006 16:50 <DIR> T-Com W-LAN Manager 09.10.2006 01:48 <DIR> T-DSL SpeedManager 28.07.2006 14:58 <DIR> TuneUp Software 13.10.2006 02:35 <DIR> WinAntiVirus Pro 2006 22.07.2006 17:13 <DIR> Windows Genuine Advantage 08.08.2006 10:50 <DIR> Yahoo! 14.10.2006 21:52 <DIR> Yahoo! Companion 2 Datei(en) 3.456 Bytes 10 Verzeichnis(se), 360.546.304 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Programme\Gemeinsame Dateien 14.10.2006 23:38 <DIR> . 14.10.2006 23:38 <DIR> .. 15.07.2006 19:39 <DIR> Adobe 02.07.2006 15:28 <DIR> Ahead 02.07.2006 15:11 <DIR> DESIGNER 02.07.2006 13:38 <DIR> Dienste 28.07.2006 14:34 <DIR> InstallShield 26.09.2006 17:07 <DIR> Java 26.09.2006 14:35 <DIR> Microsoft Shared 02.07.2006 13:38 <DIR> MSSoap 02.07.2006 14:26 <DIR> ODBC 02.07.2006 14:26 <DIR> SpeechEngines 04.08.2006 16:00 <DIR> System 14.10.2006 02:34 <DIR> Wise Installation Wizard 0 Datei(en) 0 Bytes 14 Verzeichnis(se), 360.546.304 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 Verzeichnis von C:\Windows\tasks 15.09.2006 19:02 394 1-Klick-Wartung.job 05.10.2006 14:22 276 AppleSoftwareUpdate.job 2 Datei(en) 670 Bytes 0 Verzeichnis(se), 360.546.304 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 9C4A-B044 ( das andere schritt folgt!) josi nächste schritt, hat geklappt! Spyware Scan Details Start Date: 19.10.2006 21:20:48 End Date: 19.10.2006 21:32:04 Total Time: 11 mins 16 secs Detected spyware MyWebSearch Toolbar Potentially Unwanted Software more information... Details: WebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools. Status: Deleted Infected files detected c:\programme\mywebsearch\bar\history\search2 c:\programme\mywebsearch\bar\settings\prevcfg2.htm c:\programme\mywebsearch\bar\settings\setting2.htm c:\programme\mywebsearch\bar\settings\settings.dat c:\programme\mywebsearch\bar\settings\s_pid.dat Infected registry entries detected HKEY_CURRENT_USER\SOFTWARE\MyWebSearch\bar HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17} HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches ypager.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msnmsgr.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icqlite.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icq.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches aim.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches waol.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches outlook.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msn.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msimn.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches incmail.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CurInstall 1 HKEY_CURRENT_USER\Software\MyWebSearch HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} IMonitorEvents HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1 HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches incmail.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msimn.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msn.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches outlook.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches waol.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches aim.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icq.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icqlite.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msmsgs.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msnmsgr.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches ypager.exe 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches mwsSrcAs.dll 1 HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 Toolbar *Uninstalled* HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf FunWebProducts Adware Bundler more information... Details: Fun Web Products bundles adware software in its products. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\SOFTWARE\FunWebProducts HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionCount 3 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionTimestamp 22119890 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger PlaySounds 1 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings UID A482A72F-3956-4D31-913D-06E98313F364 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam234 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam105 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam101 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam111 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam112 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam113 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam114 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam115 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam116 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam117 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam118 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam119 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam120 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it! HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1 HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CheckForConnection 1 HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver ImagesDir C:\Programme\FunWebProducts\ScreenSaver\Images\ HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn HTMLMenuRevision 143 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn ETag "1cd746f-a288-44b3afec" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn LastHTMLMenuURL http://www.funwebproducts.com/BuddyIconChooser.html HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn HTMLMenuRevision 143 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn ETag "283c726-3cff-43ff65cc" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn LastHTMLMenuURL http://www.mywebface.com/menus/MyFunCards_en.html.gz HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn HTMLMenuRevision 143 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn ETag "238da2d-14c6-43e7d704" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.numActive 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@ HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqNone -1|1|0|0|0|0|0|0|0|0|1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.numActive 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@ HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqUninstalled -1|1|0|0|0|0|0|0|0|0|1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive2 2 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it! HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.2 Your friend has sent you a Talking Smiley. Click: @LINK@ HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HTMLMenuPosDeleted 1 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn LastHTMLMenuURL http://www.mywebface.com/menus/SmileyChooser_de.html.gz HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HTMLMenuRevision 143 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn ETag "225335c-1b4d9-44b2599c" HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn iexplore.exe.pos -207,2 HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products JpegConversionLib C:\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products CacheDir C:\Programme\FunWebProducts\Shared\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer Dir C:\Programme\FunWebProducts\Installr\ HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CheckForConnection 1 HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CacheDir C:\Programme\FunWebProducts\Installr\Cache\ My Way Speedbar Browser Plug-in more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@ad.yieldmanager[2].txt Advertising.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@advertising[1].txt Cok.PriceBandit Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@apmebf[1].txt ATDMT.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@atdmt[1].txt Bluestreak.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@bluestreak[2].txt BurstNet.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@burstnet[2].txt casalemedia.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@casalemedia[2].txt CGI-Bin Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@cgi-bin[2].txt DoubleClick Cookie more information... Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@doubleclick[1].txt FastClick.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@fastclick[2].txt c:\dokumente und einstellungen\josi\cookies\josi@media.fastclick[1].txt Hitbox.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@hg1.hitbox[2].txt c:\dokumente und einstellungen\josi\cookies\josi@hitbox[2].txt IndexTools.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@indextools[2].txt Mediaplex.com Cookie more information... Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@mediaplex[2].txt Overture.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@overture[1].txt RealMedia.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@realmedia[1].txt Revenue.net Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@revenue[1].txt BS.Serving-Sys Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@serving-sys[1].txt Radar Spy 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@tradedoubler[1].txt c:\dokumente und einstellungen\josi\cookies\josi@yourmedia[1].txt TribalFusion.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@tribalfusion[1].txt Weborama Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\josi\cookies\josi@weborama[2].txt s, und nun? josi Dieser Beitrag wurde am 19.10.2006 um 21:38 Uhr von Selena editiert.
|
|
|
||
20.10.2006, 00:24
Ehrenmitglied
Beiträge: 29434 |
#10
Avenger
Zitat Files to delete:poste das log vom avenger, was nach neustart erscheint + poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.10.2006, 22:02
Member
Themenstarter Beiträge: 26 |
#11
Avenger:
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Fatal error: could not create new script file. Error code: 0 Error logged to errorlog.txt. Aborting now! (ich weis nicht ob das das richtige ist, das kahm nach dem automatischen neustart!) HijackThis : Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Programme\T-DSL Business\BOLog.exe C:\Programme\T-DSL SpeedManager\SpeedMgr.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe D:\Programme\PDF-XChange 2.5\pdfSaver.exe C:\WINDOWS\System32\svchost.exe C:\Programme\T-DSL SpeedManager\TSMSvc.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\JOSI\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file) O2 - BHO: (no name) - {5D945E9A-DC10-4670-83EB-99DAA616628A} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file) O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [BusinessOnline Log] "C:\Programme\T-DSL Business\BOLog.exe" O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: PDF-XChange Capture.lnk = D:\Programme\PDF-XChange 2.5\pdfSaver.exe O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB370FF-BCA6-4C04-9FE4-142C611567D7}: NameServer = 217.237.149.161 217.237.151.225 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (ich hoffe das es richtig ist, danke! ) und nun ? Dieser Beitrag wurde am 21.10.2006 um 22:21 Uhr von Selena editiert.
|
|
|
||
21.10.2006, 22:32
Ehrenmitglied
Beiträge: 29434 |
#12
Selena
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file)scanne mot ewdio (online)und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.10.2006, 02:14
Member
Themenstarter Beiträge: 26 |
#13
Richtig??????
