Home » Viren, Trojaner & Malware Forum » Bin neu hier, habe Problem mit Spyware die sich nicht löschen läst! » Themenansicht

Bin neu hier, habe Problem mit Spyware die sich nicht löschen läst!

Thema ist geschlossen!
Thema ist geschlossen!
#0
21.03.2007, 22:24
sylivia
...neu hier

Beiträge: 5
#1 Mein Problem ist, das sich ein "angebliches Spyware" Programm installiert hat. Unten im Systemtray erscheint eine Warnung von System Alert: Trojan-Spy.Win32@mx und es öffnen sich einfach Internetfenster.
Dieser läst sich nicht mit meiner Antivirus Firewall löschen.
Bitte um Hilfe!

Im Anhang ist eine zip-Datei, indem sich der Combfix.txt, datfindbat.txt und ein Bild des Trojan befindet, beigelegt.

Hijackthis.log

Logfile of HijackThis v1.99.1
Scan saved at 22:03:55, on 20.03.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Programme\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Programme\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Programme\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Programme\AntivirusFirewall\Common\FSMA32.EXE
C:\Programme\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Programme\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\AntivirusFirewall\Common\FCH32.EXE
C:\Programme\AntivirusFirewall\Common\FAMEH32.EXE
C:\Programme\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Programme\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Programme\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Programme\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Security\pmsnrr.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\TPPALDR.EXE
C:\Programme\Browser mouse\1.3\mouse32a.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programme\AntivirusFirewall\Common\FSM32.EXE
C:\Programme\Multimedia keyboard utility\1.3\KbdAp32A.exe
C:\Programme\AntivirusFirewall\FSGUI\ispnews.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Nokia\PC Suite for Nokia N-Gage\connmngmntbox.exe
C:\Programme\Nokia\PC Suite for Nokia N-Gage\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programme\PocketCam 3Mega\ICON.EXE
C:\Programme\ScanPanel\ScnPanel.exe
C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Dokumente und Einstellungen\internet alda\Desktop\virenschutzsachen downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F3 - REG:win.ini: run=
O2 - BHO: LIQUIObj Class - {00000000-663f-49e8-bdf6-f26db51c7dd5} - C:\WINDOWS\liqui.dll (file missing)
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Programme\Internet Security\isadd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [France] c:\program files\dialers\france\france.exe /noconnect
O4 - HKLM\..\Run: [France_sex] c:\program files\dialers\france_sex\france_sex.exe /noconnect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [FLMMEDIONMOUSE] C:\Programme\Browser mouse\1.3\mouse32a.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Multimedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Programme\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokiaN-Gage TS.lnk = ?
O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?
O4 - Global Startup: ScanPanel.lnk = C:\Programme\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O9 - Extra button: MedionShop - {FB7C19EE-F934-44AC-9AFC-EB60504D3B9E} - http://www.medionshop.de (file missing) (HKCU)
O16 - DPF: {00000000-663f-49e8-bdf6-f26db51c7dd5} (LIQUIObj Class) -
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--------


ComboFix 07-03-22.2 - Running from: "C:\Dokumente und Einstellungen\internet alda\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-02-21 to 2007-03-21 ))))))))))))))))))))))))))))))))))


