Critical Sytem Error!

#0
17.10.2006, 21:26
Member

Beiträge: 26
#1 [b][i]

Zitat

[img]
Liebe Sabina, mittlerweile bin ich voran gekommen.
Mein Problem ist halt der *Critical Sytem Error*, bei mir geht jedesmal zuerst die Internet security seite auf (http://isecuritypage.com/) dann erscheint ein warning vom internet explorer wenn ich auf OK drücke, erscheint dann immer eine Seite, die auch immer wieder während ich im Internet bin, auftaucht! (http://malwarewipe.com/?rid=239)
Zeitweise erscheinen auch ein Banner (sexuell), aber das ist immer der selbe Banner!
Auf meiner Leiste Blinkt ein Symbol was abwechselnd ein gelbes Kreuz! ist und auch ein gelbes Fragezeichen! Drücke ich darauf kommen ständig verschiedene Virus seiten!

1.Hier ist der HijackThis:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\HQVideoCodec\isamonitor.exe
C:\Programme\HQVideoCodec\pmsngr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programme\T-DSL Business\BOLog.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\HQVideoCodec\pmmon.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
D:\Programme\PDF-XChange 2.5\pdfSaver.exe
C:\Programme\HQVideoCodec\isamini.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\JOSI\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-dsl-business.t-online.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Programme\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Programme\HQVideoCodec\isaddon.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\HQVideoCodec\iesplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BusinessOnline Log] "C:\Programme\T-DSL Business\BOLog.exe"
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: PDF-XChange Capture.lnk = D:\Programme\PDF-XChange 2.5\pdfSaver.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB370FF-BCA6-4C04-9FE4-142C611567D7}: NameServer = 217.237.149.161 217.237.151.225
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Seitenanfang Seitenende
18.10.2006, 17:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Selena

da ist viel Muell drauf, unter anderem das Faketool WinAntiVirus Pro 2006 - wer das laedt, zerschiesst sich den Rechner............

1.
Cleanup anwenden
http://virus-protect.org/cleanup.html

2.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\HQVideoCodec" >>files.txt
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\Windows\system32\config" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Eigene Dateien" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt
3.
Combofix anwenden und das log hier posten
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.10.2006, 19:03
Member

Themenstarter

Beiträge: 26
#3 Combofix:


JOSI - 06-10-18 19:00:35,78 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\Dokumente und Einstellungen\JOSI\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-18 to 2006-10-18 ))))))))))))))))))))))))))))))))))


2006-10-13 02:35 7,936 --a------ C:\WINDOWS\system32\drivers\vspf_hk5.sys
2006-10-13 02:35 6,144 --a------ C:\WINDOWS\system32\stera.exe
2006-10-13 02:35 35,328 --a------ C:\WINDOWS\system32\drivers\FOPN.sys
2006-10-13 02:35 21,504 --a------ C:\WINDOWS\system32\drivers\vspf5.sys
2006-10-13 02:34 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-10-13 01:34 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-13 01:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-13 01:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-13 01:34 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2006-10-13 00:32 106,496 --a------ C:\WINDOWS\system32\tazth.dll
2006-10-02 14:42 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-10-02 14:42 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-10-02 14:42 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-10-02 14:42 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-10-02 14:42 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-10-02 14:42 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-26 15:43 48,640 --a------ C:\WINDOWS\system32\Suchspur.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-18 18:52 -------- d-------- C:\Programme\CleanUp!
2006-10-17 18:31 -------- d-------- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\Skype
2006-10-16 04:43 -------- d-------- C:\Programme\Simplyzip
2006-10-16 01:59 -------- d-------- C:\Programme\WinAntiVirus Pro 2006
2006-10-15 21:23 -------- d---s---- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\Microsoft
2006-10-14 23:38 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-14 23:37 91856 --a------ C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe
2006-10-14 21:52 -------- d-------- C:\Programme\Yahoo!
2006-10-14 19:04 -------- d-------- C:\Programme\SpywareHeal
2006-10-14 18:33 -------- d-------- C:\Programme\HQVideoCodec
2006-10-14 18:30 -------- d-------- C:\Programme\WinRAR
2006-10-14 02:34 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-10-14 02:04 91336 --a------ C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\errorsafegermannewreleaseinstall[1].exe
2006-10-14 02:01 -------- d-------- C:\Programme\MalwareWipe.com
2006-10-13 02:37 -------- d-------- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\WinAntiVirus Pro 2006
2006-10-07 13:29 -------- d-------- C:\Programme\Windows Media Player
2006-10-05 14:22 -------- d-------- C:\Programme\Apple Software Update
2006-09-28 23:10 -------- d-------- C:\Programme\LimeWire
2006-09-28 18:28 -------- d-------- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\LimeWire
2006-09-26 17:10 -------- d-------- C:\Programme\Java
2006-09-26 17:07 -------- d-------- C:\Programme\Gemeinsame Dateien\Java
2006-09-26 14:35 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-09-26 14:32 -------- d-------- C:\Programme\iTunes
2006-09-20 18:10 -------- d-------- C:\Programme\ICQLite
2006-09-20 18:05 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-28 14:53 1167360 -----c--- C:\WINDOWS\__oddysee.exe
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-02 14:26 62 --ahs---- C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"BusinessOnline Log"="\"C:\\Programme\\T-DSL Business\\BOLog.exe\""
"T-DSL SpeedMgr"="\"C:\\Programme\\T-DSL SpeedManager\\SpeedMgr.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\HQVideoCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\HQVideoCodec\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"gaonic"="{f31aee4a-1530-4fef-8537-79c6973bff9a}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-10-18 19:01:33.21
C:\ComboFix.txt ... 06-10-18 19:01
C:\ComboFix2.txt ... 06-10-17 20:41
Seitenanfang Seitenende
18.10.2006, 19:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 1.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D945E9A-DC10-4670-83EB-99DAA616628A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006

