Home » Spyware & Browser Hijacker Support Forum » Kann mir jemand bitte helfen ?! Wenn IE läuft, öffnet sich automatisch Werbung.. » Themenansicht

Kann mir jemand bitte helfen ?! Wenn IE läuft, öffnet sich automatisch Werbung..
#0
11.10.2008, 12:27
hoffmann2008
...neu hier

Beiträge: 2
#1 Hallo Zusammen,
kann mir bitte jemand helfen, wenn der IE läuft, öffnet sich automatisch Werbung.
Stelle mal den Log von HiJagThis ein. Vielen Dank im Voraus für Eure Hilfe.
Mfg
Thomas



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:37, on 11/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Users\Thomas\AppData\Local\geqpa.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=0080416
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [geqpa] "c:\users\thomas\appdata\local\geqpa.exe" geqpa
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://especiales.softonic.com/sinespias/installer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12091 bytes
Seitenanfang Seitenende
11.10.2008, 14:59
Swisstreasure
Moderator

Beiträge: 5694
#2 >>
Cleaner anwenden:
http://www.ccleaner.de/?protecus.de

>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind)

Zitat

O4 - HKCU\..\Run: [geqpa] "c:\users\thomas\appdata\local\geqpa.exe" geqpa

O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
und wähle fix checked.

Starte den Rechner neu.


>>
Scanne mit Malwarebytes, lass das gefundene löschen und poste das Log:
http://virus-protect.org/artikel/tools/malwarebytes.html

>>
wende combofix an + warnmeldung wegklicken + poste den report
http://virus-protect.org/artikel/tools/combofix.html

>>
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

SpyBro

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.


Gruss Swiss
Seitenanfang Seitenende
12.10.2008, 16:38
hoffmann2008
...neu hier

Themenstarter

Beiträge: 2
#3 Habe mit Malwarebytes (span. Version) scannen lassen, wurde nichts gefunden.

Malwarebytes' Anti-Malware 1.28
Versión de la Base de Datos: 1259
Windows 6.0.6001 Service Pack 1

12/10/2008 16:33:52
mbam-log-2008-10-12 (16-33-52).txt

Tipo de examen : Examen Completo (C:\|D:\|E:\|)
Objetos examinados: 159221
Tiempo transcurrido: 2 hour(s), 15 minute(s), 36 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

Hier der Log von ComboFix:

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Thomas\AppData\Local\geqpa.dat
C:\Users\Thomas\AppData\Local\geqpa_nav.dat
C:\Users\Thomas\AppData\Local\geqpa_navps.dat

.
(((((((((((((((((( Archivos creados desde 2008-09-12 - 2008-10-12 )))))))))))))))))))))))))))))))))
.

