Critical System Errors! System Alert!

Thema ist geschlossen!
Thema ist geschlossen!
#0
17.01.2007, 06:51
...neu hier

Beiträge: 8
#1 Hallo,
also habe wie schon so viele auch diese warnungen mit "Critical System Errors! und System Alert!"
habe mir die anderen beiträge schon zum teil durchgelessen aber ich werde daraus ürgendwie nicht schlau (habe alles probiert was ich dachte was funktionieren kan ... aber klappt einfach nicht) mein ganzer PC ist nur noch auf absturz kp ob das was mit den warnungen zu tuhen hatt????
würde mich über ne schnelle ,möglichst genaue hilfe sehr freuen ;)

ah ich drehe fast durch :'(

THX
Seitenanfang Seitenende
17.01.2007, 10:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Riddick-GER

1.
Erstellen eines Hijackthis-Logfiles
http://virus-protect.org/hjtkurz.html

Lade/entpacke HijackThis in einem Ordner
---> None of the above just start the program --> Scan -> Save log --> hijackthis.log - Save - es öffnet sich der Editor

nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
---------------------------------------------------------------

2.
Folgen den Anweisungen unter
http://virus-protect.org/cleanup.html
und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht)

3.
combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 12:21
...neu hier

Themenstarter

Beiträge: 8
#3 Logfile of HijackThis v1.99.1
Scan saved at 09:27:45, on 09.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Key Generator\pmsngr.exe
D:\Programme\Alwil Software\Avast4\ashDisp.exe
D:\Programme\CursorXP\CursorXP.exe
D:\Programme\Key Generator\pmmon.exe
D:\Programme\Alwil Software\Avast4\aswUpdSv.exe
D:\Programme\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Programme\Windows Defender\MsMpEng.exe
D:\Programme\Windows Defender\MSASCui.exe
D:\PROGRA~1\eScan\TRAYSSER.EXE
D:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
D:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
D:\PROGRA~1\eScan\MAILDISP.EXE
D:\PROGRA~1\ESCAN\SPOOLER.EXE
D:\PROGRA~1\eScan\MAILSCAN.EXE
D:\PROGRA~1\eScan\kavss.exe
D:\PROGRA~1\eScan\AVPMWrap.EXE
D:\PROGRA~1\eScan\AvpM.exe
D:\PROGRA~1\eScan\avpm.exe
D:\Programme\Google-Translator\googletranslator.exe
D:\Programme\Alwil Software\Avast4\ashSimpl.exe
D:\Programme\Alwil Software\Avast4\ashMaiSv.exe
D:\Programme\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\taskmgr.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Dokumente und Einstellungen\Riddick (GER)\Desktop\Neuer Ordner\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = microsoft.com;windowsupdate.microsoft.com;v4.windowsupdate.microsoft.com;v5.windowsupdate.microsoft.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuDD\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - D:\Programme\ICQToolbar\tbuDD\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Programme\NewDotNet\newdotnet7_48.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\tbuDD\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "D:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MailScan Dispatcher] "D:\Programme\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] D:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] D:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\RunOnce: [mwavscan] "D:\PROGRA~1\eScan\mwavscan.com" /s
O4 - HKCU\..\Run: [avast! service GUI component] D:\Programme\Alwil Software\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CursorXP] "D:\Programme\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6\icq.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6\icq.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\mwtsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163946935843
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - D:\WINDOWS\system32\vcehaeb.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - D:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Programme\ISO Recorder\ImapiHelper.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - D:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - D:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: NBService - Nero AG - E:\PROGRAMME\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - D:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - D:\Programme\Virtual CD v8\System\VC8SecS.exe
Seitenanfang Seitenende
17.01.2007, 12:26
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 2.
Folgen den Anweisungen unter
http://virus-protect.org/cleanup.html
und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht)

3.
combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 12:49
...neu hier

Themenstarter

Beiträge: 8
#5 bei 2 konnt ich ne option nicht anstellen die an sein solte (Delete Prefetch files ,war grau)



"Riddick (GER)" - 07-01-09 9:07:01 Service Pack 2
ComboFix 07-01-16.2 - Running from: "D:\Dokumente und Einstellungen\Riddick (GER)\Desktop\Neuer Ordner"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\SVKP.sys
D:\WINDOWS\system32\taskmgr.com
D:\WINDOWS\system32\winlogon.dll
D:\WINDOWS\REGEDIT.com


((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))