Files to delete:
C:\WINDOWS\system32\drivers\vspf_hk5.sys
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\system32\drivers\FOPN.sys
C:\WINDOWS\system32\drivers\vspf5.sys
C:\WINDOWS\system32\SpOrder.dll
C:\WINDOWS\system32\atl71.dll
C:\WINDOWS\system32\msvcp71.dll
C:\WINDOWS\system32\msvcr71.dll
C:\WINDOWS\system32\mfc71.dll
C:\WINDOWS\system32\tazth.dll
C:\WINDOWS\system32\Suchspur.dll
C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe

Folders to delete:
C:\Programme\Common Files\Companion Wizard
C:\Programme\WinAntiVirus Pro 2006
C:\Programme\SpywareHeal
C:\Programme\HQVideoCodec
C:\Programme\MalwareWipe.com
C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\WinAntiVirus Pro 2006

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste hier das log vom avenger, was nach neustart erscheint
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.10.2006, 19:19
Member

Themenstarter

Beiträge: 26
#5 avenger:

;))))))




//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\llbmawex

*******************

Script file located at: \??\C:\qreyegti.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\vspf_hk5.sys deleted successfully.
File C:\WINDOWS\system32\stera.exe deleted successfully.
File C:\WINDOWS\system32\drivers\FOPN.sys deleted successfully.
File C:\WINDOWS\system32\drivers\vspf5.sys deleted successfully.
File C:\WINDOWS\system32\SpOrder.dll deleted successfully.
File C:\WINDOWS\system32\atl71.dll deleted successfully.
File C:\WINDOWS\system32\msvcp71.dll deleted successfully.
File C:\WINDOWS\system32\msvcr71.dll deleted successfully.
File C:\WINDOWS\system32\mfc71.dll deleted successfully.
File C:\WINDOWS\system32\tazth.dll deleted successfully.
File C:\WINDOWS\system32\Suchspur.dll deleted successfully.
File C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe deleted successfully.


Could not open folder C:\Programme\Common Files\Companion Wizard for deletion
Deletion of folder C:\Programme\Common Files\Companion Wizard failed!

Could not process line:
C:\Programme\Common Files\Companion Wizard
Status: 0xc000003a

Folder C:\Programme\WinAntiVirus Pro 2006 deleted successfully.
Folder C:\Programme\SpywareHeal deleted successfully.
Folder C:\Programme\HQVideoCodec deleted successfully.
Folder C:\Programme\MalwareWipe.com deleted successfully.
Folder C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\WinAntiVirus Pro 2006 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D945E9A-DC10-4670-83EB-99DAA616628A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
18.10.2006, 19:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 scanne mit option 1 und 2 und poste beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.10.2006, 19:34
Member

Themenstarter

Beiträge: 26
#7 hm..., dann kommt wieder das was ich mal am anfang machen sollte :


SmitFrauthFix v.2.110
Ficher Process.exe absent!
Dezippez la totalite de l´archive dans un dossier.

Process.exe file missing!
Unzip all the arhive folder.

Drücken eine beliebige Taste!


und nun? ;)
Seitenanfang Seitenende
18.10.2006, 23:58
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 versuche das und poste den report - smitfiles.txt
http://virus-protect.org/artikel/tools/smitrem.html

dann scanne mit counterspy, stelle alles auf "remove" und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.10.2006, 21:16
Member

Themenstarter

Beiträge: 26
#9 amitfiles.txt

sorry Sabina, ich weis nicht ob das das richtige ist, ich habe diese Anwendung nicht richtig verstanden oder nicht richtig gemacht schicke es dir trotzdem :

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Programme\HQVideoCodec

14.10.2006 18:33 <DIR> .
14.10.2006 18:33 <DIR> ..
13.10.2006 00:32 27.136 iesplugin.dll
13.10.2006 00:32 13.824 iesuninst.exe
18.10.2006 18:36 13.824 isaddon.dll
18.10.2006 18:36 6.144 isamini.exe
13.10.2006 00:32 33.280 isamonitor.exe
13.10.2006 00:32 24.576 isauninst.exe
13.10.2006 00:32 4.286 ot.ico
18.10.2006 18:36 2.656 pmmon.exe
13.10.2006 00:32 11.476 pmsngr.exe
13.10.2006 00:32 14.848 pmuninst.exe
13.10.2006 00:32 4.286 ts.ico
11 Datei(en) 156.336 Bytes
2 Verzeichnis(se), 360.558.592 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Windows\System32\Com

04.08.2006 16:02 <DIR> .
04.08.2006 16:02 <DIR> ..
26.07.2005 06:39 195.072 comadmin.dll
18.08.2001 12:00 61.440 comempty.dat
18.08.2001 12:00 77.348 comexp.msc
04.08.2004 00:57 9.728 comrepl.exe
18.08.2001 12:00 5.120 comrereg.exe
18.08.2001 12:00 19.456 mtsadmin.tlb
6 Datei(en) 368.164 Bytes
2 Verzeichnis(se), 360.558.592 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Windows\system32\config

