|
Wie werde ich den WinFixer wieder los? Wer kann mir helfen den lästigen WinFixer loszuwerden? Habe leider keine tieferen PC Kenntnisse, hier schonmal mein Logfile... und Dank im vorraus... gruß galsworty Logfile of HijackThis v1.99.1 Scan saved at 20:04:27, on 14.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\??anregw.exe C:\Programme\dotw\suso.exe C:\Programme\MSI\Bluetooth Software\BTTray.exe C:\WINDOWS\twain_32\C6U14K\WATCH.exe C:\WINDOWS\system32\devldr32.exe C:\Dokumente und Einstellungen\User\Desktop\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.t-online.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {18ABE2FB-7C37-55C6-42C7-55A05A89FECB} - (no file) O2 - BHO: (no name) - {8B0DC74E-59D0-5F71-86E1-7AA2A8F066CD} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {BF259DA3-0E3D-799B-4CE3-2777D7B00B9C} - C:\WINDOWS\system32\miec.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe O4 - HKCU\..\Run: [Lkzfra] C:\WINDOWS\system32\??anregw.exe O4 - HKCU\..\Run: [Rscb] "C:\Programme\dotw\suso.exe" -vt rbnd O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 209.8.20.130 O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103651328261 O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - (no file) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing) [edit] links entfernt [/edit] |
Ich denke mal, dass Du Dir den hier eingefangen hast: http://www.sophos.de/virusinfo/analyses/trojmadrb.html Um zu sehen, was los ist, mache einen escann genau nach Cidres Anleitung und poste das mit der find.bat erzeugte Log: http://www.trojaner-board.de/showthread.php?t=17492 |
Hallo felix1... hat ein bischen gedauert.... hier ist der eScan_neu.text wie geht es jetzt weiter? kann ich den abgesicherten Modus schon verlassen? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fri Oct 14 23:32:45 2005 => System found infected with coolwebsearch Spyware/Adware ({3f143c3a-1457-6cca-03a7-7aa23b61e40f})! Action taken: No Action Taken. Fri Oct 14 23:32:45 2005 => System found infected with istbar Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. Fri Oct 14 23:32:46 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken. Fri Oct 14 23:32:46 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken. Fri Oct 14 23:32:49 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken. Fri Oct 14 23:32:49 2005 => System found infected with midaddle Spyware/Adware (!update.exe)! Action taken: No Action Taken. Fri Oct 14 23:32:49 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken. Fri Oct 14 23:32:49 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. Fri Oct 14 23:32:52 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken. Fri Oct 14 23:32:58 2005 => System found infected with midaddle Spyware/Adware (!update.exe)! Action taken: No Action Taken. Fri Oct 14 23:32:58 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken. Fri Oct 14 23:32:58 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. Fri Oct 14 23:33:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Fri Oct 14 23:33:02 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Fri Oct 14 23:33:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Fri Oct 14 23:33:03 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Fri Oct 14 23:49:32 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Fri Oct 14 23:49:32 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\DNLILN32.EXE.VIR Fri Oct 14 23:49:32 2005 => File C:\Programme\AVPersonal\INFECTED\DNLILN32.EXE.VIR infected by "Backdoor.Win32.Padodor.al" Virus! Action Taken: No Action Taken. Fri Oct 14 23:57:23 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\B\Bad Religion\Bad Religion - Infected.gp3 Sat Oct 15 00:00:01 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\mix\Bad Religion - Infected.gp3 Sat Oct 15 01:03:29 2005 => File C:\WINDOWS\system32\drivers\etc\HOSTS.bak infected by "Trojan.Win32.Qhost.k" Virus! Action Taken: No Action Taken. Sat Oct 15 01:16:35 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fri Oct 14 23:32:16 2005 => File C:\WINDOWS\system32\miec.dll tagged as "not-a-virus:AdWare.Win32.PurityScan.ak". Action Taken: No Action Taken. Fri Oct 14 23:35:57 2005 => File C:\Dokumente und Einstellungen\User\Desktop\Downloads\BSINSTALLDE.