Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.02.2008, 13:51   #1
AeonFelisimo
 
You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) - Standard

You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)



Hallo,
ich kome nicht weiter:
Seit gestern komme ich über dei google startseite nicht raus:
Egal wa sich aufrufen will - es kommt immer wieder die Meldung:

Not Found
The requested URL /DEFAULT.ASP was not found on this server.

Habe mehrer Tols ausprobiert - ohne ergebnis.
Einzig dr cwshreder bringt beim 2. durchlauf dieses Fehlerfgenster:

You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)

Überschrift im Fenster Ejs11l(AX_4dO348U<;.d

Leider war das iesbez&#252;gliche Posting hier etwas wirr und mir nicht ganz klar was wann wo wie gel&#246;scht erg&#228;nzt und so weiter werden musste.

denke mal das ist von pc zu pc verschieden.

drum hier mein HijackThis Logfile.

Logfile of HijackThis v1.99.1
Scan saved at 14:28:48, on 29.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
D:\Programme\Manfred\AVK\AVKService.exe
D:\Programme\Manfred\AVK\AVKWCtl.exe
C:\Programme\Bonjour\mDNSResponder.exe
D:\Programme\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\QuickTime\qttask.exe
D:\Programme\Manfred\Media Experience\DMXLauncher.exe
D:\Programme\Manfred\Firewall\GDFwSvc.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
D:\Programme\Manfred\AVKTray\AVKTray.exe
D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
D:\Programme\Manfred\Eraser\eraser.exe
D:\Programme\Manfred\Spybot - Search & Destroy\TeaTimer.exe
D:\Programme\Manfred\Firewall\GDFirewallTray.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\MSN Messenger\usnsvc.exe
D:\Programme\aawservice.exe
D:\Programme\Spyware Doctor\pctsAuxs.exe
D:\Programme\Spyware Doctor\pctsSvc.exe
D:\Programme\Spyware Doctor\pctsTray.exe
G:\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h t t p://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/go/inproductreg?v=3&product=Dreamweaver&loc=de_de&country=de&platform=2&givenName=V&familyName=V&email=V@bvb.com&optin=0&serialNumber=WPW800-50872-80176-39169
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,d:\programme\manfred\avkkid\avkcks.exe
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\Manfred\Webfilter\AVKWebIE.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\Manfred\Webfilter\AVKWebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] "D:\Programme\Manfred\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVKTray] D:\Programme\Manfred\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ISTray] "D:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] D:\Programme\Manfred\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Manfred\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: SYSTRAN Suche - res://D:\Programme\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Übersetzen - res://D:\Programme\\GUIres.dll/translate.js
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165399996515
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = videograph.local
O17 - HKLM\Software\..\Telephony: DomainName = videograph.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = videograph.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = videograph.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Programme\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - D:\Programme\Manfred\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - D:\Programme\Manfred\AVK\AVKWCtl.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - D:\Programme\Manfred\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Programme\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - D:\Programme\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - D:\Programme\Manfred\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - D:\Programme\Manfred\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe

W&#228;re sch&#246;n wen einer mir helfen k&#246;nnte.

Danke!

Alt 29.02.2008, 13:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) - Icon31

You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)



Hallo Manfred

Zitat:
Egal wa sich aufrufen will - es kommt immer wieder die Meldung:

Not Found
The requested URL /DEFAULT.ASP was not found on this server.
Welcher Browser?
Das logfile sieht soweit okay aus, aber du solltest mal ein neues mit der aktuellen Version 2.0.2 von HijackThis erstellen. Folge auch zusätzlich mal den silentrunners Link in meiner Signatur. Poste die logs bitte mit Code-Tags umschlossen (Rautesymbol beim Beitrag verfassen).
__________________

__________________

Alt 29.02.2008, 14:06   #3
AeonFelisimo
 
You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) - Standard

You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)



Benutze den Explorer 6.0

Werde deine Tolls nutzen danke. Aber wenn die Logfiles gut aussehen was kann es dann sein. Das Problem hab ich auch mit dem Firefox.

Danke
__________________

Alt 29.02.2008, 14:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) - Icon32

You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)



Zitat:
Benutze den Explorer 6.0
*würg*

Den solltest Du möglichst überhaupt nicht nutzen. Der IE ist ja schon anfällig genug und dan noch die Version 6 => garnicht gut!
Update auf Version 7 aber surfe zukünftig nur mit Firefox oder Opera.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.02.2008, 14:14   #5
AeonFelisimo
 
You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) - Standard

You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)