04.08.2006 16:47 <DIR> .
04.08.2006 16:47 <DIR> ..
18.10.2006 03:43 524.288 AppEvent.Evt
18.10.2006 03:43 262.144 default
02.07.2006 15:24 94.208 default.sav
04.08.2006 16:47 262.144 default_BAK_78874
18.10.2006 03:43 24.576 SAM
04.08.2006 16:47 262.144 SAM_BAK_44767
02.07.2006 14:25 65.536 SecEvent.Evt
18.10.2006 03:43 262.144 SECURITY
04.08.2006 16:47 262.144 SECURITY_BAK_72777
18.10.2006 03:43 16.777.216 software
02.07.2006 15:24 663.552 software.sav
04.08.2006 16:47 15.728.640 software_BAK_78153
18.10.2006 03:43 524.288 SysEvent.Evt
18.10.2006 18:36 4.194.304 system
02.07.2006 15:24 421.888 system.sav
04.08.2006 15:32 <DIR> systemprofile
04.08.2006 16:47 3.407.872 system_BAK_53369
02.07.2006 15:24 262.144 userdiff
17 Datei(en) 43.999.232 Bytes
3 Verzeichnis(se), 360.558.592 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\WINDOWS\system32

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\WINDOWS\Downloaded Program Files

07.06.2006 11:09 1.249 erma.inf
14.07.2005 17:28 365 f3initialsetup1.0.0.15.inf
10.11.2005 14:05 876 jinstall-1_5_0_06.inf
03.05.2006 03:57 876 jinstall-1_5_0_07.inf
22.06.2006 11:41 5.032 swflash.inf
5 Datei(en) 8.398 Bytes
0 Verzeichnis(se), 360.558.592 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Programme

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Dokumente und Einstellungen\JOSI

16.10.2006 04:46 <DIR> .
16.10.2006 04:46 <DIR> ..
04.08.2006 16:16 <DIR> Application Data
10.10.2006 16:47 <DIR> Contacts
17.10.2006 20:50 <DIR> Desktop
18.10.2006 18:45 <DIR> Eigene Dateien
13.10.2006 01:44 0 err.log
16.10.2006 05:09 <DIR> Favoriten
13.10.2006 02:40 908 FileAccess.log
16.10.2006 23:32 <DIR> Incomplete
18.10.2006 03:43 3.670.016 NTUSER.DAT
16.10.2006 23:31 <DIR> Shared
14.10.2006 19:04 <DIR> Startmen
15.07.2006 15:18 <DIR> WINDOWS
3 Datei(en) 3.670.924 Bytes
11 Verzeichnis(se), 360.554.496 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Dokumente und Einstellungen\JOSI\Eigene Dateien

18.10.2006 18:45 <DIR> .
18.10.2006 18:45 <DIR> ..
28.09.2006 00:07 <DIR> Bilal-Briefe
21.09.2006 20:13 <DIR> Eigene Bilder
02.10.2006 00:24 <DIR> Eigene Musik
01.10.2006 23:25 <DIR> Eigene Videos
20.09.2006 18:10 <DIR> ICQ Lite
18.10.2006 18:45 997 listen.bat
16.10.2006 23:01 <DIR> Meine empfangenen Dateien
18.10.2006 18:38 578 Meine freigegebenen Ordner.lnk
15.07.2006 19:39 <DIR> My eBooks
20.07.2006 01:54 <DIR> My Skype Content
18.08.2001 04:55 105.984 phdsext.ax
3 Datei(en) 107.559 Bytes
10 Verzeichnis(se), 360.554.496 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Program Files

13.10.2006 00:59 <DIR> .
13.10.2006 00:59 <DIR> ..
15.07.2006 22:47 <DIR> ICQLite
13.10.2006 01:49 <DIR> PestTrap
0 Datei(en) 0 Bytes
4 Verzeichnis(se), 360.554.496 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Temp

18.10.2006 18:46 <DIR> .
18.10.2006 18:46 <DIR> ..
30.07.2006 06:44 16.330.024 Install_Messenger.exe
18.10.2006 18:46 206 jusched.log
18.10.2006 01:14 <DIR> MessengerCache
17.10.2006 21:20 <DIR> msohtml
17.10.2006 21:20 <DIR> msohtml1
17.10.2006 20:31 <DIR> NI.UERSU_9999_N91S2009
17.10.2006 20:41 <DIR> NI.UWA6PU_0001_N91M2107

18.10.2006 18:37 1.589.248 ~DF65A5.tmp
18.10.2006 18:37 512 ~DF65B9.tmp
18.10.2006 18:37 1.589.248 ~DFAEE0.tmp
18.10.2006 18:37 512 ~DFB3E8.tmp
6 Datei(en) 19.509.750 Bytes
7 Verzeichnis(se), 360.554.496 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\WINDOWS\Temp

18.10.2006 18:39 <DIR> .
18.10.2006 18:39 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 360.554.496 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Temp

02.10.2006 01:30 <DIR> .
02.10.2006 01:30 <DIR> ..
28.05.2006 21:38 103 install.bat
09.05.2006 20:14 67.215 Revert.wmz
09.05.2006 20:00 744.232 umdf.exe
09.05.2006 21:02 466.944 wmdbexport.exe
09.05.2006 22:45 8.100.680 wmfdist11.exe
09.05.2006 22:59 14.334.264 wmp11.exe