2007-03-12 20:04 <DIR> d-------- C:\Programme\Internet Security
2007-02-24 00:36 <DIR> d-------- C:\DOKUME~1\INTERN~1\Contacts
2007-02-24 00:34 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-21 21:20 -------- d-------- C:\Programme\wanadoo
2007-03-21 21:17 -------- d-------- C:\Programme\icqtoolbar
2007-03-07 21:42 -------- d-------- C:\Programme\icqlite
2007-02-18 16:15 -------- d-------- C:\DOKUME~1\INTERN~1\ANWEND~1\ulead systems
2007-02-15 16:42 -------- d-------- C:\Programme\google
2007-02-04 22:12 -------- d-------- C:\Programme\itunes
2007-02-04 22:12 -------- d-------- C:\Programme\ipod
2007-02-04 22:10 -------- d-------- C:\Programme\quicktime
2007-02-04 16:06 -------- d-------- C:\DOKUME~1\INTERN~1\ANWEND~1\icqlite
2007-02-04 15:58 -------- d-------- C:\DOKUME~1\INTERN~1\ANWEND~1\icq toolbar
2007-01-30 22:13 -------- d-------- C:\DOKUME~1\INTERN~1\ANWEND~1\google
2007-01-30 22:06 -------- d-------- C:\DOKUME~1\INTERN~1\ANWEND~1\ispnews
2007-01-30 21:57 118842 -r------- C:\WINDOWS\bwunin-6.3.2.123-6588780l.exe
2007-01-30 09:27 -------- d-------- C:\Programme\securitoo
2007-01-29 23:07 -------- d-------- C:\Programme\lyrics power
2007-01-23 18:38 -------- d-------- C:\Programme\inventel
2007-01-23 18:37 48156 --a------ C:\WINDOWS\system32\perfc007.dat
2007-01-23 18:37 316594 --a------ C:\WINDOWS\system32\perfh007.dat
2007-01-23 18:07 -------- d-------- C:\Programme\multimedia keyboard utility


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe"
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Microsoft Works Portfolio"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"C-Media Mixer"="Mixer.exe /startup"
"RealTray"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"InstantAccess"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h"
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"
"GSICONEXE"="GSICON.EXE"
"DSLAGENTEXE"="dslagent.exe USB"
"France"="c:\\program files\\dialers\\france\\france.exe /noconnect"
"DateChecker"=""
"France_sex"="c:\\program files\\dialers\\france_sex\\france_sex.exe /noconnect"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="nwiz.exe /install"
"windows auto update"=""
"Microsoft Inet Xp.."=""
"TPP Auto Loader"="C:\\WINDOWS\\TPPALDR.EXE"
"FLMMEDIONMOUSE"="C:\\Programme\\Browser mouse\\1.3\\mouse32a.exe"
"Ulead AutoDetector"="C:\\Programme\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"FLMK08KB"="C:\\Programme\\Multimedia keyboard utility\\1.3\\MMKEYBD.EXE"
"F-Secure Manager"="\"C:\\Programme\\AntivirusFirewall\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Programme\\AntivirusFirewall\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Programme\\AntivirusFirewall\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Programme\\AntivirusFirewall\\FSGUI\\ispnews.exe\""
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{634be415-da12-496b-b89e-329b73c4807f}"="cam"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"rare"="C:\\Programme\\Internet Security\\pmsnrr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\PC Health-Taskplaner fr Upload-Bibliothek.job
C:\WINDOWS\tasks\Symantec NetDetect.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\logo.bmp 77824 bytes
C:\WINDOWS\maxlink.ini 192 bytes
C:\WINDOWS\MCENU.HLP 45056 bytes
C:\WINDOWS\mdm.ini 64 bytes
C:\WINDOWS\Media
C:\WINDOWS\Media\chimes.wav 57344 bytes

Anhang: texte_und_Bild.rar
Dieser Beitrag wurde am 21.03.2007 um 22:41 Uhr von sylivia editiert.
Seitenanfang Seitenende
22.03.2007, 11:54
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 sylivia ;)

««
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked

Zitat

O2 - BHO: LIQUIObj Class - {00000000-663f-49e8-bdf6-f26db51c7dd5} - C:\WINDOWS\liqui.dll (file missing)

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Programme\Internet Security\isadd.dll (file missing)

O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL

O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)

O4 - HKLM\..\Run: [France_sex] c:\program files\dialers\france_sex\france_sex.exe /noconnect - ?????????????????

««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|France_sex
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{634be415-da12-496b-b89e-329b73c4807f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run|rare
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418}

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-663f-49e8-bdf6-f26db51c7dd5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-663f-49e8-bdf6-f26db51c7dd5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security

Files to delete:
C:\WINDOWS\Temp\ext1D.tmp
C:\WINDOWS\Temp\ext2.tmp
C:\WINDOWS\Temp\ext4.tmp
C:\WINDOWS\Temp\IEC3.tmp
C:\WINDOWS\Temp\IEC4.tmp
C:\WINDOWS\system32\tvomnc.dll
C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url
C:\Dokumente und Einstellungen\%Username%\Favoriten\Online Security Test.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url