Silent Runners Logfile


"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Eraser" = "D:\Programme\Manfred\Eraser\eraser.exe -hide" ["Heidi Computers Ltd"]
"SpybotSD TeaTimer" = "D:\Programme\Manfred\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" [file not found]
"RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"LanguageShortcut" = "C:\Programme\CyberLink\PowerDVD\Language\Language.exe" [null data]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"DMXLauncher" = ""D:\Programme\Manfred\Media Experience\DMXLauncher.exe"" [null data]
"ISUSPM" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler" ["Macrovision Corporation"]
"AVKTray" = "D:\Programme\Manfred\AVKTray\AVKTray.exe" ["G DATA Software AG"]
"NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"Acrobat Assistant 8.0" = ""D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."]
"Adobe_ID0EYTHM" = "C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" ["Adobe Systems Incorporated"]
"ISTray" = ""D:\Programme\Spyware Doctor\pctsTray.exe"" ["PC Tools"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0124123D-61B4-456f-AF86-78C53A0790C5}\(Default) = "G DATA WebFilter Class"
-> {HKLM...CLSID} = "G DATA WebFilter"
\InProcServer32\(Default) = "D:\Programme\Manfred\Webfilter\AVKWebIE.dll" ["G DATA Software AG"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ContributeBHO Class"
\InProcServer32\(Default) = "D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office11\OFFICE11\msohev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}" = "RXDCExtShlExt extension"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Programme\Manfred\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]
"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Roxio\Drag-to-Disc\Shellex.dll" ["Sonic Solutions"]
"{7BEDB9F5-A8A8-48eb-BEFE-8357423A6FE6}" = "SYSTRAN"
-> {HKLM...CLSID} = "Systran6.SystranShellContextMenu"
\InProcServer32\(Default) = "mscoree.dll" [MS]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "D:\Programme\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "C:\WINDOWS\system32\userinit.exe,d:\programme\manfred\avkkid\avkcks.exe" [MS], [null data]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"
-> {HKLM...CLSID} = "DWFShellExt Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\dwf Common\DWFShellExtension.dll" ["Autodesk, Inc."]
AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"
-> {HKLM...CLSID} = "AVK9ContextMenue"
\InProcServer32\(Default) = "D:\Programme\Manfred\AVK\ShellExt.dll" ["G DATA Software AG"]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "D:\Programme\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
Reisswolf\(Default) = "{1F0F1EE7-36B9-11D2-8985-0080ADA96E9B}"
-> {HKLM...CLSID} = "ReisswolfContextMenu"
\InProcServer32\(Default) = "D:\Programme\Manfred\Shredder\Reisswlf.dll" ["G DATA Software AG"]
RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Programme\Manfred\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]
SYSTRAN\(Default) = "{7BEDB9F5-A8A8-48eb-BEFE-8357423A6FE6}"
-> {HKLM...CLSID} = "Systran6.SystranShellContextMenu"
\InProcServer32\(Default) = "mscoree.dll" [MS]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"
-> {HKLM...CLSID} = "AVK9ContextMenue"
\InProcServer32\(Default) = "D:\Programme\Manfred\AVK\ShellExt.dll" ["G DATA Software AG"]
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
Reisswolf\(Default) = "{1F0F1EE7-36B9-11D2-8985-0080ADA96E9B}"
-> {HKLM...CLSID} = "ReisswolfContextMenu"
\InProcServer32\(Default) = "D:\Programme\Manfred\Shredder\Reisswlf.dll" ["G DATA Software AG"]
RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Programme\Manfred\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]
SYSTRAN\(Default) = "{7BEDB9F5-A8A8-48eb-BEFE-8357423A6FE6}"
-> {HKLM...CLSID} = "Systran6.SystranShellContextMenu"
\InProcServer32\(Default) = "mscoree.dll" [MS]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Manfred" & "All Users" startup folders:
---------------------------------------------------------

C:\Dokumente und Einstellungen\Manfred\Startmenü\Programme\Autostart
"Adobe Gamma" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Acrobat - Schnellstart" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe" [null data]
"Adobe Reader Synchronizer" -> shortcut to: "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [null data]
"G DATA Firewall Tray" -> shortcut to: "D:\Programme\Manfred\Firewall\GDFirewallTray.exe" ["G DATA Software AG"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Programme\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{0124123D-61B4-456F-AF86-78C53A0790C5}" = "G DATA WebFilter"
-> {HKLM...CLSID} = "G DATA WebFilter"
\InProcServer32\(Default) = "D:\Programme\Manfred\Webfilter\AVKWebIE.dll" ["G DATA Software AG"]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided)
-> {HKLM...CLSID} = "Contribute Toolbar"
\InProcServer32\(Default) = "D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."]
Ad-Aware 2007 Service, aawservice, "D:\Programme\aawservice.exe" ["Lavasoft"]
Autodesk Licensing Service, Autodesk Licensing Service, ""C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe"" ["Autodesk"]
AVK Service, AVKService, "D:\Programme\Manfred\AVK\AVKService.exe" ["G DATA Software AG"]
AVK Wächter, AVKWCtl, "D:\Programme\Manfred\AVK\AVKWCtl.exe" ["G DATA Software AG"]
AVKProxy, AVKProxy, ""C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe"" ["G DATA Software AG"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programme\CyberLink\Shared files\RichVideo.exe"" [empty string]
FLEXnet Licensing Service, FLEXnet Licensing Service, ""C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."]
G DATA Personal Firewall, GDFwSvc, "D:\Programme\Manfred\Firewall\GDFwSvc.exe" ["G DATA Software AG"]
mental ray 3.5 Satellite (32-bit), mi-raysat_3dsmax9_32, "D:\Programme\mentalray\satellite\raysat_3dsmax9_32server.exe" [null data]
Messenger USN Journal Reader-Service für freigegebene Ordner, usnjsvc, ""C:\Programme\MSN Messenger\usnsvc.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Auxiliary Service, sdAuxService, "D:\Programme\Spyware Doctor\pctsAuxs.exe" ["PC Tools"]
PC Tools Security Service, sdCoreService, "D:\Programme\Spyware Doctor\pctsSvc.exe" ["PC Tools"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2008-02-29 15:17:35)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 32 seconds, including 5 seconds for message boxes)