2008-10-12 12:42 . 2008-10-12 12:42 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\Malwarebytes
2008-10-12 12:42 . 2008-10-12 12:42 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-12 12:42 . 2008-10-12 12:42 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-12 12:42 . 2008-10-12 12:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 12:42 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-12 12:42 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-11 14:15 . 2008-10-11 14:15 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\Apple Computer
2008-10-11 14:14 . 2008-10-11 14:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 14:14 . 2008-10-11 14:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 14:14 . 2008-10-11 14:14 <DIR> d-------- C:\Program Files\iTunes
2008-10-11 14:14 . 2008-10-11 14:14 <DIR> d-------- C:\Program Files\iPod
2008-10-11 14:14 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-10-11 14:14 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-10-11 14:13 . 2008-10-11 14:13 <DIR> d-------- C:\Program Files\Bonjour
2008-10-11 12:17 . 2008-10-11 12:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-11 12:17 . 2008-10-11 12:17 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-10-11 12:14 . 2008-10-11 12:14 <DIR> d-------- C:\Users\Thomas\AppData\Roaming\SUPERAntiSpyware.com
2008-10-11 12:14 . 2008-10-11 12:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-11 12:13 . 2008-10-11 12:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-11 11:06 . 2008-10-11 11:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 11:03 . 2008-10-11 11:03 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-11 11:03 . 2008-10-11 11:04 <DIR> d-------- C:\Program Files\CCleaner
2008-10-10 08:40 . 2008-10-10 08:40 <DIR> d-------- C:\Users\All Users\Avg8
2008-10-10 08:40 . 2008-10-10 08:40 <DIR> d-------- C:\ProgramData\Avg8
2008-10-10 07:55 . 2008-10-10 07:55 <DIR> d-------- C:\Program Files\AVG
2008-10-09 21:54 . 2008-10-12 12:45 <DIR> d-------- C:\Users\All Users\Google Updater
2008-10-09 21:54 . 2008-10-12 12:45 <DIR> d-------- C:\ProgramData\Google Updater
2008-10-09 21:54 . 2008-10-09 21:55 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-10-09 21:28 . 2008-10-10 04:30 <DIR> d-a------ C:\Users\All Users\TEMP
2008-10-09 21:28 . 2008-10-10 04:30 <DIR> d-a------ C:\ProgramData\TEMP
2008-10-06 00:46 . 2008-10-06 00:46 <DIR> d-------- C:\Program Files\Ares
2008-10-01 13:01 . 2008-10-01 13:01 32,000 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-25 22:59 . 2008-09-25 22:59 67,110,184 --a------ C:\Users\Thomas\iTunes8Setup.exe
2008-09-25 21:27 . 2008-10-11 14:14 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-09-25 21:27 . 2008-10-11 14:14 <DIR> d-------- C:\ProgramData\Apple Computer
2008-09-25 21:27 . 2008-09-25 21:28 <DIR> d-------- C:\Program Files\QuickTime
2008-09-25 21:27 . 2008-10-11 14:11 <DIR> d-------- C:\Program Files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 14:06 --------- d-----w C:\Users\Thomas\AppData\Roaming\skypePM
2008-10-11 09:45 --------- d-----w C:\Program Files\IpodConverter
2008-10-11 08:06 --------- d-----w C:\Program Files\McAfee
2008-10-09 19:56 --------- d-----w C:\Program Files\Google
2008-10-08 19:56 --------- d-----w C:\Users\Thomas\AppData\Roaming\Skype
2008-09-25 21:40 --------- d-----w C:\ProgramData\Roxio
2008-09-09 22:19 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-05 17:25 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-05 17:25 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-05 17:24 --------- d-----w C:\Program Files\Nokia
2008-09-05 17:23 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-05 17:18 --------- d-----w C:\ProgramData\Installations
2008-09-02 18:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-29 08:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 07:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-29 07:54 --------- d-s---w C:\ProgramData\Memeo
2008-08-29 07:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-28 20:12 --------- d-----w C:\Program Files\Western Digital
2008-08-28 20:09 --------- d-----w C:\Program Files\Western Digital Technologies
2008-08-20 12:55 --------- d-----w C:\ProgramData\Apple
2008-08-20 12:55 --------- d-----w C:\Program Files\Apple Software Update
2008-08-20 08:01 --------- d-----w C:\Users\Thomas\AppData\Roaming\Nokia
2008-08-20 00:05 --------- d-----w C:\ProgramData\Sony Ericsson
2008-08-20 00:05 --------- d-----w C:\Program Files\Sony Ericsson
2008-08-19 22:36 --------- d-----w C:\Users\Thomas\AppData\Roaming\Sony
2008-08-19 22:36 --------- d-----w C:\ProgramData\Sony
2008-08-19 22:33 --------- d-----w C:\Program Files\Sony
2008-08-19 22:33 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-08-19 22:27 --------- d-----w C:\Users\Thomas\AppData\Roaming\Sony Setup
2008-08-19 22:27 --------- d-----w C:\Program Files\Sony Setup
2008-08-19 21:52 --------- d-----w C:\ProgramData\BVRP Software
2008-08-18 19:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 22:05 --------- d-----w C:\Program Files\Windows Mail
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-02 18:04 1,261,738 ----a-w C:\Users\Thomas\wrar371es.exe
2008-06-26 13:02 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-06-26 13:02 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-04-23 10:24 174 --sha-w C:\Program Files\desktop.ini
2008-04-22 19:37 308 ----a-w C:\Users\Thomas\AppData\Roaming\wklnhst.dat
2008-04-22 12:31 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-22 12:31 32 ----a-w C:\ProgramData\ezsid.dat
2008-04-16 07:44 76 --sh--r C:\Windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-04-16 77824]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 133656]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 36864]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 166424]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-16 1838592]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 159744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-05 40048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-27 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-16 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{36C82B48-72B9-4B2C-A83C-9438AB0FFC6C}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe;)ell MediaDirect
"{560479AE-71C0-4B65-8494-074DA06F867E}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{FB9EADEC-3B7D-45E1-A0BE-12984AE2FCF7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{D531D9ED-AB2C-4215-9CFA-535197E5BDCD}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{5F0BEF5C-FB60-4EE6-9ACD-2CACE2192565}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{73FA4492-133E-4F6B-A818-DAF771A491E2}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{87C131BA-0D0D-44F0-B944-3CCDF65AAC52}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{95600DDC-C9AC-40EE-977B-9D6B35BAA7E1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{634995C8-470A-4D6E-B57D-F616F971BB28}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D88F6909-3D8F-4A21-A5FB-95FFC9C9910B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3B355462-6F56-4C47-85F6-81419243E539}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{81B1BCC3-CC6A-4B95-A62F-D86D1D3488C6}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{BD83346E-34B7-4A2B-A467-1089B1203B69}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"TCP Query User{3D6A320D-F3A9-45D6-B62B-BDB70746B294}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{D101BCB5-3794-4362-A55C-AB0AFF63BA3E}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{79D726B5-0594-4EFE-A81F-1E7937AE10E2}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{14D9A340-85D3-47C5-BAF4-5ADCF09146F1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{AF0C5E61-653A-440D-B069-6D818739A481}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E1E7EAD9-E270-4849-90D3-638F3F77F895}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 73728]
R2 BcmSqlStartupSvc;Servicio de inicio de SQL Server para Business Contact Manager;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);C:\Windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);C:\Windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 stllssvr;stllssvr;C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ff9896a-753c-11dd-b300-001d094e7372}]
\shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenido de carpeta 'Tareas Programadas'