--------------------------------------------------------------------------- Name: Adware.AntiVermins Path: HKLM\SOFTWARE\AntiVermins Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{19DACF08-A207-4271-AA22-C138F512E787} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{58F394DC-8F9C-41AF-99A8-0C5DBD830512} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{6D8D02FB-2877-40CF-8325-B6FFEC0811DA} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{7FB0A17F-60E7-47C6-BBF8-00A0427CF8EF} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{85953437-B661-4DC1-98A6-FC7005B710FC} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{87664F4C-697D-437E-BF90-2FD7C6C0B04C} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{984281D2-E2E0-442D-A2DD-88638F2CE04C} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{9D5ADF27-B3F9-493D-A15E-AB019B9FD18B} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{9DE6DA81-E460-4E25-937D-A3EE1E6FCA27} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{EF215DAD-8E52-4C75-B779-5093B3855E79} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{EF884BC1-EE64-4E8B-AE3D-84037A0D1606} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F} Risk: Medium Name: Adware.WinAntiVirus Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} Risk: Medium Name: Adware.HQVideoCodec Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} Risk: Medium Name: Adware.WinAntiVirus Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006 Risk: Medium Name: Adware.WinAntiVirus Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006\Settings Risk: Medium Name: Adware.ProtectionBar Path: C:\avenger\backup.zip/avenger/HQVideoCodec/iesplugin.dll Risk: Medium Name: Downloader.Zlob.agu Path: C:\avenger\backup.zip/avenger/HQVideoCodec/iesuninst.exe Risk: High Name: Downloader.Zlob.agu Path: C:\avenger\backup.zip/avenger/HQVideoCodec/pmmon.exe Risk: High Name: Not-A-Virus.Hoax.Win32.Renos.dy Path: C:\avenger\backup.zip/avenger/HQVideoCodec/pmsngr.exe Risk: Low Name: Downloader.Zlob.agu Path: C:\avenger\backup.zip/avenger/HQVideoCodec/pmuninst.exe Risk: High Name: Adware.Malwarewipe Path: C:\avenger\backup.zip/avenger/MalwareWipe.com/MalwareWipe.com.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/SpOrder.dll Risk: Medium Name: Adware.Stud Path: C:\avenger\backup.zip/avenger/Suchspur.dll Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/ASupdater.dat Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/install.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/PGupdater.dat Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/phigh.bin Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/pmedium.bin Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/pv.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/sqlite3.dll Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/st.dat Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/up.dat Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/worldmap.swf Risk: Medium Name: Not-A-Virus.Downloader.Win32.WinFixer.o Path: C:\avenger\backup.zip/avenger/winantiviruspro2006freeinstall_de[1].exe Risk: Low Name: Not-A-Virus.Downloader.Win32.WinFixer.o Path: C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\errorsafegermannewreleaseinstall[1].exe Risk: Low Name: Adware.Spysheriff Path: C:\Program Files\PestTrap\Uninstall.exe Risk: Medium Name: Adware.Systemdoctor Path: C:\Programme\ICQToolbar\version.txt Risk: Medium Name: Not-A-Virus.Downloader.Win32.WinFixer.o Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP55\A0028135.exe Risk: Low Name: Adware.VirusBurster Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP55\A0028211.exe Risk: Medium Name: Downloader.Zlob.agu Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP55\A0028261.exe Risk: High Name: Downloader.Zlob.agu Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029289.exe Risk: High Name: Downloader.Zlob.agu Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029427.exe Risk: High Name: Adware.ProtectionBar Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029454.dll Risk: Medium Name: Adware.Malwarewipe Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029465.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029470.dll Risk: Medium Name: Adware.Stud Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029474.dll Risk: Medium Name: Adware.WinAntiVirus Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029486.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029488.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029491.dll Risk: Medium Name: Not-A-Virus.Downloader.Win32.WinFixer.o Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029496.exe Risk: Low --------------------------------------------------------------------------- so, als ich gescannt habe meldete sich mein anti virus! (virus oder unerwünschtes Programm) (Ist das Trojanische Pferd TR/Dldr. Zlob.AAV) würde gerne wissen warum ich die ganzen Durchfürungen mache, ich meine was bezwegt es oder erzeugt es, wäre cool sabina wenn du es mir erklären würdest, weil dier ganze sache macht mich langsam neugierig! danke |
|
|
||
22.10.2006, 12:16
Ehrenmitglied
Beiträge: 29434 |
#14
dein rechner ist verseucht ..du hast Proggies geladen, die man nicht auf dem rechner haben darf..............