2007-01-09 09:51 <DIR> d-------- D:\Programme\Aspell
2007-01-09 09:49 <DIR> d-------- D:\Programme\Gaim
2007-01-09 09:45 <DIR> d-------- D:\PUB
2007-01-09 09:44 950,272 --a------ D:\WINDOWS\system32\contfilt.dll
2007-01-09 09:44 93,932 --a------ D:\WINDOWS\winsbak2.reg
2007-01-09 09:44 508,928 --a------ D:\WINDOWS\system32\eInstall.exe
2007-01-09 09:44 41,984 --a------ D:\WINDOWS\killproc.exe
2007-01-09 09:44 153,600 --a------ D:\WINDOWS\R.COM
2007-01-09 09:44 140,800 --a------ D:\WINDOWS\system32\T.COM
2007-01-09 09:44 138,000 --a------ D:\WINDOWS\system32\drivers\klif108.sys
2007-01-09 09:44 12,946 --a------ D:\WINDOWS\winsbak.reg
2007-01-09 09:44 118,784 --a------ D:\WINDOWS\system32\mwnsp.dll
2007-01-09 09:44 117,008 --a------ D:\WINDOWS\system32\drivers\klif50.sys
2007-01-09 09:44 <DIR> d-------- D:\Programme\Gemeinsame Dateien\MicroWorld
2007-01-09 09:44 <DIR> d-------- D:\DOKUME~1\REMOTE~1\Vorlagen
2007-01-09 09:44 <DIR> d-------- D:\DOKUME~1\REMOTE~1\Startmen
2007-01-09 09:44 <DIR> d-------- D:\DOKUME~1\REMOTE~1\Favoriten
2007-01-09 09:44 <DIR> d-------- D:\DOKUME~1\REMOTE~1\Dokumente
2007-01-09 09:44 <DIR> d-------- D:\DOKUME~1\REMOTE~1\Anwendungsdaten
2007-01-09 09:44 <DIR> d-------- D:\DOKUME~1\LOCALS~1\Vorlagen
2007-01-09 09:44 <DIR> d-------- D:\DOKUME~1\LOCALS~1\Favoriten
2007-01-09 09:44 <DIR> d-------- D:\DOKUME~1\LOCALS~1\Dokumente
2007-01-09 09:43 9,488 --a------ D:\WINDOWS\sporder.dll
2007-01-09 09:43 7,680 --a------ D:\WINDOWS\sporder.exe
2007-01-09 09:43 40,448 --a------ D:\WINDOWS\inst_tsp.exe
2007-01-09 09:43 339,968 --a------ D:\WINDOWS\system32\mwtsp.dll
2007-01-09 09:43 32,768 --a------ D:\WINDOWS\system32\esmxlog.dll
2007-01-09 09:43 130,560 --a------ D:\WINDOWS\system32\ZIPDLL.DLL
2007-01-09 09:43 125,440 --a------ D:\WINDOWS\system32\UNZDLL.DLL
2007-01-09 09:43 <DIR> d-------- D:\WINDOWS\system32\FLCSS.EXE
2007-01-09 09:43 <DIR> d-------- D:\WINDOWS\system32\ES_SETUP
2007-01-09 09:43 <DIR> d-------- D:\Programme\eScan
2007-01-09 09:43 <DIR> d-------- D:\AVPDOS
2007-01-09 09:39 <DIR> d-------- D:\Programme\Windows Defender
2007-01-09 09:35 <DIR> d-a------ D:\DOKUME~1\ALLUSE~1\Anwendungsdaten\TEMP
2007-01-09 09:27 <DIR> d-------- D:\Programme\AntiVerminser
2007-01-09 09:26 20,992 --a------ D:\WINDOWS\system32\gwquvw.dll
2007-01-09 09:26 1,392 --a------ D:\WINDOWS\system32\tmp.reg
2007-01-09 09:26 <DIR> d-------- D:\Programme\Key Generator
2007-01-09 09:22 <DIR> d-------- D:\Programme\SpyCQ

2007-01-09 09:21 79,360 --a------ D:\WINDOWS\system32\swxcacls.exe
2007-01-09 09:21 53,248 --a------ D:\WINDOWS\system32\Process.exe
2007-01-09 09:21 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2007-01-09 09:21 40,960 --a------ D:\WINDOWS\system32\swsc.exe
2007-01-09 09:21 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2007-01-09 09:21 135,168 --a------ D:\WINDOWS\system32\swreg.exe
2007-01-09 09:03 <DIR> d-------- D:\WINDOWS\Prefetch
2006-12-12 17:25 806,912 --a------ D:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 17:25 806,912 --a------ D:\WINDOWS\system32\divx_xx07.dll
2006-12-12 17:25 790,528 --a------ D:\WINDOWS\system32\divx_xx11.dll
2006-12-12 17:25 53,248 --a------ D:\WINDOWS\system32\dpuGUI10.dll
2006-12-12 17:25 294,912 --a------ D:\WINDOWS\system32\dpu10.dll
2006-12-12 17:24 12,288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll
2006-12-12 17:24 118,784 --a------ D:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-12-09 20:49 <DIR> d-------- D:\Programme\ScanSoft
2006-12-09 20:23 <DIR> d-------- D:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Apple Computer
2006-12-09 20:14 180,224 --a------ D:\DVDrip.exe
2006-12-09 20:13 <DIR> d-------- D:\Programme\Combined Community Codec Pack
2006-12-09 20:12 266,240 --a------ D:\unicnv.exe
2006-12-09 20:10 80,896 --a------ D:\WINDOWS\system32\charmap.exe
2006-12-09 20:10 73,216 --a------ D:\WINDOWS\system32\avwav.dll
2006-12-09 20:10 683,520 --a------ D:\WINDOWS\system32\getuname.dll
2006-12-09 20:10 5,632 --a------ D:\WINDOWS\system32\write.exe
2006-12-09 20:10 44,544 --a------ D:\WINDOWS\system32\hticons.dll
2006-12-09 20:10 35,840 --a------ D:\WINDOWS\system32\winchat.exe
2006-12-09 20:10 232,960 --a------ D:\WINDOWS\system32\avtapi.dll
2006-12-09 20:10 16,384 --a------ D:\WINDOWS\system32\avmeter.dll
2006-12-09 20:10 139,776 --a------ D:\WINDOWS\system32\sndvol32.exe
2006-12-09 20:10 114,688 --a------ D:\WINDOWS\system32\calc.exe
2006-12-09 20:05 315,392 --a------ D:\WINDOWS\system32\rlls.dll
2006-12-09 20:05 302,592 --a------ D:\WINDOWS\unin0407.exe
2006-12-09 20:02 8,464 --a------ D:\WINDOWS\system32\sporder.dll
2006-12-09 20:02 1,429,504 --a------ D:\WINDOWS\system32\rlvknlg.exe

2006-12-09 20:02 <DIR> d-a-s---- D:\Programme\NewDotNet
2006-12-09 20:00 <DIR> d-------- D:\Programme\ThatOpenBits