Alt 29.02.2008, 14:37   #6
AeonFelisimo
 
You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) - Standard

You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)



Hallo ENTWARNUNG

Ein Aruf bei G-Data hat den Fehler aufgezeigt.

Da - wie man mir sagte dies erst seit einiger Zeit vorkommt und nur ab und zu bei einigen kunden poste ich die erklärung mal:

bei den einstellungen im g-data webfiltertool probeweise das ganze tool ausschalten. wenn es dann wieder möglich ist zu surfen - den webfilter wieder aktivieren und nachsehen ob der punkt "blocken getarnter URL`s" aktiv ist. wenn ja deaktivieren - dann gehts wieder.

hoffe es hilft dem ein oder anderen.

erstmal herzlichen dank bei alen für die mühe.
sorry - aber da muss man ja auch erstmal drauf kommen.

DANKE

Ergänzung:
Bitte einer der Mods den Thread als erledig kennzeichnen um unnötige Arbeit zu ersparen. Danke!

Geändert von AeonFelisimo (29.02.2008 um 14:39 Uhr) Grund: Kann Thema nicht selbst editieren

Alt 29.02.2008, 14:40   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) - Cool

You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)



Also was auffälliges hab ich da nicht gesehen. Kommt noch das neue hjt logfile?
Was hast du denn gemacht am PC bevor der Fehler auftrat. Von nix kommt nix.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)
32-bit, ad-aware, adobe, aufrufe, bho, bonjour, computer, dll, email, eraser, explorer, firewall, g data, google, google startseite, hijack, hijackthis, home, immer wieder, internet, internet explorer, kommt immer wieder, konvertieren, nvidia, pdf, pdf-datei, pop-up-blocker, rundll, security, shortcut, software, spyware, system, trojan, unknown file in winsock lsp, urlsearchhook, userinit.exe, windows, windows xp



Ähnliche Themen: You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)


  1. Viren : Trojan.GenericKD.1843822 - Gen:Variant.Adware.BHO.Agent.4 - Trojan.Ciusky.Gen.13
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (3)
  2. Virus Gen:Variant.Symmi.10389 und Gen:Variant.Graftor.Elzob.23242 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (29)
  3. Trojan-downloader.Win 32. agent variant
    Mülltonne - 22.11.2008 (0)
  4. trojan-downloader.win32.agent variant
    Mülltonne - 22.11.2008 (1)
  5. Trojan-Downloader.Win 32.Agent variant
    Plagegeister aller Art und deren Bekämpfung - 21.11.2008 (5)
  6. Trojan-Download.Win32.Agent variant
    Log-Analyse und Auswertung - 17.11.2008 (3)
  7. Trojan-Downloader.Win32.Agent variant
    Mülltonne - 08.11.2008 (0)
  8. Trojan-Downloader.Win32.Agent variant
    Mülltonne - 08.11.2008 (1)
  9. Trojan-Downloader.win32.agent variant
    Plagegeister aller Art und deren Bekämpfung - 30.10.2008 (2)
  10. Trojan-Downloader.Win32.Agent variant
    Mülltonne - 29.10.2008 (0)
  11. Trojan-Downloader Win 32 Agent Variant - Problem
    Log-Analyse und Auswertung - 21.08.2008 (4)
  12. Trojan-Downloader.Win32.Agent variant
    Mülltonne - 01.03.2008 (0)
  13. trojan-Downloader.Win32.Agent variant
    Plagegeister aller Art und deren Bekämpfung - 22.12.2007 (10)
  14. Trojan-Downloader.win32.Agent Variant
    Log-Analyse und Auswertung - 18.12.2007 (12)
  15. Trojan-Downloader.Win32.Agent variant
    Log-Analyse und Auswertung - 24.08.2007 (6)
  16. Trojan-Download.Win32.Agent variant
    Log-Analyse und Auswertung - 15.07.2007 (1)
  17. Coolwebsearch Trojan
    Plagegeister aller Art und deren Bekämpfung - 25.01.2004 (8)

Zum Thema You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) - Hallo, ich kome nicht weiter: Seit gestern komme ich &#252;ber dei google startseite nicht raus: Egal wa sich aufrufen will - es kommt immer wieder die Meldung: Not Found The - You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)...
Archiv
Du betrachtest: You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.