Avenger Zitat registry keys to delete:** loeschen: C:\avenger\backup.zip ** Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) ** dann scanne noch mal mit ewido und berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.10.2006, 14:17
Member
Themenstarter Beiträge: 26 |
#15
das macht voll spass , hehe
was sind Proggies? hier der scann report von ewido, danke: __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Yieldmanager Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@ad.yieldmanager[1].txt Risk: Medium Name: TrackingCookie.Falkag Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@as1.falkag[1].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@atdmt[2].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Ivwbox Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@ivwbox[2].txt Risk: Medium Name: TrackingCookie.Komtrack Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@komtrack[2].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@mediaplex[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@msnaccountservices.112.2o7[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@msnportal.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@serving-sys[1].txt Risk: Medium Name: Adware.AntiVermins Path: HKLM\SOFTWARE\AntiVermins Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5} Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{19DACF08-A207-4271-AA22-C138F512E787} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{58F394DC-8F9C-41AF-99A8-0C5DBD830512} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{6D8D02FB-2877-40CF-8325-B6FFEC0811DA} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{7FB0A17F-60E7-47C6-BBF8-00A0427CF8EF} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{85953437-B661-4DC1-98A6-FC7005B710FC} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{87664F4C-697D-437E-BF90-2FD7C6C0B04C} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{984281D2-E2E0-442D-A2DD-88638F2CE04C} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{9D5ADF27-B3F9-493D-A15E-AB019B9FD18B} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{9DE6DA81-E460-4E25-937D-A3EE1E6FCA27} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{EF215DAD-8E52-4C75-B779-5093B3855E79} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{EF884BC1-EE64-4E8B-AE3D-84037A0D1606} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF} Risk: Medium Name: Adware.VirusBurster Path: HKLM\SOFTWARE\Classes\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F} Risk: Medium Name: Adware.WinAntiVirus Path: HKLM\SOFTWARE\WinAntiVirus Pro 2006 Risk: Medium Name: Adware.WinAntiVirus Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006 Risk: Medium Name: Adware.WinAntiVirus Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006\Settings Risk: Medium Name: Adware.ProtectionBar Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/iesplugin.dll Risk: Medium Name: Downloader.Zlob.agu Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/iesuninst.exe Risk: High Name: Downloader.Zlob.agu Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/pmmon.exe Risk: High Name: Not-A-Virus.Hoax.Win32.Renos.dy Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/pmsngr.exe Risk: Low Name: Downloader.Zlob.agu Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/pmuninst.exe Risk: High Name: Adware.Malwarewipe Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/MalwareWipe.com/MalwareWipe.com.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/SpOrder.dll Risk: Medium Name: Adware.Stud Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/Suchspur.dll Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/ASupdater.dat Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/install.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/PGupdater.dat Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/phigh.bin Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/pmedium.bin Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/pv.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/sqlite3.dll Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/st.dat Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/up.dat Risk: Medium Name: Adware.WinAntiVirus Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/worldmap.swf Risk: Medium Name: Not-A-Virus.Downloader.Win32.WinFixer.o Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/winantiviruspro2006freeinstall_de[1].exe Risk: Low Name: Adware.HotBar Path: C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\D2466FDF-7157-45DA-9B68-FB1E43\F67E2BB9-FD0B-4D6A-8A4E-3CAB58 Risk: Medium Name: Adware.Hotbar Path: C:\Programme\HbTools\Bin\4.8.2.0\HbtHostOE.dll Risk: Medium Name: Adware.HotBar Path: C:\Programme\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe Risk: Medium Name: Adware.HotBar Path: C:\Programme\Hotbar Risk: Medium |
|
|
||
Zitat