2006-12-09 19:53 <DIR> d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\dvdcss
2006-12-09 18:51 673 --a------ D:\WINDOWS\ALGK.BAT
2006-12-09 09:57 <DIR> d-------- D:\Programme\thriXXX
2006-12-09 09:57 <DIR> d-------- D:\neotracepro
2006-12-09 09:54 17,480 --a------ D:\WINDOWS\system32\drivers\hamachi.sys
2006-12-09 09:54 <DIR> d-------- D:\Programme\Hamachi
2006-12-09 09:54 <DIR> d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\Hamachi
2006-12-09 09:51 <DIR> d-------- D:\Programme\PwdRec
2006-12-09 09:50 90,112 --a------ D:\WINDOWS\unvise32.exe
2006-12-09 09:50 <DIR> d---s---- D:\Programme\Xfire
2006-12-09 09:50 <DIR> d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\Xfire
2006-12-09 09:48 <DIR> d-------- D:\Programme\Postal2
2006-12-09 09:46 358,400 --a------ D:\HTTPbgrabber.exe
2006-12-09 09:45 29,696 --a------ D:\WINDOWS\system32\sfx32.dll
2006-12-09 09:45 <DIR> d-------- D:\Programme\SFT Loader
2006-12-09 09:45 <DIR> d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\ASCON Installer
2006-12-09 09:41 297,984 --a------ D:\WINDOWS\system32\midas.dll
2006-12-09 09:40 <DIR> d-------- D:\Programme\QuickTime
2006-12-09 09:39 <DIR> d-------- D:\Programme\Apple Software Update
2006-12-09 09:38 <DIR> d-------- D:\Programme\X-NetStat Professional
2006-12-09 09:36 <DIR> d-------- D:\WINDOWS\DC10plus.drv
2006-12-09 09:35 73,216 --a------ D:\WINDOWS\ST6UNST.EXE
2006-12-09 09:35 249,856 --------- D:\WINDOWS\Setup1.exe
2006-12-09 09:35 2,019 --a------ D:\WINDOWS\NewRecorder.reg
2006-12-09 09:35 <DIR> d-------- D:\Programme\CursorXP
2006-12-09 09:34 <DIR> d-------- D:\Programme\Steinberg
2006-12-09 09:34 <DIR> d-------- D:\Programme\Gemeinsame Dateien\Jasc Software Inc
2006-12-09 09:34 <DIR> d-------- D:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Nero
2006-12-09 09:34 <DIR> d-------- D:\DOKUME~1\ALLUSE~1\Anwendungsdaten\InstallShield
2006-12-09 09:33 <DIR> d-------- D:\Programme\Jasc Software Inc
2006-12-09 09:32 <DIR> d-------- D:\DOKUME~1\ALLUSE~1\Anwendungsdaten\WinZip
2006-12-09 09:31 <DIR> d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\Apple Computer
2006-12-09 09:30 <DIR> d-------- D:\Programme\WinAce
2006-12-09 09:29 <DIR> d-------- D:\Programme\Google-Translator
2006-12-09 09:25 79,360 --a------ D:\WINDOWS\system32\lfeps13s.dll
2006-12-09 09:25 74,752 --a------ D:\WINDOWS\system32\lfgif13s.dll
2006-12-09 09:25 466,624 --a------ D:\WINDOWS\system32\LTRPR13n.DLL
2006-12-09 09:25 401,408 --a------ D:\WINDOWS\system32\pvmjpg30.dll
2006-12-09 09:25 194,248 --a------ D:\WINDOWS\system32\LTRFD13n.DLL
2006-12-09 09:25 185,856 --a------ D:\WINDOWS\system32\lfpng13s.dll
2006-12-09 09:25 <DIR> d-------- D:\Programme\DAMN NFO Viewer
2006-12-09 09:24 930,992 --------- D:\WINDOWS\system32\Ltr13n.dll
2006-12-09 09:24 884,736 --------- D:\WINDOWS\system32\LMUIRes.dll
2006-12-09 09:24 80,896 --------- D:\WINDOWS\system32\lfwmf13s.dll
2006-12-09 09:24 76,800 --------- D:\WINDOWS\system32\Lfwmf13n.dll
2006-12-09 09:24 73,728 --------- D:\WINDOWS\system32\MMAviAx.dll
2006-12-09 09:24 73,728 --------- D:\WINDOWS\system32\lffax13n.dll
2006-12-09 09:24 70,144 --------- D:\WINDOWS\system32\lfbmp13s.dll
2006-12-09 09:24 65,536 --------- D:\WINDOWS\system32\lfpcx13s.dll
2006-12-09 09:24 65,536 --------- D:\WINDOWS\system32\Lfpct13n.dll
2006-12-09 09:24 64,512 --------- D:\WINDOWS\system32\lftga13s.dll
2006-12-09 09:24 59,904 --------- D:\WINDOWS\system32\lfpcd13s.dll
2006-12-09 09:24 453,120 --------- D:\WINDOWS\system32\ltkrn13n.dll
2006-12-09 09:24 409,600 --------- D:\WINDOWS\system32\LFCMP13s.DLL
2006-12-09 09:24 393,216 --------- D:\WINDOWS\system32\LFCMP13n.DLL
2006-12-09 09:24 306,352 --------- D:\WINDOWS\system32\Ltrio13n.dll
2006-12-09 09:24 30,208 --------- D:\WINDOWS\system32\lfbmp13n.dll
2006-12-09 09:24 283,648 --------- D:\WINDOWS\system32\LFJ2K13s.dll
2006-12-09 09:24 278,016 --------- D:\WINDOWS\system32\LFJ2K13n.dll
2006-12-09 09:24 24,576 --------- D:\WINDOWS\system32\lftga13n.dll
2006-12-09 09:24 2,079,232 --------- D:\WINDOWS\system32\LTCLR13s.dll
2006-12-09 09:24 167,936 --------- D:\WINDOWS\system32\lftif13s.dll
2006-12-09 09:24 153,088 --------- D:\WINDOWS\system32\ltfil13n.DLL
2006-12-09 09:24 143,360 --------- D:\WINDOWS\system32\lftif13n.dll
2006-12-09 09:24 126,976 --------- D:\WINDOWS\system32\AVIPrAx.dll
2006-12-09 09:24 12,288 --------- D:\WINDOWS\system32\LMLRes.dll
2006-12-09 09:24 116,224 --------- D:\WINDOWS\system32\lffax13s.dll
2006-12-09 09:24 110,080 --------- D:\WINDOWS\system32\lfpsd13s.dll
2006-12-09 09:24 105,984 --------- D:\WINDOWS\system32\lfpct13s.dll
2006-12-09 09:24 1,693,696 --------- D:\WINDOWS\system32\LTCLR13n.dll
2006-12-09 09:24 1,013,248 --------- D:\WINDOWS\system32\Ltwvc13n.dll
2006-12-09 09:22 <DIR> d-------- D:\Programme\Moopeg
2006-12-09 09:18 <DIR> d-------- D:\Programme\GoldEsel
2006-12-09 09:18 <DIR> d-------- D:\Programme\Ahead
2006-12-09 09:18 <DIR> d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\vlc
2006-12-09 09:17 <DIR> d-------- D:\Programme\Common Files
2006-12-09 09:16 84,992 --a------ D:\WINDOWS\system32\ATL70.DLL
2006-12-09 09:16 <DIR> d-------- D:\WINDOWS\system32\custom matrices
2006-12-09 09:16 <DIR> d-------- D:\WINDOWS\system32\C2MP
2006-12-09 09:16 <DIR> d-------- D:\Programme\SmartSound Software
2006-12-09 09:16 <DIR> d-------- D:\DOKUME~1\ALLUSE~1\Anwendungsdaten\SmartSound Software Inc
2006-12-09 09:15 974,848 --a------ D:\WINDOWS\system32\MFC70.DLL
2006-12-09 09:15 964,608 --a------ D:\WINDOWS\system32\MFC70U.DLL
2006-12-09 09:15 65,536 --a------ D:\WINDOWS\system32\MFC71DEU.DLL
2006-12-09 09:15 61,440 --a------ D:\WINDOWS\system32\MFC71ITA.DLL
2006-12-09 09:15 61,440 --a------ D:\WINDOWS\system32\MFC71FRA.DLL
2006-12-09 09:15 61,440 --a------ D:\WINDOWS\system32\MFC71ESP.DLL
2006-12-09 09:15 57,856 --a------ D:\WINDOWS\system32\masd32.dll
2006-12-09 09:15 57,344 --a------ D:\WINDOWS\system32\MFC71ENU.DLL
2006-12-09 09:15 54,784 --a------ D:\WINDOWS\system32\MSVCI70.DLL
2006-12-09 09:15 49,152 --a------ D:\WINDOWS\system32\MFC71KOR.DLL
2006-12-09 09:15 49,152 --a------ D:\WINDOWS\system32\MFC71JPN.DLL
2006-12-09 09:15 45,056 --a------ D:\WINDOWS\system32\MFC71CHT.DLL
2006-12-09 09:15 40,960 --a------ D:\WINDOWS\system32\MFC71CHS.DLL
2006-12-09 09:15 196,096 --a------ D:\WINDOWS\system32\macd32.dll
2006-12-09 09:15 138,752 --a------ D:\WINDOWS\system32\mase32.dll
2006-12-09 09:15 136,192 --a------ D:\WINDOWS\system32\mamc32.dll
2006-12-09 09:15 1,047,552 --a------ D:\WINDOWS\system32\MFC71u.DLL
2006-12-09 09:15 <DIR> d-------- D:\WINDOWS\Downloaded Installations
2006-12-09 09:14 41,219 --a------ D:\WINDOWS\RSETPATH.exe
2006-12-09 09:14 27,648 --a------ D:\WINDOWS\system32\ma32.dll
2006-12-09 09:14 171,008 --a------ D:\WINDOWS\system32\drivers\MarvinBus.sys
2006-12-09 09:13 49,152 --a------ D:\WINDOWS\system32\PCLEGetGuid.dll
2006-12-09 09:13 <DIR> d-------- D:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Pinnacle Studio
2006-12-09 09:12 <DIR> d-------- D:\Programme\Gemeinsame Dateien\xing shared
2006-12-09 09:11 <DIR> d-------- D:\Programme\Real
2006-12-09 09:11 <DIR> d-------- D:\DOKUME~1\RIDDIC~1\Alphaload
2006-12-09 09:10 <DIR> d-------- D:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Pinnacle
2006-12-09 09:09 14,165 --a------ D:\WINDOWS\system32\drivers\Pclepci.sys
2006-12-09 09:08 21,504 --a------ D:\WINDOWS\jestertb.dll
2006-12-09 09:04 <DIR> d-------- D:\Documents and Settings
2006-12-09 09:01 2,829 --a------ D:\WINDOWS\War3Unin.pif
2006-12-09 09:01 <DIR> d-------- D:\Programme\7-Zip
2006-12-09 09:00 139,264 --a------ D:\WINDOWS\War3Unin.exe
2006-12-09 08:59 <DIR> d-------- D:\Programme\Pinnacle
2006-12-09 08:58 <DIR> d-------- D:\Programme\MSXML 4.0
2006-12-09 08:57 251,532 --a------ D:\superscan.exe
2006-12-09 08:57 <DIR> d-------- D:\Programme\SuperScan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-09 09:37 -------- d-------- D:\Programme\icqlite
2007-01-09 09:22 -------- d-------- D:\Programme\tuneup utilities 2007
2007-01-09 09:09 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\usenext
2007-01-09 09:05 -------- d-------- D:\Programme\mozilla firefox
2006-12-12 17:30 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2006-12-09 20:45 -------- d-------- D:\Programme\franzis
2006-12-09 20:30 -------- d-------- D:\Programme\divx
2006-12-09 20:22 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\thatopenbits
2006-12-09 20:10 -------- d-------- D:\Programme\windows nt
2006-12-09 20:08 86016 --a------ D:\WINDOWS\system32\openal32.dll
2006-12-09 20:08 413696 --a------ D:\WINDOWS\system32\wrap_oal.dll
2006-12-09 19:50 -------- d-------- D:\Programme\getright
2006-12-09 18:24 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\vidalia
2006-12-09 09:50 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\ahead
2006-12-09 09:47 -------- d-------- D:\Programme\Gemeinsame Dateien\ahead
2006-12-09 09:43 -------- d-------- D:\Programme\hostscan
2006-12-09 09:41 -------- d-------- D:\Programme\anti-leech
2006-12-09 09:39 -------- d-------- D:\Programme\Gemeinsame Dateien\totem shared