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fri Oct 14 23:32:47 2005 => Offending Key found: HKLM\Software\kazaa !!! Fri Oct 14 23:32:47 2005 => Offending Key found: HKCU\Software\kazaa !!! Fri Oct 14 23:32:49 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1 Fri Oct 14 23:32:49 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\!update.exe Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\cmdlineext02.dll Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\insthelp.dll Fri Oct 14 23:32:52 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Favoriten\ebay.url Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\!update.exe Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\cmdlineext02.dll Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\insthelp.dll Fri Oct 14 23:33:01 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temporary internet files\content.ie5\kxkxer6d\common[1].js Fri Oct 14 23:33:02 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temporary internet files\content.ie5\upnsxcvy\show_ads[2].js Fri Oct 14 23:33:03 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxkxer6d\common[1].js Fri Oct 14 23:33:03 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\content.ie5\upnsxcvy\show_ads[2].js ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Oct 15 01:16:35 2005 => Total Virus(es) Found: 23 Sat Oct 15 01:16:35 2005 => Total Errors: 49 Sat Oct 15 01:16:35 2005 => Time Elapsed: 01:44:37 Sat Oct 15 01:16:35 2005 => Total Objects Scanned: 92328 |
Zu dieser Nachtzeit poste mal dein log hier hin.> http://hijackthis.de/ Wenn du danach nicht klar komms dann wieder hier hin. MfG Tomita :( |
Danke Tomita... habe bei heijackthis meine logfiles auswerten lassen und 7 Meldungen bekommen. Was mache ich jetzt damit, soll ich die Dateien suchen und von Hand löschen? Zur Sicherheit schaut euch bitte meinen scan an. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fri Oct 14 23:32:45 2005 => System found infected with coolwebsearch Spyware/Adware ({3f143c3a-1457-6cca-03a7-7aa23b61e40f})! Action taken: No Action Taken. Fri Oct 14 23:32:45 2005 => System found infected with istbar Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. Fri Oct 14 23:32:46 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken. Fri Oct 14 23:32:46 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken. Fri Oct 14 23:32:49 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken. Fri Oct 14 23:32:49 2005 => System found infected with midaddle Spyware/Adware (!update.exe)! Action taken: No Action Taken. Fri Oct 14 23:32:49 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken. Fri Oct 14 23:32:49 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. Fri Oct 14 23:32:52 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken. Fri Oct 14 23:32:58 2005 => System found infected with midaddle Spyware/Adware (!update.exe)! Action taken: No Action Taken. Fri Oct 14 23:32:58 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken. Fri Oct 14 23:32:58 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken. Fri Oct 14 23:33:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Fri Oct 14 23:33:02 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Fri Oct 14 23:33:03 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Fri Oct 14 23:33:03 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken. Fri Oct 14 23:49:32 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Fri Oct 14 23:49:32 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\DNLILN32.EXE.VIR Fri Oct 14 23:49:32 2005 => File C:\Programme\AVPersonal\INFECTED\DNLILN32.EXE.VIR infected by "Backdoor.Win32.Padodor.al" Virus! Action Taken: No Action Taken. Fri Oct 14 23:57:23 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\B\Bad Religion\Bad Religion - Infected.gp3 Sat Oct 15 00:00:01 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\mix\Bad Religion - Infected.gp3 Sat Oct 15 01:03:29 2005 => File C:\WINDOWS\system32\drivers\etc\HOSTS.bak infected by "Trojan.Win32.Qhost.k" Virus! Action Taken: No Action Taken. Sat Oct 15 01:16:35 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fri Oct 14 23:32:16 2005 => File C:\WINDOWS\system32\miec.dll tagged as "not-a-virus:AdWare.Win32.PurityScan.ak". Action Taken: No Action Taken. Fri Oct 14 23:35:57 2005 => File C:\Dokumente und Einstellungen\User\Desktop\Downloads\BSINSTALLDE.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fri Oct 14 23:32:47 2005 => Offending Key found: HKLM\Software\kazaa !!! Fri Oct 14 23:32:47 2005 => Offending Key found: HKCU\Software\kazaa !!! Fri Oct 14 23:32:49 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1 Fri Oct 14 23:32:49 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\!update.exe Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\cmdlineext02.dll Fri Oct 14 23:32:49 2005 => Offending file found: C:\DOKUME~1\User\LOKALE~1\Temp\insthelp.dll Fri Oct 14 23:32:52 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Favoriten\ebay.url Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\!update.exe Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\cmdlineext02.dll Fri Oct 14 23:32:58 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temp\insthelp.dll Fri Oct 14 23:33:01 