6 Datei(en) 23.713.438 Bytes
2 Verzeichnis(se), 360.554.496 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Programme

17.10.2006 20:15 <DIR> .
17.10.2006 20:15 <DIR> ..
02.07.2006 15:28 <DIR> Ahead
20.09.2006 18:05 <DIR> AntiVir PersonalEdition Classic
05.10.2006 14:22 <DIR> Apple Software Update
17.10.2006 20:16 <DIR> CleanUp!
02.07.2006 13:36 <DIR> ComPlus Applications
16.07.2006 16:44 <DIR> FunWebProducts
14.10.2006 23:38 <DIR> Gemeinsame Dateien
04.08.2006 16:34 <DIR> Google
02.07.2006 14:51 <DIR> Hewlett-Packard
02.07.2006 14:52 <DIR> hp deskjet 3820 series
14.10.2006 18:33 <DIR> HQVideoCodec
20.09.2006 18:10 <DIR> ICQLite
15.07.2006 22:49 <DIR> ICQToolbar
16.08.2006 14:43 <DIR> Internet Explorer
26.09.2006 14:32 <DIR> iTunes
26.09.2006 17:10 <DIR> Java
28.09.2006 23:10 <DIR> LimeWire
14.10.2006 02:01 <DIR> MalwareWipe.com
04.08.2006 16:03 <DIR> Messenger
02.07.2006 13:42 <DIR> microsoft frontpage
02.07.2006 15:13 <DIR> Microsoft.NET
02.07.2006 13:38 <DIR> Movie Maker
02.07.2006 13:35 <DIR> MSN
02.07.2006 13:36 <DIR> MSN Gaming Zone
18.07.2006 17:25 <DIR> MSN Messenger
16.07.2006 21:36 <DIR> MyWebSearch
02.07.2006 13:38 <DIR> NetMeeting
02.07.2006 13:36 <DIR> Online Services
02.07.2006 13:39 <DIR> Online-Dienste
04.08.2006 16:00 <DIR> Outlook Express
02.07.2006 14:01 <DIR> PowerQuest
14.08.2006 00:29 <DIR> QuickTime
16.10.2006 04:43 <DIR> Simplyzip
20.07.2006 01:41 <DIR> Skype
14.10.2006 19:04 <DIR> SpywareHeal
15.07.2006 15:45 <DIR> T-Com W-LAN Manager
12.08.2006 02:10 <DIR> T-DSL Business
04.08.2006 16:43 <DIR> T-DSL SpeedManager
23.07.2006 19:30 <DIR> Thrustmaster
16.10.2006 01:59 <DIR> WinAntiVirus Pro 2006
07.10.2006 13:29 <DIR> Windows Media Player
02.07.2006 13:36 <DIR> Windows NT
14.10.2006 18:30 <DIR> WinRAR
02.07.2006 13:42 <DIR> xerox
14.10.2006 21:52 <DIR> Yahoo!
0 Datei(en) 0 Bytes
47 Verzeichnis(se), 360.550.400 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Anwendungsdaten

16.07.2006 03:25 <DIR> Ahead
13.08.2006 11:47 <DIR> Apple Computer
16.10.2006 01:54 47.104 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
28.07.2006 23:50 42.560 GDIPFONTCACHEV1.DAT
04.08.2006 16:33 <DIR> Google
12.08.2006 02:10 <DIR> Help
22.07.2006 21:41 <DIR> Identities
15.10.2006 21:20 <DIR> Microsoft
2 Datei(en) 89.664 Bytes
6 Verzeichnis(se), 360.550.400 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten

15.07.2006 19:39 <DIR> Adobe
13.08.2006 11:47 <DIR> Apple Computer
14.10.2006 02:04 91.336 errorsafegermannewreleaseinstall[1].exe
15.07.2006 22:43 <DIR> Google
12.08.2006 02:10 <DIR> Help
16.07.2006 14:03 <DIR> ICQLite
02.07.2006 13:49 <DIR> Identities
15.07.2006 19:39 <DIR> InterTrust
28.09.2006 18:28 <DIR> LimeWire
16.07.2006 09:59 <DIR> Macromedia
17.10.2006 18:31 <DIR> Skype
15.07.2006 22:43 <DIR> Sun
15.07.2006 15:45 <DIR> T-DSL SpeedManager
04.08.2006 16:37 <DIR> TuneUp Software
13.10.2006 02:37 <DIR> WinAntiVirus Pro 2006
14.10.2006 23:37 91.856 winantiviruspro2006freeinstall_de[1].exe

14.08.2006 13:47 <DIR> Yahoo!
2 Datei(en) 183.192 Bytes
15 Verzeichnis(se), 360.550.400 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

16.07.2006 22:01 305 addr_file.html
18.10.2006 01:16 <DIR> AntiVir PersonalEdition Classic
06.10.2006 23:12 <DIR> Apple Computer
06.10.2006 01:38 3.151 QTSBandwidthCache
20.07.2006 01:41 <DIR> Skype
15.07.2006 16:50 <DIR> T-Com W-LAN Manager
09.10.2006 01:48 <DIR> T-DSL SpeedManager
28.07.2006 14:58 <DIR> TuneUp Software
13.10.2006 02:35 <DIR> WinAntiVirus Pro 2006
22.07.2006 17:13 <DIR> Windows Genuine Advantage
08.08.2006 10:50 <DIR> Yahoo!
14.10.2006 21:52 <DIR> Yahoo! Companion
2 Datei(en) 3.456 Bytes
10 Verzeichnis(se), 360.546.304 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Programme\Gemeinsame Dateien