2008-04-16 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-04-16 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-10-09 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
.
------- Análisis Suplementario -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.es/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: {525019DF-8282-40DC-A0E0-13C076889F66} - hxxp://especiales.softonic.com/sinespias/installer.cab
C:\Windows\Downloaded Program Files\installer.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 16:44:59
Windows 6.0.6001 Service Pack 1 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-10-12 16:46:18
ComboFix-quarantined-files.txt 2008-10-12 14:46:08

Pre-Run: 93.938.974.720 bytes libres
Post-Run: 93,899,288,576 bytes libres

247 --- E O F --- 2008-09-09 22:22:38

Regestry Search:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 12/10/2008 17:04:17 for strings:
; 'spybro'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser]

[HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser\RemoteConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser\Signatures]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files\\SpyBro\\unins000.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\SpyBrowser]

[HKEY_CURRENT_USER\Software\SpyBrowser\Antivirus]

[HKEY_CURRENT_USER\Software\SpyBrowser\General]

[HKEY_CURRENT_USER\Software\SpyBrowser\GuardOptions]

[HKEY_CURRENT_USER\Software\SpyBrowser\GuardOptions\EnabledMonitors]

[HKEY_CURRENT_USER\Software\SpyBrowser\Monitors]

[HKEY_CURRENT_USER\Software\SpyBrowser\RemoteConfig]

[HKEY_CURRENT_USER\Software\SpyBrowser\ScanOptions]

[HKEY_CURRENT_USER\Software\SpyBrowser\ScanOptions\CustomScan]

[HKEY_CURRENT_USER\Software\SpyBrowser\ScanOptions\SelectedFolders]

[HKEY_CURRENT_USER\Software\SpyBrowser\ScanOptions\StartupCustomScan]

[HKEY_CURRENT_USER\Software\SpyBrowser\Scheduler]

[HKEY_CURRENT_USER\Software\SpyBrowser\Scheduler\CustomScan]

[HKEY_CURRENT_USER\Software\SpyBrowser\Scheduler\Event 0]

[HKEY_CURRENT_USER\Software\SpyBrowser\Startup]

[HKEY_CURRENT_USER\Software\SpyBrowser\Statistics]

[HKEY_CURRENT_USER\Software\SpyBrowser\WebScan]

[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\SpyBrowser]

; End Of The Log...

Vielen Dank Swiss, scheint alles wieder in Ordnung zu sein.

Gruss,
Thomas
Dieser Beitrag wurde am 12.10.2008 um 17:08 Uhr von hoffmann2008 editiert.
Seitenanfang Seitenende
12.10.2008, 19:28
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo hoffmann2008

««
Ausführen bei Vista : Windows Taste + R drücken
Kopiere rein: Combofix /U
- klicke "OK"


««
Gehe in die Registry
Start - Ausführen - regedit
oben links - suche - gib ein SpyBrowser - lösche mit rechtsklick alles, was gefunden wird

HKEY_LOCAL_MACHINE\SOFTWARE\SpyBrowser
HKEY_CURRENT_USER\Software\SpyBrowser
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\SpyBrowser
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files\\SpyBro\\unins000.exe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1