2006-12-09 09:38 -------- d-------- D:\Programme\winavivideoconverter
2006-12-09 09:38 -------- d-------- D:\Programme\netpumper
2006-12-09 09:35 -------- d-------- D:\Programme\nlite
2006-12-09 09:34 -------- d-------- D:\Programme\Gemeinsame Dateien\installshield
2006-12-09 09:33 -------- d-------- D:\Programme\astonsoft
2006-12-09 09:19 -------- d--h----- D:\Programme\installshield installation information
2006-12-09 09:17 -------- d-------- D:\Programme\jap
2006-12-09 09:17 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\real
2006-12-09 09:15 -------- d-------- D:\Programme\java
2006-12-09 09:12 -------- d-------- D:\Programme\Gemeinsame Dateien\real
2006-12-09 09:10 -------- d-------- D:\Programme\windows media connect 2
2006-12-09 09:00 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\audacity
2006-12-09 08:59 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\microsoft
2006-11-29 00:43 18688 --a------ D:\WINDOWS\system32\drivers\AnyDVD.sys
2006-11-23 16:45 24072 --a------ D:\WINDOWS\system32\uxtuneup.dll
2006-11-19 15:56 -------- d-------- D:\Programme\wincustomize
2006-11-19 15:56 -------- d-------- D:\Programme\Gemeinsame Dateien\stardock
2006-11-19 15:53 -------- d-------- D:\Programme\usenext
2006-11-19 15:50 -------- d-------- D:\Programme\ultraiso
2006-11-19 15:49 639224 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2006-11-19 15:48 -------- d-------- D:\Programme\icq6
2006-11-19 15:48 -------- d-------- D:\Programme\Gemeinsame Dateien\ezb systems
2006-11-19 15:48 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\icq
2006-11-19 15:46 -------- d-------- D:\Programme\avisynth 2.5
2006-11-19 15:45 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\tor
2006-11-19 15:44 -------- d-------- D:\Programme\privoxy
2006-11-19 15:43 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\divx
2006-11-19 15:41 -------- d-------- D:\Programme\openvideoconverter
2006-11-19 15:40 -------- d-------- D:\Programme\liutilities
2006-11-19 15:39 -------- d-------- D:\Programme\badongo
2006-11-19 15:38 2323072 --a------ D:\WINDOWS\system32\tukernel.exe
2006-11-19 15:38 -------- d-------- D:\Programme\counterpath
2006-11-19 15:36 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\deepburner
2006-11-19 15:34 98304 --a------ D:\WINDOWS\system32cmdlineext.dll
2006-11-19 15:33 -------- d-------- D:\Programme\iso recorder
2006-11-19 15:32 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\teamspeak2
2006-11-19 15:30 -------- d-------- D:\Programme\openal
2006-11-19 15:28 -------- d-------- D:\Programme\invisible browsing
2006-11-19 15:26 -------- d-------- D:\Programme\slysoft
2006-11-19 15:26 -------- d-------- D:\Programme\miranda im
2006-11-19 15:23 -------- d-------- D:\Programme\radvideo
2006-11-19 15:20 -------- d-------- D:\Programme\lavalys
2006-11-19 15:20 -------- d-------- D:\Programme\audacity 1.3 beta (unicode)
2006-11-19 15:17 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\ashampoo
2006-11-19 15:16 -------- d-------- D:\Programme\ashampoo
2006-11-19 15:13 -------- d-------- D:\Programme\stardock
2006-11-19 15:09 3762176 --a------ D:\WINDOWS\system32\logonuix.exe
2006-11-19 15:07 1700352 --a------ D:\WINDOWS\system32\gdiplus.dll
2006-11-19 15:07 -------- d-------- D:\Programme\teamspeak2_rc2
2006-11-19 15:06 163644 --a------ D:\WINDOWS\system32\drivers\secdrv.sys
2006-11-19 15:04 17920 --a------ D:\WINDOWS\system32\vcehaeb.dll
2006-11-19 15:04 -------- d-------- D:\Programme\roxio
2006-11-19 15:03 -------- d-------- D:\Programme\video activex object
2006-11-19 15:02 -------- d-------- D:\Programme\Gemeinsame Dateien\wise installation wizard
2006-11-19 15:00 40960 --a------ D:\WINDOWS\windowssecurityupdate.exe
2006-11-19 15:00 -------- d-------- D:\Programme\creative labs
2006-11-19 14:59 223128 --a------ D:\WINDOWS\system32\drivers\vaxscsi.sys
2006-11-19 14:59 -------- d-------- D:\Programme\eidosnet
2006-11-19 14:59 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\slysoft
2006-11-19 14:59 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\netpumper
2006-11-19 14:58 -------- d-------- D:\Programme\proxy checker
2006-11-19 14:58 -------- d-------- D:\Programme\daemontools_whenusave_installer
2006-11-19 14:58 -------- d-------- D:\Programme\daemon tools