14.10.2006 23:38 <DIR> .
14.10.2006 23:38 <DIR> ..
15.07.2006 19:39 <DIR> Adobe
02.07.2006 15:28 <DIR> Ahead
02.07.2006 15:11 <DIR> DESIGNER
02.07.2006 13:38 <DIR> Dienste
28.07.2006 14:34 <DIR> InstallShield
26.09.2006 17:07 <DIR> Java
26.09.2006 14:35 <DIR> Microsoft Shared
02.07.2006 13:38 <DIR> MSSoap
02.07.2006 14:26 <DIR> ODBC
02.07.2006 14:26 <DIR> SpeechEngines
04.08.2006 16:00 <DIR> System
14.10.2006 02:34 <DIR> Wise Installation Wizard
0 Datei(en) 0 Bytes
14 Verzeichnis(se), 360.546.304 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044

Verzeichnis von C:\Windows\tasks

15.09.2006 19:02 394 1-Klick-Wartung.job
05.10.2006 14:22 276 AppleSoftwareUpdate.job
2 Datei(en) 670 Bytes
0 Verzeichnis(se), 360.546.304 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9C4A-B044






( das andere schritt folgt!) josi




nächste schritt, hat geklappt!

Spyware Scan Details
Start Date: 19.10.2006 21:20:48
End Date: 19.10.2006 21:32:04
Total Time: 11 mins 16 secs

Detected spyware

MyWebSearch Toolbar Potentially Unwanted Software more information...
Details: WebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Infected files detected
c:\programme\mywebsearch\bar\history\search2
c:\programme\mywebsearch\bar\settings\prevcfg2.htm
c:\programme\mywebsearch\bar\settings\setting2.htm
c:\programme\mywebsearch\bar\settings\settings.dat
c:\programme\mywebsearch\bar\settings\s_pid.dat

Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch\bar
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches ypager.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msnmsgr.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icqlite.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icq.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches aim.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches waol.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches outlook.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msimn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches incmail.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CurInstall 1
HKEY_CURRENT_USER\Software\MyWebSearch
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} IMonitorEvents
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches incmail.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msimn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches outlook.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches waol.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches aim.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icq.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icqlite.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msmsgs.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msnmsgr.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches ypager.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches mwsSrcAs.dll 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 Toolbar *Uninstalled*
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf


FunWebProducts Adware Bundler more information...
Details: Fun Web Products bundles adware software in its products.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionCount 3
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionTimestamp 22119890
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger PlaySounds 1
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings UID A482A72F-3956-4D31-913D-06E98313F364
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam234
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam105
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam101
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam111
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam112
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam113
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam114
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam115
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam116
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam117
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam118
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam119
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam120
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it!
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CheckForConnection 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver ImagesDir C:\Programme\FunWebProducts\ScreenSaver\Images\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn HTMLMenuRevision 143
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn ETag "1cd746f-a288-44b3afec"
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn LastHTMLMenuURL http://www.funwebproducts.com/BuddyIconChooser.html
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn HTMLMenuRevision 143
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn ETag "283c726-3cff-43ff65cc"
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn LastHTMLMenuURL http://www.mywebface.com/menus/MyFunCards_en.html.gz
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn HTMLMenuRevision 143
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn ETag "238da2d-14c6-43e7d704"
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqNone -1|1|0|0|0|0|0|0|0|0|1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqUninstalled -1|1|0|0|0|0|0|0|0|0|1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive2 2
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it!
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.2 Your friend has sent you a Talking Smiley. Click: @LINK@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HTMLMenuPosDeleted 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn LastHTMLMenuURL http://www.mywebface.com/menus/SmileyChooser_de.html.gz
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HTMLMenuRevision 143
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn ETag "225335c-1b4d9-44b2599c"
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn iexplore.exe.pos -207,2
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products JpegConversionLib C:\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products CacheDir C:\Programme\FunWebProducts\Shared\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer Dir C:\Programme\FunWebProducts\Installr\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CheckForConnection 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Installer CacheDir C:\Programme\FunWebProducts\Installr\Cache\


My Way Speedbar Browser Plug-in more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


Cok.ad.yieldmanager Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@ad.yieldmanager[2].txt


Advertising.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@advertising[1].txt


Cok.PriceBandit Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@apmebf[1].txt


ATDMT.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@atdmt[1].txt


Bluestreak.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@bluestreak[2].txt


BurstNet.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@burstnet[2].txt


casalemedia.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@casalemedia[2].txt


CGI-Bin Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@cgi-bin[2].txt


DoubleClick Cookie more information...
Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@doubleclick[1].txt


FastClick.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@fastclick[2].txt
c:\dokumente und einstellungen\josi\cookies\josi@media.fastclick[1].txt


Hitbox.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@hg1.hitbox[2].txt
c:\dokumente und einstellungen\josi\cookies\josi@hitbox[2].txt


IndexTools.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@indextools[2].txt