Folders to delete:
C:\Programme\Internet Security
C:\Programme\MySearch
c:\program files\dialers


Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

--------------------------------------------------------------------------------

»»
keine Ahnung, ob du

c:\program files\dialers
c:\\program files\\dialers\\france_sex

- loeschen willst - sag mir bescheid, dann packe ich es noch ins Avengerscript


«
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.03.2007, 20:00
sylivia
...neu hier

Themenstarter

Beiträge: 5
#3 Ja die

c:\program files\dialers
c:\\program files\\dialers\\france_sex

würde ich auch gerne löschen. Wäre nett wenn du die noch ins Avengerscript packen könntest.

Hier ist schonmal der Avenger.txt:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\etvrngii

*******************

Script file located at: ytudssue

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

und der rapport.txt:

SmitFraudFix v2.152

Scan done at 20:17:26,89, 22.03.2007
Run from C:\Dokumente und Einstellungen\internet alda\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Ist jetzt alles wieder ok?
Dieser Beitrag wurde am 22.03.2007 um 20:34 Uhr von sylivia editiert.
Seitenanfang Seitenende
22.03.2007, 20:49
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 sylivia

««
das avengerscript scheint nicht funktioniert zu haben....
hast du "zitat" mit reinkopiert ? oder nicht das richtige angehakt ? - versuche es noch mal............ (ich habe noch den c:\program files\dialers dazugepackt...)

1.
poste das neue Log vom HijackThis

2.
scanne, stelle nach dem scan alles auf remove und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.03.2007, 10:31
sylivia
...neu hier

Themenstarter

Beiträge: 5
#5 hier ist jetzt die neue Hijack This datei:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:04, on 23.03.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Programme\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Programme\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Programme\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Programme\AntivirusFirewall\Common\FSMA32.EXE
C:\Programme\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Programme\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\AntivirusFirewall\Common\FCH32.EXE
C:\Programme\AntivirusFirewall\Common\FAMEH32.EXE
C:\Programme\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Programme\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Programme\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Programme\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\TPPALDR.EXE
C:\Programme\Browser mouse\1.3\mouse32a.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programme\AntivirusFirewall\Common\FSM32.EXE
C:\Programme\Multimedia keyboard utility\1.3\KbdAp32A.exe
C:\Programme\AntivirusFirewall\FSGUI\ispnews.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Nokia\PC Suite for Nokia N-Gage\connmngmntbox.exe
C:\Programme\Nokia\PC Suite for Nokia N-Gage\ectaskscheduler.exe
C:\Programme\PocketCam 3Mega\ICON.EXE
C:\Programme\ScanPanel\ScnPanel.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Dokumente und Einstellungen\internet alda\Desktop\virenschutzsachen downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [France] c:\program files\dialers\france\france.exe /noconnect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [FLMMEDIONMOUSE] C:\Programme\Browser mouse\1.3\mouse32a.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Multimedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Programme\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PCSuiteForNokiaN-Gage Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokiaN-Gage TS.lnk = ?
O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?
O4 - Global Startup: ScanPanel.lnk = C:\Programme\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O9 - Extra button: MedionShop - {FB7C19EE-F934-44AC-9AFC-EB60504D3B9E} - http://www.medionshop.de (file missing) (HKCU)
O16 - DPF: {00000000-663f-49e8-bdf6-f26db51c7dd5} -
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe

Und hier die Datei von CounterSpy:

Scan History Details
Start Date: 22.03.2007 22:06:36
End Date: 22.03.2007 23:04:04
Total Time: 57 Min 28 Sec
Detected security risks

AdBreak Browser Plug-in more information...
Details: AdBreak opens pop-up advertising. It also hijacks your home page.
Status: Deleted

Files detected
C:\WINDOWS\liqui2.tmp


Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\internet alda\cookies\internet alda@cgi-bin[1].txt
c:\dokumente und einstellungen\internet alda\cookies\internet alda@cgi-bin[2].txt


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\internet alda\cookies\internet alda@com[1].txt


Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/IEGATOR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/IEGATOR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/IEGATOR.DLL


Cookie: GeoCities Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\internet alda\cookies\internet alda@geocities[1].txt