2006-11-19 14:58 -------- d-------- D:\DOKUME~1\RIDDIC~1\Anwendungsdaten\help
2006-11-17 01:01 17920 --a------ D:\YASU.exe
2006-11-08 06:06 679424 --a------ D:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ D:\WINDOWS\system32\msxml4.dll
2006-11-04 13:40 81920 --a------ D:\WINDOWS\system32\elbycdio.dll
2006-10-24 20:33 8282112 --a------ D:\WINDOWS\system32\wmploc.dll
2006-10-24 20:04 99840 --a------ D:\WINDOWS\system32\wmpshell.dll



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"avast! service GUI component"="D:\\Programme\\Alwil Software\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Windows Defender"="\"D:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"MailScan Dispatcher"="\"D:\\Programme\\eScan\\LAUNCH.EXE\""
"eScan Updater"="D:\\PROGRA~1\\eScan\\TRAYICOS.EXE /App"
"eScan Monitor"="D:\\PROGRA~1\\eScan\\AVPMWrap.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"STYLEXP"="D:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"AnyDVD"="D:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe"
"IW_Drop_Icon"="D:\\Programme\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe /DropDisc"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"VC8Player"="D:\\Programme\\Virtual CD v8\\System\\VC8Play.exe"
"RivaTunerStartupDaemon"="\"C:\\Programme\\RivaTuner v2.0 RC 16.1\\RivaTuner.exe\" /S"
"DAEMON Tools"="\"D:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"LogonStudio"="\"D:\\Programme\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="D:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="\"D:\\Programme\\Java\\jre1.6.0\\bin\\jusched.exe\""
"TkBellExe"="\"D:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"PinnacleDriverCheck"="D:\\WINDOWS\\system32\\\\PSDrvCheck.exe"
"QuickTime Task"="\"D:\\Programme\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"flammei"="{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="D:\\Programme\\Key Generator\\pmsngr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\1-Klick-Wartung.job
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-09 9:13:03
Dieser Beitrag wurde am 17.01.2007 um 13:02 Uhr von Riddick-GER editiert.
Seitenanfang Seitenende
17.01.2007, 13:30
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 http://virus-protect.org/artikel/tools/agentransack.html
kopiere rein:
AntiVerminser

und postelaut Anleitung, was erscheint
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 13:55
...neu hier

Themenstarter

Beiträge: 8
#7 D:\Programme\AntiVerminser (09.01.2007 09:33:06)

und jetzt ? Löschen ?
Dieser Beitrag wurde am 17.01.2007 um 15:21 Uhr von Riddick-GER editiert.
Seitenanfang Seitenende
17.01.2007, 16:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 1.
LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing" -- Remove
- und lösche die newdotnet7_48.dll - falls es sie gibt - keine andere !!!(eventuell musst du die dll von links nach rechts bringen) + Remove