Mediaplex.com Cookie more information...
Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@mediaplex[2].txt


Overture.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@overture[1].txt


RealMedia.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@realmedia[1].txt


Revenue.net Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@revenue[1].txt


BS.Serving-Sys Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@serving-sys[1].txt


Radar Spy 1.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@tradedoubler[1].txt
c:\dokumente und einstellungen\josi\cookies\josi@yourmedia[1].txt


TribalFusion.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@tribalfusion[1].txt


Weborama Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\josi\cookies\josi@weborama[2].txt




s, und nun? ;)

josi
Dieser Beitrag wurde am 19.10.2006 um 21:38 Uhr von Selena editiert.
Seitenanfang Seitenende
20.10.2006, 00:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Avenger

Zitat

Files to delete:
C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\errorsafegermannewreleaseinstall[1].exe
C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\winantiviruspro2006freeinstall_de[1].exe
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
C:\Temp\install.bat
C:\Temp\Revert.wmz
C:\Temp\umdf.exe
C:\Temp\wmdbexport.exe
C:\Temp\wmfdist11.exe
C:\Temp\wmp11.exe

Folders to delete:
C:\Program Files\PestTrap
C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Temp\msohtml
C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Temp\msohtml1
C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Temp\NI.UERSU_9999_N91S2009
C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Temp\NI.UWA6PU_0001_N91M2107
C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\WinAntiVirus Pro 2006
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006
C:\Programme\MyWebSearch
C:\Programme\FunWebProducts
C:\Programme\HQVideoCodec
C:\Programme\SpywareHeal
C:\Programme\WinAntiVirus Pro 2006
C:\Programme\MalwareWipe.com

poste das log vom avenger, was nach neustart erscheint

+
poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.10.2006, 22:02
Member

Themenstarter

Beiträge: 26
#11 Avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error: could not create new script file.
Error code: 0
Error logged to errorlog.txt. Aborting now!


(ich weis nicht ob das das richtige ist, das kahm nach dem automatischen neustart!)


HijackThis :


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programme\T-DSL Business\BOLog.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
D:\Programme\PDF-XChange 2.5\pdfSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\T-DSL SpeedManager\TSMSvc.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\JOSI\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file)
O2 - BHO: (no name) - {5D945E9A-DC10-4670-83EB-99DAA616628A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BusinessOnline Log] "C:\Programme\T-DSL Business\BOLog.exe"
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: PDF-XChange Capture.lnk = D:\Programme\PDF-XChange 2.5\pdfSaver.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DB370FF-BCA6-4C04-9FE4-142C611567D7}: NameServer = 217.237.149.161 217.237.151.225
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe



(ich hoffe das es richtig ist, danke! )

und nun ? ;)
Dieser Beitrag wurde am 21.10.2006 um 22:21 Uhr von Selena editiert.
Seitenanfang Seitenende
21.10.2006, 22:32
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Selena

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - (no file)
O2 - BHO: (no name) - {5D945E9A-DC10-4670-83EB-99DAA616628A} - (no file)
O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - (no file)

O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
scanne mot ewdio (online)und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2006, 02:14
Member

Themenstarter

Beiträge: 26
#13 Richtig??????
---------------------------------------------------------------------------



Name: Adware.AntiVermins
Path: HKLM\SOFTWARE\AntiVermins
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{19DACF08-A207-4271-AA22-C138F512E787}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{58F394DC-8F9C-41AF-99A8-0C5DBD830512}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{6D8D02FB-2877-40CF-8325-B6FFEC0811DA}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{7FB0A17F-60E7-47C6-BBF8-00A0427CF8EF}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{85953437-B661-4DC1-98A6-FC7005B710FC}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{87664F4C-697D-437E-BF90-2FD7C6C0B04C}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{984281D2-E2E0-442D-A2DD-88638F2CE04C}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{9D5ADF27-B3F9-493D-A15E-AB019B9FD18B}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{9DE6DA81-E460-4E25-937D-A3EE1E6FCA27}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{EF215DAD-8E52-4C75-B779-5093B3855E79}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{EF884BC1-EE64-4E8B-AE3D-84037A0D1606}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F}
Risk: Medium

Name: Adware.WinAntiVirus
Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
Risk: Medium

Name: Adware.HQVideoCodec
Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E}
Risk: Medium

Name: Adware.WinAntiVirus
Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006
Risk: Medium

Name: Adware.WinAntiVirus
Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006\Settings
Risk: Medium

Name: Adware.ProtectionBar
Path: C:\avenger\backup.zip/avenger/HQVideoCodec/iesplugin.dll
Risk: Medium

Name: Downloader.Zlob.agu
Path: C:\avenger\backup.zip/avenger/HQVideoCodec/iesuninst.exe
Risk: High

Name: Downloader.Zlob.agu
Path: C:\avenger\backup.zip/avenger/HQVideoCodec/pmmon.exe
Risk: High

Name: Not-A-Virus.Hoax.Win32.Renos.dy
Path: C:\avenger\backup.zip/avenger/HQVideoCodec/pmsngr.exe
Risk: Low

Name: Downloader.Zlob.agu
Path: C:\avenger\backup.zip/avenger/HQVideoCodec/pmuninst.exe
Risk: High

Name: Adware.Malwarewipe
Path: C:\avenger\backup.zip/avenger/MalwareWipe.com/MalwareWipe.com.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/SpOrder.dll
Risk: Medium