IEAccess Porn Dialer more information...
Details: IEAccess is an ActiveX Trojan control used to download and install premium-rate dialers, primarily for porn sites. On a user's computer. IEAccess can be installed without the user's knowledge via an Internet Explorer Security Hole.
Status: Deleted

Files detected
C:\WINDOWS\system32\IEAccess2.dll


Mainpean Stardialer Porn Dialer more information...
Details: Mainpean Stardialer is a dialer distributed by slsk.org, a faked SoulSeek domain.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED
HKEY_LOCAL_MACHINE\SOFTWARE\MAINPEAN HIGHSPEED


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C2-189F-421A-88CD-07CFE51CFF10}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C3-189F-421A-88CD-07CFE51CFF10}\Version
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib


NetworkEssentials.BHO Browser Plug-in more information...
Details: Network Essentials is an IE Browser Helper Object which monitors URLs being viewed in the web browser.
Status: Deleted

Files detected
C:\Dokumente und Einstellungen\SVEN\Lokale Einstellungen\Temp\upd4.tmp

Registry entries detected
HKEY_USERS\.DEFAULT\SOFTWARE\UPDATER
HKEY_USERS\.DEFAULT\SOFTWARE\UPDATER
HKEY_USERS\S-1-5-18\SOFTWARE\UPDATER
HKEY_USERS\S-1-5-18\SOFTWARE\UPDATER


My Search Bar Potentially Unwanted Program more information...
Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines.
Status: Deleted

Files detected
C:\Dokumente und Einstellungen\internet alda\Desktop\virenschutzsachen downloads\backups\backup-20070322-192558-253.dll

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C5-189F-421A-88CD-07CFE51CFF10}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C7-189F-421A-88CD-07CFE51CFF10}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{014DA6CB-189F-421A-88CD-07CFE51CFF10}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN.1
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN.1
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESHUTDOWN\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP.1
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP.1
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.NETSCAPESTARTUP\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN.1
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN.1
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYSEARCHTOOLBAR.SETTINGSPLUGIN\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{014DA6C0-189F-421A-88CD-07CFE51CFF10}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MY SEARCH UNINSTALL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MY SEARCH UNINSTALL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MY SEARCH UNINSTALL
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar\partner
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar\partner
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar\partner
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar\partner
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar\partner
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar\partner
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar\partner
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar\partner
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar
HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH\bar


Cookie: Ajan 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\internet alda\cookies\internet alda@xiti[1].txt


Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information...
Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs additional malware on the user's machine.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-3646181656-2885428501-1420851871-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER


Cutygirls Porn Dialer more information...
Status: Deleted

Files detected
C:\WINDOWS\system32\eng003.exe


Cookie: DriveCleaner Cookie (General) more information...
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\internet alda\cookies\internet alda@drivecleaner[2].txt

Siehts jetzt gut aus?
Seitenanfang Seitenende
23.03.2007, 13:10
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 sylivia

hast du das avengerscript noch mal angewendet ? komisch, denn den Dialer hatte ich mit eingebaut - ist aber noch da...

««
öffne das HijackThis -- Button "scan" -- vor diesen Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [France] c:\program files\dialers\france\france.exe /noconnect

PC neustarten

»»
scanne mit panda und poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.03.2007, 22:01
sylivia
...neu hier

Themenstarter

Beiträge: 5
#7 Das avengerscript habe ich nochmal angewendet.
Das mit dem HijackThis habe ich gemacht.
Aber das mit dem Panda hat nicht geklappt.
Weis ja jetzt auch nicht.
Seitenanfang Seitenende
24.03.2007, 12:00
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 versuche einen scan mit ewido zu machen - lasse dann alles loeschen, was gefunden wird und poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.03.2007, 23:29
sylivia
...neu hier

Themenstarter

Beiträge: 5
#9 Das mit ewido hat geklappt, hab leider der report verpeilt.
Scheint aber soweit alles weg zu sein. Hab nochmal mit meinem Antivirusprogramm gescant, der hat aber nichts mehr gefunden.

Noch ein dickes Danke für die große Hilfe.

Mfg Sylivia
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »
Seite(n): 1