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temporary internet files\content.ie5\kxkxer6d\common[1].js Fri Oct 14 23:33:02 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\temporary internet files\content.ie5\upnsxcvy\show_ads[2].js Fri Oct 14 23:33:03 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\content.ie5\kxkxer6d\common[1].js Fri Oct 14 23:33:03 2005 => Offending file found: C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temporary Internet Files\content.ie5\upnsxcvy\show_ads[2].js ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Oct 15 01:16:35 2005 => Total Virus(es) Found: 23 Sat Oct 15 01:16:35 2005 => Total Errors: 49 Sat Oct 15 01:16:35 2005 => Time Elapsed: 01:44:37 Sat Oct 15 01:16:35 2005 => Total Objects Scanned: 92328 Fri Oct 14 23:30:07 2005 => Virus Database Date: 2005/10/08 Sat Oct 15 01:16:35 2005 => Virus Database Date: 2005/10/08 Sat Oct 15 01:21:45 2005 => Virus Database Date: 2005/10/08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ |
Lade und update Ad-aware und Spybot und lasse die Programme laufen. http://www.comsafe.de/download.html Installiere cleanup, rufe es auf und setze den Haken bei alles löschen und dann Löschen drücken. http://www.clearprog.de/ Lösche die Quarantäneordner des AV-Programmes. Lösche die Datei mwav.log im Verzeichnis c:\bases_x. Neuer escan. Neues HJT-Log. |
Hallo Felix1, habe alles so gemacht wie du es beschrieben hast. Der winfixer ist aber immer noch da.... hier die neuen logfiles [edit] bitte editiere deine links wie es dir u.a. hier angezeigt wird: http://www.trojaner-board.de/showpost.php?p=171957&postcount=1 danke GUA [/edit] |
Hallo Felix1, habe alles so gemacht wie du es beschrieben hast. Der winfixer ist aber immer noch da.... hier die neuen logfiles ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Oct 16 16:01:21 2005 => System found infected with coolwebsearch Spyware/Adware ({3f143c3a-1457-6cca-03a7-7aa23b61e40f})! Action taken: No Action Taken. Sun Oct 16 16:01:21 2005 => System found infected with istbar Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. Sun Oct 16 16:01:22 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken. Sun Oct 16 16:01:22 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken. Sun Oct 16 16:01:24 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken. Sun Oct 16 16:01:25 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken. Sun Oct 16 16:14:19 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Sun Oct 16 16:20:54 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\B\Bad Religion\Bad Religion - Infected.gp3 Sun Oct 16 16:23:08 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\mix\Bad Religion - Infected.gp3 Sun Oct 16 17:24:17 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Oct 16 16:01:00 2005 => File C:\WINDOWS\system32\miec.dll tagged as "not-a-virus:AdWare.Win32.PurityScan.ak". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Oct 16 16:01:23 2005 => Offending Key found: HKLM\Software\kazaa !!! Sun Oct 16 16:01:23 2005 => Offending Key found: HKCU\Software\kazaa !!! Sun Oct 16 16:01:24 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1 Sun Oct 16 16:01:24 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb Sun Oct 16 16:01:25 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Favoriten\ebay.url ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Oct 16 17:24:17 2005 => Total Virus(es) Found: 10 Sun Oct 16 17:24:17 2005 => Total Errors: 56 Sun Oct 16 17:24:17 2005 => Time Elapsed: 01:23:35 Sun Oct 16 17:24:17 2005 => Total Objects Scanned: 90244 Sun Oct 16 15:59:11 2005 => Virus Database Date: 2005/10/08 Sun Oct 16 17:24:17 2005 => Virus Database Date: 2005/10/08 Sun Oct 16 17:31:03 2005 => Virus Database Date: 2005/10/08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 17:38:31, on 16.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\??anregw.exe C:\Programme\dotw\suso.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\WINDOWS\twain_32\C6U14K\WATCH.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\User\Desktop\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {18ABE2FB-7C37-55C6-42C7-55A05A89FECB} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8B0DC74E-59D0-5F71-86E1-7AA2A8F066CD} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {BF259DA3-0E3D-799B-4CE3-2777D7B00B9C} - C:\WINDOWS\system32\miec.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe O4 - HKCU\..\Run: [Lkzfra] C:\WINDOWS\system32\??anregw.exe O4 - HKCU\..\Run: [Rscb] "C:\Programme\dotw\suso.exe" -vt rbnd O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 209.8.20.130 O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103651328261 O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - (no file) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing) |