2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|none
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVerminser
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|carbinyl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|flammei
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{8d8c2387-7f80-4022-9be6-43630a969558}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{9d635a36-6b3c-4146-8625-f3aaf507bbf8}

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net
HKEY_LOCAL_MACHINE\Software\New.net
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVerminser.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVerminser
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AntiVerminser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

Files to delete:
D:\WINDOWS\system32\rlvknlg.exe
D:\WINDOWS\system32\sporder.dll
D:\WINDOWS\system32\tmp.reg
D:\Programme\daemontools_whenusave_installer
D:\WINDOWS\system32\gwquvw.dll
D:\WINDOWS\system32\vcehaeb.dll
D:\WINDOWS\windowssecurityupdate.exe

Folders to delete:
D:\Programme\Video ActiveX Object
D:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\netpumper
D:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\thatopenbits
D:\Programme\ThatOpenBits
D:\Programme\SpyCQ
D:\Programme\daemontools_whenusave_installer
D:\Programme\daemon tools
D:\Programme\hostscan
D:\Programme\anti-leech
D:\Programme\Gemeinsame Dateien\totem shared
D:\Programme\netpumper
D:\Programme\AntiVerminser
D:\Programme\Key Generator
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

»»
deinstalliere:
D:\Programme\NewDotNet

»»
scanne mit counterspy, stelle nach dem scan alles auf remove und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 17:20
...neu hier

Themenstarter

Beiträge: 8
#9

Zitat

scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
geht net da kommt das hier :


lol nen bischen klein ;) http://www.directupload.net/file/d/945/gVWKQAIS_jpg.htm
Seitenanfang Seitenende
17.01.2007, 17:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 ich nehme an, dein Antivirenscanner hat den kompletten Download verhindert.
lade noch mal, deaktiviere vorher dein Antivirenprogramm.
dann musst du das proggie auch entzippen

dann deinstalliere NewDotNet und scanne mit counterspy - poste den report hier
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 18:21
...neu hier

Themenstarter

Beiträge: 8
#11 hmm .... ;)
kp warum das nicht geht habe antiviren programm aus gemacht und die Prozesse beendet geht immer noch nicht der kan nur dei anderen 11 dateien entpacken aber bei der reboot.exe macht er entweder ganichts oder da steht den das CRC fehler ist (habe die datei auch nach fehlern untersucht ,da sagt er das die alle in guten zustannd sind hmm ... ,neu geloadet habe ich das jetzt auch schon 6 mal und neugestartet und neu geloadet ... geht immer noch nicht ...) ;)
Seitenanfang Seitenende
17.01.2007, 18:41
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 kein Problem - der Counterspy wird es erledigen - scanne, stelle alles auf remove und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 21:27
...neu hier

Themenstarter

Beiträge: 8
#13 Spyware Scan Details
Start Date: 09.01.2007 09:12:10
End Date: 09.01.2007 09:16:38
Total Time: 4 mins 28 secs

Detected spyware

Marketscore.RelevantKnowledge Adware (General) more information...
Status: Deleted

Infected files detected
d:\windows\system32\rk.bin


Trojan.Unclassified.gen Trojan more information...
Status: Deleted

Infected files detected
d:\windows\system32\syspr.prx


Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information...
Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs
Status: Deleted

Infected files detected
D:\Programme\Alcohol Soft\Alcohol 120\run.exe

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\iexplore Type 3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\iexplore Count 17
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\iexplore Time


DriveCleaner Rogue Security Program more information...
Details: DriveCleaner is a system cleaning program from Winsoftware that is typically installed through aggressive, badgering pop-ups sprung on users in confusing circumstances.
Status: Deleted

Infected files detected
D:\Programme\Gemeinsame Dateien\DriveCleaner Free\udcpas.exe
D:\Programme\Gemeinsame Dateien\DriveCleaner Free\udcsdr.exe
d:\programme\drivecleaner free\udcpchk.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\UDCPChk.UDCPChk.1
HKEY_CLASSES_ROOT\UDCPChk.UDCPChk.1\CLSID {943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}
HKEY_CLASSES_ROOT\UDCPChk.UDCPChk.1 CheckProduct Class
HKEY_CLASSES_ROOT\UDCPChk.UDCPChk
HKEY_CLASSES_ROOT\UDCPChk.UDCPChk\CLSID {943B96A4-9BF6-42fe-8D0B-4BCA71C3632F}
HKEY_CLASSES_ROOT\UDCPChk.UDCPChk\CurVer UDCPChk.UDCPChk.1
HKEY_CLASSES_ROOT\UDCPChk.UDCPChk CheckProduct Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 Inno Setup: Setup Version 5.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 Inno Setup: App Path D:\Programme\DriveCleaner Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 InstallLocation D:\Programme\DriveCleaner Free\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 Inno Setup: Icon Group DriveCleaner Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 Inno Setup: User Riddick (GER)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 Inno Setup: Selected Tasks desktopicon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 Inno Setup: Deselected Tasks quicklaunchicon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 DisplayName DriveCleaner Free 1.0.51.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 UninstallString "D:\Programme\DriveCleaner Free\unins000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 QuietUninstallString "D:\Programme\DriveCleaner Free\unins000.exe" /SILENT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 Publisher DriveCleaner, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 URLInfoAbout http://www.drivecleaner.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 HelpLink http://www.drivecleaner.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 URLUpdateInfo http://www.drivecleaner.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 NoModify 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1 NoRepair 1


MyNetProtector Rogue Security Program more information...
Status: Deleted

Infected files detected
E:\Spiele\Counter-Strike\cstrike_german\sound\misc\monsterkill.wav