Name: Adware.Stud
Path: C:\avenger\backup.zip/avenger/Suchspur.dll
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/ASupdater.dat
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/install.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/PGupdater.dat
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/phigh.bin
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/pmedium.bin
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/pv.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/sqlite3.dll
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/st.dat
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/up.dat
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup.zip/avenger/WinAntiVirus Pro 2006/worldmap.swf
Risk: Medium

Name: Not-A-Virus.Downloader.Win32.WinFixer.o
Path: C:\avenger\backup.zip/avenger/winantiviruspro2006freeinstall_de[1].exe
Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.o
Path: C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\errorsafegermannewreleaseinstall[1].exe
Risk: Low

Name: Adware.Spysheriff
Path: C:\Program Files\PestTrap\Uninstall.exe
Risk: Medium

Name: Adware.Systemdoctor
Path: C:\Programme\ICQToolbar\version.txt
Risk: Medium

Name: Not-A-Virus.Downloader.Win32.WinFixer.o
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP55\A0028135.exe
Risk: Low

Name: Adware.VirusBurster
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP55\A0028211.exe
Risk: Medium

Name: Downloader.Zlob.agu
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP55\A0028261.exe
Risk: High

Name: Downloader.Zlob.agu
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029289.exe
Risk: High

Name: Downloader.Zlob.agu
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029427.exe
Risk: High

Name: Adware.ProtectionBar
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029454.dll
Risk: Medium

Name: Adware.Malwarewipe
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029465.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029470.dll
Risk: Medium

Name: Adware.Stud
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029474.dll
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029486.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029488.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029491.dll
Risk: Medium

Name: Not-A-Virus.Downloader.Win32.WinFixer.o
Path: C:\System Volume Information\_restore{5C8E8AAD-D642-4B8D-AA72-C3967775056B}\RP56\A0029496.exe
Risk: Low

---------------------------------------------------------------------------
so, als ich gescannt habe meldete sich mein anti virus!
(virus oder unerwünschtes Programm) (Ist das Trojanische Pferd TR/Dldr. Zlob.AAV)

würde gerne wissen warum ich die ganzen Durchfürungen mache, ich meine was bezwegt es oder erzeugt es, wäre cool sabina wenn du es mir erklären würdest, weil dier ganze sache macht mich langsam neugierig! ;) danke
Seitenanfang Seitenende
22.10.2006, 12:16
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 dein rechner ist verseucht ..du hast Proggies geladen, die man nicht auf dem rechner haben darf..............

Avenger

Zitat

registry keys to delete:
HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
HKLM\SOFTWARE\Classes\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D}
HKLM\SOFTWARE\Classes\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36}
HKLM\SOFTWARE\Classes\Interface\{19DACF08-A207-4271-AA22-C138F512E787}
HKLM\SOFTWARE\Classes\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB}
HKLM\SOFTWARE\Classes\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92}
HKLM\SOFTWARE\Classes\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694}
HKLM\SOFTWARE\Classes\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524}
HKLM\SOFTWARE\Classes\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E}
HKLM\SOFTWARE\Classes\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634}
HKLM\SOFTWARE\Classes\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0}
HKLM\SOFTWARE\Classes\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928}
HKLM\SOFTWARE\Classes\Interface\{58F394DC-8F9C-41AF-99A8-0C5DBD830512}
HKLM\SOFTWARE\Classes\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA}
HKLM\SOFTWARE\Classes\Interface\{6D8D02FB-2877-40CF-8325-B6FFEC0811DA}
HKLM\SOFTWARE\Classes\Interface\{7FB0A17F-60E7-47C6-BBF8-00A0427CF8EF}
HKLM\SOFTWARE\Classes\Interface\{85953437-B661-4DC1-98A6-FC7005B710FC}
HKLM\SOFTWARE\Classes\Interface\{87664F4C-697D-437E-BF90-2FD7C6C0B04C}
HKLM\SOFTWARE\Classes\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685}
HKLM\SOFTWARE\Classes\Interface\{984281D2-E2E0-442D-A2DD-88638F2CE04C}
HKLM\SOFTWARE\Classes\Interface\{9D5ADF27-B3F9-493D-A15E-AB019B9FD18B}
HKLM\SOFTWARE\Classes\Interface\{9DE6DA81-E460-4E25-937D-A3EE1E6FCA27}
HKLM\SOFTWARE\Classes\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E}
HKLM\SOFTWARE\Classes\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A}
HKLM\SOFTWARE\Classes\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB}
HKLM\SOFTWARE\Classes\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB}
HKLM\SOFTWARE\Classes\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509}
HKLM\SOFTWARE\Classes\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4}
HKLM\SOFTWARE\Classes\Interface\{EF215DAD-8E52-4C75-B779-5093B3855E79}
HKLM\SOFTWARE\Classes\Interface\{EF884BC1-EE64-4E8B-AE3D-84037A0D1606}
HKLM\SOFTWARE\Classes\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF}
HKLM\SOFTWARE\Classes\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F}
HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E}
HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006

Files to delete:
C:\Dokumente und Einstellungen\JOSI\Anwendungsdaten\errorsafegermannewreleaseinstall[1].exe

Folders to delete:
C:\Program Files\PestTrap
C:\Programme\ICQToolbar

**
loeschen:
C:\avenger\backup.zip

**
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)

**
dann scanne noch mal mit ewido und berichte ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2006, 14:17
Member

Themenstarter

Beiträge: 26
#15 das macht voll spass , hehe ;)
was sind Proggies?