Hallo Felix1, habe alles so gemacht wie du es beschrieben hast. Der winfixer ist aber immer noch da.... hier die neuen logfiles ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Oct 16 16:01:21 2005 => System found infected with coolwebsearch Spyware/Adware ({3f143c3a-1457-6cca-03a7-7aa23b61e40f})! Action taken: No Action Taken. Sun Oct 16 16:01:21 2005 => System found infected with istbar Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken. Sun Oct 16 16:01:22 2005 => System found infected with dyfuca Spyware/Adware ({aa4939c3-deca-4a48-a454-97cd587c0ef5})! Action taken: No Action Taken. Sun Oct 16 16:01:22 2005 => System found infected with dyfuca Spyware/Adware ({eee4a2e5-9f56-432f-a6ed-f6f625b551e0})! Action taken: No Action Taken. Sun Oct 16 16:01:24 2005 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken. Sun Oct 16 16:01:25 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken. Sun Oct 16 16:14:19 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Sun Oct 16 16:20:54 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\B\Bad Religion\Bad Religion - Infected.gp3 Sun Oct 16 16:23:08 2005 => Scanning File C:\Programme\Guitar Pro 4\Guitar Pro Tabs\mix\Bad Religion - Infected.gp3 Sun Oct 16 17:24:17 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Oct 16 16:01:00 2005 => File C:\WINDOWS\system32\miec.dll tagged as "not-a-virus:AdWare.Win32.PurityScan.ak". Action Taken: No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Oct 16 16:01:23 2005 => Offending Key found: HKLM\Software\kazaa !!! Sun Oct 16 16:01:23 2005 => Offending Key found: HKCU\Software\kazaa !!! Sun Oct 16 16:01:24 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1 Sun Oct 16 16:01:24 2005 => Offending file found: C:\WINDOWS\system32\objsafe.tlb Sun Oct 16 16:01:25 2005 => Offending file found: C:\Dokumente und Einstellungen\***\Favoriten\ebay.url ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sun Oct 16 17:24:17 2005 => Total Virus(es) Found: 10 Sun Oct 16 17:24:17 2005 => Total Errors: 56 Sun Oct 16 17:24:17 2005 => Time Elapsed: 01:23:35 Sun Oct 16 17:24:17 2005 => Total Objects Scanned: 90244 Sun Oct 16 15:59:11 2005 => Virus Database Date: 2005/10/08 Sun Oct 16 17:24:17 2005 => Virus Database Date: 2005/10/08 Sun Oct 16 17:31:03 2005 => Virus Database Date: 2005/10/08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 17:38:31, on 16.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\??anregw.exe C:\Programme\dotw\suso.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\WINDOWS\twain_32\C6U14K\WATCH.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\***\Desktop\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://***.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://***.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://***.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://**.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://***.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://h**p://***.microsoft.com/isap...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://h**p://***.microsoft.com/isap...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://***.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://***.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://***.google.com/keyword/%s O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {18ABE2FB-7C37-55C6-42C7-55A05A89FECB} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {8B0DC74E-59D0-5F71-86E1-7AA2A8F066CD} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: (no name) - {BF259DA3-0E3D-799B-4CE3-2777D7B00B9C} - C:\WINDOWS\system32\miec.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe O4 - HKCU\..\Run: [Lkzfra] C:\WINDOWS\system32\??anregw.exe O4 - HKCU\..\Run: [Rscb] "C:\Programme\dotw\suso.exe" -vt rbnd O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {90019B5E-9FCA-4B17-A84B-6586A84E63F5} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 209.8.20.130 O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://h**p://v5.windowsupdate.micro...?1103651328261 O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - (no file) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\MSI\Bluetooth Software\bin\btwdins.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing) |
Lade dir mal das Programm Regseeker und säuber mit diesem Deine Registry. http://www.zdnet.de/downloads/prg/3/c/de0T3C_is-wc.html |
Hi, habe das Programm Regseeker laufen lassen. Die Registry ist jetzt sauber und ich meine der Rechner ist jetzt schneller als vorher.... aber der WinFixer ist immer noch da... |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 04:26 Uhr. |
Copyright ©2000-2025, Trojaner-Board