Backdoor.Win32.Bifrose.aam Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Isoaq Trojan more information...
Details: JUST BY GETTING SOMEONE'S DB FILES AND USING THIS PATCH YOU CAN: STEAL VICTIM'S PASSWORD, LOAD THEIR CONTACT LIST, VIEW THEIR HISTORY, LOGON TO THE SERVER PRETENDING YOU'RE THEM, RECEIVE SERVER-STORED MESSAGES...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\BNL
HKEY_CURRENT_USER\Software\BNL\ISoaQ\PTProtLegend PTProtLegend2 Old/Clone
HKEY_CURRENT_USER\Software\BNL\ISoaQ\PTProtLegend PTProtLegend3 Old/Clone
HKEY_CURRENT_USER\Software\BNL\ISoaQ\PTProtLegend PTProtLegend4 98/Clone
HKEY_CURRENT_USER\Software\BNL\ISoaQ\PTProtLegend PTProtLegend5 ICQ98
HKEY_CURRENT_USER\Software\BNL\ISoaQ\PTProtLegend PTProtLegend6 ICQ99
HKEY_CURRENT_USER\Software\BNL\ISoaQ\PTProtLegend PTProtLegend7 ICQ2000
HKEY_CURRENT_USER\Software\BNL\ISoaQ\PTProtLegend PTProtLegend8 ICQ2001
HKEY_CURRENT_USER\Software\BNL\ISoaQ LastVersionLaunched ISoaQ 0.73
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTAutoStartICQ 0
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTStartMinimized 0
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTHeuristicsBanners 0
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTICQVerIndex 0
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTICQPathFName icq.exe
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTAutoClosePTICQTerm 0
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTAutoMinimPTICQTerm 1
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTNoAuthSearchMode 0
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTCheckICQAutoUpdates 1
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTALC
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTALCW
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTLogStatusTxt 1
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTLogCLHistory 1
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTTracerouteCommand tracert.exe %IP
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTPingCommand ping.exe %IP
HKEY_CURRENT_USER\Software\BNL\ISoaQ PTSavedICQAppPath ICQ.exe


Backdoor.Bifrose.D Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Backdoor.Win32.Bifrose.dg Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


System Surveillance Pro Commercial Key Logger more information...
Details: System Surveillance Pro is a keylogger that logs keystrokes of the user's PC invisibly in the background.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\{A1C8B6D7-1895-48EC-B925-BAD191D239CD}
HKEY_CLASSES_ROOT\AppID\{A1C8B6D7-1895-48EC-B925-BAD191D239CD} ciaSCls20


Portal Of Doom RAT more information...
Details: Portal Of Doom allows the attacker complete remote control over the victims PC.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven folder D:\editserver.exe und 4 weitere Datei(en)\
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_count 4
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_1 ip scanner
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_2 IP tool
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_3 file manager
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_4 windows manager
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ran 3
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven version 2.1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven settings_file default
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bookmarks C:\Program Files\ C:\Windows\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven nickname Riddick
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_count 4
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven current_ip 84.244.130.239
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven current_port 28960
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven icq_uin
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven icq_victim
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven irc_server
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven irc_port 6667
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven irc_chan #infected
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven email_server
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven email_user
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven email_email
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven chat_size 25
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven v_color clGray
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven c_color clYellow
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven v_font 10
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven c_font 15
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ftp_port 80
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ftp_clients 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven find_what *.jpg
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven find_where C:\
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ftp_subdir 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_b 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_i 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_u 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_s 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_size 14
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_text
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven browser http://www.F***.com/
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven wincol_1 clRed
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven wincol_2 clYellow
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven wincol_3 clBlue
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven rec 5
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven qual_desk 50
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven qual_full 40
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven qual_webcam 40
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven hints 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven tray 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven show_images 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven run_notepad 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_text buhahahahaha
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_size 77
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_font Times New Roman
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_attrib 00001
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_speed 30
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_ctext clRed
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_cbackground clWhite
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven win_anim 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ftp_mask 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven matrix_open_text +----------------------------+ | The Matrix v.3.8 build 145 | +----------------------------+
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven port_matrix 9214
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven port_keyz 4432
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven port_spy 41021
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven port_sniff 55579
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip1 209
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip2 85
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip3 129
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip4 104
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip5 209
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip6 85
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip7 129
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip8 109
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_port
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scand_delay 4
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_server
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_port 6667
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_nick sub7bot
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_pass
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_prefix @
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_channel
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_key
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_commands
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_autostart no
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven skin default
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven address_book 209.85.129.104 80 n/a
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven es_filename D:\editserver.exe und 4 weitere Datei(en)\server2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 1_x 364
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 1_y 292
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 1_w 295
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 1_h 183
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 2_x 379
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 2_y 189
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 2_w 265
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 2_h 390
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 3_x 355
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 3_y 262
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 3_w 313
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 3_h 244
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 4_x 440
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 4_y 298
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 4_w 143
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 4_h 172
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 5_x 368
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 5_y 254
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 5_w 290
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 5_h 260
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 6_x 400
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 6_y 307
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 6_w 224
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 6_h 153
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 7_x 50
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 7_y 373
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 7_w 405
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 7_h 357
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 8_x 355
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 8_y 236
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 8_w 313
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 8_h 296
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 9_x 326
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 9_y 250
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 9_w 371
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 9_h 268
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 10_x 372
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 10_y 277
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 10_w 280
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 10_h 213
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 11_x 419
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 11_y 284
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 11_w 186
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 11_h 200
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 12_x 396
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 12_y 288
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 12_w 240
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 12_h 192
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 13_x 370
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 13_y 260
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 13_w 283
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 13_h 247
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 14_x 481
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 14_y 523
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 14_w 347
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 14_h 193
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 15_x 379
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 15_y 244
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 15_w 265
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 15_h 280
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 16_x 315
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 16_y 244
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 16_w 394
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 16_h 280
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 17_x 381
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 17_y 324
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 17_w 261
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 17_h 119
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_0 209.85.129.104:80
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_1 :
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_2 86.110.65.51:28960
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_3 84.244.130.239:28960
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven matrix_prefix 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven matrix_nick
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ps_ports
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ps_all 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_4 25292249:27374


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\Riddick (GER) Field1 464913556
HKEY_CURRENT_USER\Software\NetPumper\Riddick (GER) Field2 978523185
HKEY_CURRENT_USER\Software\NetPumper\Riddick (GER) Field3 1894565752
HKEY_CURRENT_USER\Software\NetPumper\Riddick (GER) Field4 1231660833
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free\Firstrun state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo nJRBfeu5U+wCxltsSlbGNt4Ih1LUTs25NoPPeoTWuGbrJ1DJh08FxONNaocKpXlWGffzu7vZs+qxg-PwI-BEDg5T+
YS6xdV9Pu2v6TAalwRWeATHtZv0ipUrsVzkckQSrZsR9+eoQDOB3yFvDq8YY
Qv6Rk1bOO0Q4Vl3JH58x4RpSGY2orDSjIgFri6TxI8gUY3lmkFTEpSU
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA} INetscapeInterface
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage


Backdoor.Win32.Bifrose.la Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Backdoor.Win32.Bifrose.aaw Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Backdoor.Bifrose Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Backdoor.Win32.Bifrose.dz Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Bifrost RAT more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Wget
HKEY_CURRENT_USER\Software\Wget klg
HKEY_CURRENT_USER\Software\Wget plg1
HKEY_LOCAL_MACHINE\SOFTWARE\Wget
HKEY_LOCAL_MACHINE\SOFTWARE\Wget nck


Backdoor.Win32.Bifrose.uw Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Trojans AIO HackHell Ed. RAT more information...
Details: This is a tool that bundles several Trojans like prorat, proagent, schoolbus, and subseven. These tools can connect to the remote machine and control that connected machine through the client program.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven folder D:\editserver.exe und 4 weitere Datei(en)\
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_count 4
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_1 ip scanner
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_2 IP tool
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_3 file manager
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven pu_4 windows manager
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ran 3
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven version 2.1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven settings_file default
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bookmarks C:\Program Files\ C:\Windows\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven nickname Riddick
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_count 4
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven current_ip 84.244.130.239
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven current_port 28960
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven icq_uin
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven icq_victim
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven irc_server
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven irc_port 6667
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven irc_chan #infected
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven email_server
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven email_user
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven email_email
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven chat_size 25
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven v_color clGray
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven c_color clYellow
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven v_font 10
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven c_font 15
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ftp_port 80
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ftp_clients 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven find_what *.jpg
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven find_where C:\
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ftp_subdir 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_b 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_i 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_u 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_s 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_size 14
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven print_text
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven browser http://www.F***.com/
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven wincol_1 clRed
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven wincol_2 clYellow
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven wincol_3 clBlue
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven rec 5
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven qual_desk 50
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven qual_full 40
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven qual_webcam 40
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven hints 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven tray 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven show_images 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven run_notepad 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_text buhahahahaha
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_size 77
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_font Times New Roman
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_attrib 00001
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_speed 30
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_ctext clRed
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ss_cbackground clWhite
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven win_anim 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ftp_mask 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven matrix_open_text +----------------------------+ | The Matrix v.3.8 build 145 | +----------------------------+
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven port_matrix 9214
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven port_keyz 4432
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven port_spy 41021
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven port_sniff 55579
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip1 209
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip2 85
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip3 129
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip4 104
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip5 209
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip6 85
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip7 129
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_ip8 109
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scan_port
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven scand_delay 4
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_server
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_port 6667
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_nick sub7bot
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_pass
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_prefix @
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_channel
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_key
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_commands
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven bot_autostart no
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven skin default
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven address_book 209.85.129.104 80 n/a
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven es_filename D:\editserver.exe und 4 weitere Datei(en)\server2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 1_x 364
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 1_y 292
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 1_w 295
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 1_h 183
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 2_x 379
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 2_y 189
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 2_w 265
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 2_h 390
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 3_x 355
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 3_y 262
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 3_w 313
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 3_h 244
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 4_x 440
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 4_y 298
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 4_w 143
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 4_h 172
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 5_x 368
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 5_y 254
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 5_w 290
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 5_h 260
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 6_x 400
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 6_y 307
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 6_w 224
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 6_h 153
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 7_x 50
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 7_y 373
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 7_w 405
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 7_h 357
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 8_x 355
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 8_y 236
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 8_w 313
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 8_h 296
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 9_x 326
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 9_y 250
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 9_w 371
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 9_h 268
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 10_x 372
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 10_y 277
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 10_w 280
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 10_h 213
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 11_x 419
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 11_y 284
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 11_w 186
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 11_h 200
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 12_x 396
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 12_y 288
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 12_w 240
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 12_h 192
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 13_x 370
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 13_y 260
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 13_w 283
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 13_h 247
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 14_x 481
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 14_y 523
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 14_w 347
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 14_h 193
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 15_x 379
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 15_y 244
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 15_w 265
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 15_h 280
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 16_x 315
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 16_y 244
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 16_w 394
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 16_h 280
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 17_x 381
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 17_y 324
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 17_w 261
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven 17_h 119
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_0 209.85.129.104:80
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_1 :
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_2 86.110.65.51:28960
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_3 84.244.130.239:28960
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven matrix_prefix 0
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven matrix_nick
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ps_ports
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ps_all 1
HKEY_LOCAL_MACHINE\SOFTWARE\SubSeven ips_4 25292249:27374


Backdoor.Bifrose.DX Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Backdoor.Bifrose.ACD Backdoor more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} stubpath D:\WINDOWS\system32\Winlogon.dll s


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
d:\dokumente und einstellungen\riddick (ger)\cookies\riddick (ger)@ad.yieldmanager[1].txt


Cookie: DriveCleaner Cookie (General) more information...
Status: Deleted

Infected cookies detected
d:\dokumente und einstellungen\riddick (ger)\cookies\riddick (ger)@drivecleaner[2].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
d:\dokumente und einstellungen\riddick (ger)\cookies\riddick (ger)@mediaplex[1].txt


Ist es jetzt fertig ???
es gibt keine meldungen mehr ;) und mein PC ist nicht mehr auf absturz ;)
Dieser Beitrag wurde am 17.01.2007 um 21:30 Uhr von Riddick-GER editiert.
Seitenanfang Seitenende
17.01.2007, 21:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 nun ja ...da hat sich ganz schoen viel Muell angesammlt, du scheinst wirklich jeden Muell zu laden - ohne Ruecksicht auf verluste ;)
Pass besser auf, was du auf deinen Rechner laesst, wenn du Freude am Surfen und Spielen haben willst.

««
scanne mit sophos
http://virus-protect.org/artikel/tools/sdfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.01.2007, 21:57
...neu hier

Themenstarter

Beiträge: 8
#15 ja schon (manche sachen sind auch bewust drauf gewessen)
Vielen dank ! bin ultra froh das jetzt alles wieder geht ! 1000 faches danke ;)
Seitenanfang Seitenende