hier der scann report von ewido, danke:

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Yieldmanager
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@ad.yieldmanager[1].txt
Risk: Medium

Name: TrackingCookie.Falkag
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@as1.falkag[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@atdmt[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Ivwbox
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@ivwbox[2].txt
Risk: Medium

Name: TrackingCookie.Komtrack
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@komtrack[2].txt
Risk: Medium

Name: TrackingCookie.Mediaplex
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@mediaplex[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@msnaccountservices.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.2o7
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@msnportal.112.2o7[1].txt
Risk: Medium

Name: TrackingCookie.Serving-sys
Path: C:\Dokumente und Einstellungen\JOSI\Cookies\josi@serving-sys[1].txt
Risk: Medium

Name: Adware.AntiVermins
Path: HKLM\SOFTWARE\AntiVermins
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
Risk: Medium

Name: Adware.WinAntiVirus
Path: HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{0065CDBC-2439-4365-A7E7-BF5B853BF49D}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{19DACF08-A207-4271-AA22-C138F512E787}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{3E37C978-9E24-42FA-B021-B56CAAFDB694}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{4130008C-5697-4EF5-9EDE-EF8F9F10D524}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{4F4A0564-17DE-4EB2-B29E-6D2E167A3BE0}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{58F394DC-8F9C-41AF-99A8-0C5DBD830512}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{6B067ED9-4AEC-474E-B67E-85EF417D68BA}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{6D8D02FB-2877-40CF-8325-B6FFEC0811DA}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{7FB0A17F-60E7-47C6-BBF8-00A0427CF8EF}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{85953437-B661-4DC1-98A6-FC7005B710FC}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{87664F4C-697D-437E-BF90-2FD7C6C0B04C}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{9188A88D-3D41-4EB6-A7D8-0F6A5266F685}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{984281D2-E2E0-442D-A2DD-88638F2CE04C}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{9D5ADF27-B3F9-493D-A15E-AB019B9FD18B}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{9DE6DA81-E460-4E25-937D-A3EE1E6FCA27}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{B660CDE9-526E-41FE-AB41-773D78BEE31E}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{BF8A0E53-F417-413A-B849-B5C0086EEF8A}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{C36464A1-2D2F-4804-AAF6-F5BD62536ADB}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{CA74BAFC-1F0C-49B1-8A76-5D55085E71FB}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{D0722752-35B5-44E1-A14A-E2A44C41F509}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{EE2EAC90-8B01-49D4-B46C-8E02BDA1F3B4}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{EF215DAD-8E52-4C75-B779-5093B3855E79}
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Classes\Interface\{EF884BC1-EE64-4E8B-AE3D-84037A0D1606}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{F7F932D6-A6BE-4273-9950-ECBD72170DBF}
Risk: Medium

Name: Adware.VirusBurster
Path: HKLM\SOFTWARE\Classes\Interface\{FD34EB96-89FA-43CC-9C37-D1D5B099D28F}
Risk: Medium

Name: Adware.WinAntiVirus
Path: HKLM\SOFTWARE\WinAntiVirus Pro 2006
Risk: Medium

Name: Adware.WinAntiVirus
Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006
Risk: Medium

Name: Adware.WinAntiVirus
Path: HKU\S-1-5-21-484763869-616249376-682003330-1003\Software\WinAntiVirus Pro 2006\Settings
Risk: Medium

Name: Adware.ProtectionBar
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/iesplugin.dll
Risk: Medium

Name: Downloader.Zlob.agu
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/iesuninst.exe
Risk: High

Name: Downloader.Zlob.agu
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/pmmon.exe
Risk: High

Name: Not-A-Virus.Hoax.Win32.Renos.dy
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/pmsngr.exe
Risk: Low

Name: Downloader.Zlob.agu
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/HQVideoCodec/pmuninst.exe
Risk: High

Name: Adware.Malwarewipe
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/MalwareWipe.com/MalwareWipe.com.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/SpOrder.dll
Risk: Medium

Name: Adware.Stud
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/Suchspur.dll
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/ASupdater.dat
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/install.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/PGupdater.dat
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/phigh.bin
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/pmedium.bin
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/pv.exe
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/sqlite3.dll
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/st.dat
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/up.dat
Risk: Medium

Name: Adware.WinAntiVirus
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/WinAntiVirus Pro 2006/worldmap.swf
Risk: Medium

Name: Not-A-Virus.Downloader.Win32.WinFixer.o
Path: C:\avenger\backup-22.10.2006-13.44.37,89.zip/avenger/winantiviruspro2006freeinstall_de[1].exe
Risk: Low

Name: Adware.HotBar
Path: C:\Dokumente und Einstellungen\JOSI\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\D2466FDF-7157-45DA-9B68-FB1E43\F67E2BB9-FD0B-4D6A-8A4E-3CAB58
Risk: Medium

Name: Adware.Hotbar
Path: C:\Programme\HbTools\Bin\4.8.2.0\HbtHostOE.dll
Risk: Medium

Name: Adware.HotBar
Path: C:\Programme\HbTools\Bin\4.8.2.0\HbtOEAddOn.exe
Risk: Medium

Name: Adware.HotBar
Path: C:\Programme\Hotbar
Risk: Medium
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: