partypoker etc

[wieleda]

hallo ihr lieben,

also ich weiß, es gab bereits mehrere threads hierzu... leider habe ich das problem, dass ich wirklich ein computertechnischer analphabeth bin. wenn sich also einer von euch erbarmt, mir irgendwie zu helfen, dann brauch ich bitte bitte wirklich eine anleitung für dumme *g*

auch bei mir öffnen sich online laufend pop-ups von partypoker und diesem mist, aber auch gegen solche ala "sie wurden durch zufall auserwählt" ist mein popup-blocker machtlos

ich hab gesehn, dass ihr diesen hijackthis-log braucht, also hab ich das mal drüber flitzen lassen und stell es euch mal rein.

es wäre so super, wenn mir jemand helfen könnte, ich hab schon einen richtigen hass auf meinen pc entwickelt, weil ich nicht weiß, was ich gegen den quatsch machen kann.

vielen tausend dank nochmal im voraus und nochmal - damit ihrs nicht vergesst - ich bin wirklich ein computer-volltrottel und absoluter oberlaie


hijackthis-log:

Logfile of HijackThis v1.99.1
Scan saved at 23:47:40, on 07.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\keyhook.exe
D:\Programme\Messenger Plus! 3\MsgPlus1.exe
C:\Programme\AVPersonal\AVGNT.EXE
D:\Programme\Power DVD\PDVDServ.exe
C:\Programme\NetPumper\NetPumperIEProxy.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\Programme\SysShield Tools\Internet Eraser\cseraser.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\DOKUME~1\Maria\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.t-online.de/service/redir/tosw5_webtour.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3621D5F2-0366-8F0B-1BB8-068E3FF89FC4} - C:\DOKUME~1\Besitzer\ANWEND~1\LIESKN~1\ABOUTGLUE.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\Messenger Plus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RemoteControl] "D:\Programme\Power DVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [Nurbhidefilmlist] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acid 01 nurb hide\Cast proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - Startup: AbsoluteShield Internet Eraser.lnk = D:\Programme\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Startup: FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = D:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOKUME~1\BESITZER\LOKALE~1\TEMP\_VWUPSRV.EXE (file missing)
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe



lg, wieleda

[gipsy111]

Oje!
Du hast aber viele bösartige Programme auf deinem PC! Das wird eine längere Geschichte. Ich werde es mir heute Abend anschauen und dir dann eine Anleitung geben!

OK

Gruß

PS:
Warum machst du keine Win Updates?

[wieleda]

hey gipsy,

das wär wirklich so super, wenn du dir meiner bzw meines pc's annimmst!! vielen dank schon mal im voraus.

das war eigentlich gar nicht mein pc, ich hab den erst seit kurzem und benutze ihn vor allem kaum - also eigentlich benutze ich ihn nicht, weil mir der kram so auf den keks geht und dadurch auch ständig alles hängt.
ich hab auch echt von fast keinem programm auf dem pc irgendeine große ahnung, eben auch keine updates gemacht, weil ich sogut wie nie dransitze

ich brauch mich eigentlich auch nicht wundern, dass der pc mir nicht gehorcht, wenn ich mich nie um ihn kümmere, wa? *g*

hoffentlich weißt du, worauf du dich einlässt gipsy

lieber gruß
wieleda

[gipsy111]

1. Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html
_________________________________________________________________________

2. CleanUp + (PC neu starten)
http://virus-protect.org/cleanup.html
_________________________________________________________________________

3. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: (no name) - {3621D5F2-0366-8F0B-1BB8-068E3FF89FC4} –
C:\DOKUME~1\Besitzer\ANWEND~1\LIESKN~1\ABOUTGLUE.exe (file missing)

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programme\Messenger Plus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [Nurbhidefilmlist] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acid 01 nurb hide\Cast proxy.exe
4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: AbsoluteShield Internet Eraser.lnk = D:\Programme\SysShield Tools\Internet Eraser\cseraser.exe

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ.exe (file missing)

O23 - Service: AntiVir Update Temp (TmpUpSrv) - Unknown owner - C:\DOKUME~1\BESITZER\LOKALE~1\TEMP\_VWUPSRV.EXE (file missing)

_________________________________________________________________________

4. Deinstallieren: (falls vorhanden)

"Start -> Einstellungen -> Systemsteuerung -> Software"

C:\Programme\MessengerPlus! 3

C:\Programme\NetPumper\NetPumperIEProxy.exe

C:\PROGRAMME\C2Media

C:\Programme\Anti-Leech

C:\Programme\Adverts -> [c:\programme\adverts\uninst.exe]

D:\Programme\SysShield Tools
_________________________________________________________________________

5. Löschen

C:\Dokumente und Einstellungen\Username\Anwendungsdaten\NetPumper
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acid 01 nurb hide\

C:\WINDOWS\System32\im_2.exe --> löschen, falls es vorhanden ist
__________________________________________________________________________

6.
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften ---> Reiter Systemwiederherstellung ---> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren)
__________________________________________________________________________

7.
Counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (poste den Report)
__________________________________________________________________________

8.
scanne mit Panda und poste den Scanreport (see Report, save Report und dann hier posten)
http://virus-protect.org/onlinescan.html
__________________________________________________________________________

+ neue Logfile von HijackThis
___________________________________________________________________________

Viel Spaß damit

[wieleda]

zu 1.
war schon fast alles gemacht, musste ich nur noch ein häkchen ersetzen

zu 2.
eledigt

zu 3.
erledigt, abr irendwie gab es da manche sachen gar nicht, z.b. O4 - Startup: AbsoluteShield Internet Eraser.Ink etc.

aber alles was da war, hab ich weggemacht

zu 4.
da gabs auch manches nicht, was ich gefunden habe, hab ich gelöscht

zu 5.
siehe 4.

zu 6.
erledigt

zu 7.
erledigt. der scan =>

Scan History Details
Start Date: 08.03.2007 23:45:32
End Date: 09.03.2007 00:34:58
Total Time: 49 Min 26 Sec
Detected security risks

Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@atdmt[2].txt


BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BEARSHARE


BroadcastPC Adware (General) more information...
Details: The BroadcastPC software is used to deliver interactive media. It monitors the web usage of the user to target users with advertisements.
Status: Deleted

Files detected
E:\Sik_maria\Program Files\Bpt\BPT.exe
E:\Sik_maria\Program Files\Common Files\Java\bcre.exe
E:\Sik_maria\Program Files\Common Files\Java\bpt.cfg
E:\Sik_maria\Program Files\Common Files\Java\bptre.exe


Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@cgi-bin[1].txt


Cookie: CoreMetrics.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@data.coremetrics[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@doubleclick[1].txt


Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_gi
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_gi
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_gi
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_gi
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_gi
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_trickle
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_trickle
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_trickle
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_trickle
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_trickle
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GCH\_ts
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GUS
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn\GUS
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\dyn
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\stat
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\Gator\stat
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\GInternet
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\GInternet\Proxy
HKEY_LOCAL_MACHINE\SOFTWARE\GATOR.COM\GInternet\Proxy


C2.Lop Hijacker more information...
Details: Lop is a group of spyware and hijacker programs that set your Internet Explorer start page and search features to use the site lop.com ('Live Online Portal') or one of its clone sites.
Status: Deleted

Files detected
C:\Programme\AVPersonal\INFECTED\A0008616.EXE.VIR
C:\Programme\AVPersonal\INFECTED\SETUP.EXE.VIR
E:\Sik_maria\Programme\AVPersonal\INFECTED\SETUP.EXE.VIR
C:\PROGRAMME\C2MEDIA


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@mediaplex[1].txt


Overnet Adware Bundler more information...
Details: Overnet/eDonkey is a file sharing application that bundles third party adware and spyware with the free version.
Status: Deleted

Files detected
D:\Programme\eDonkey2000\Plugins\ed2kie.dll
E:\Sik_maria\Programme\eDonkey2000\Plugins\ed2kie.dll

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\eD2KDownloadManager.object.1


PeopleOnPage Hijacker more information...
Details: The PeopleOnPage program is an adware and browser hijacker that claims to be an Internet Explorer sidebar which claims to show a list of other users of the current site.
Status: Deleted

Files detected
E:\Sik_maria\Programme\CxtPls\atl.dll


Altnet/Topsearch Browser Plug-in more information...
Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster.
Status: Deleted

Files detected
E:\Sik_maria\Program Files\Altnet\Download Manager\asm.exe
E:\Sik_maria\Program Files\Altnet\Download Manager\asmps.dll


Cookie: Weborama Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@weborama[2].txt


Worm.P2P.SpyBot.gen Worm.Generic more information...
Status: Deleted

Files detected
E:\Sik_maria\Programme\AVPersonal\INFECTED\OPEN_ME.EXE.VIR


Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Deleted

Files detected
D:\Programme\Messenger Plus! 3\Lame_enc.dll
D:\Programme\Messenger Plus! 3\Libsndfile.dll
D:\Programme\Messenger Plus! 3\MsgPlus.exe
D:\Programme\Messenger Plus! 3\MsgPlus1.exe
D:\Programme\Messenger Plus! 3\MsgPlusH.dll
D:\Programme\Messenger Plus! 3\MsgPlusH1.dll
D:\Programme\Messenger Plus! 3\MsgPlusLoader1.dll
D:\Programme\Messenger Plus! 3\MsgPlusLoader2.dll
D:\Programme\Messenger Plus! 3\Resources\MsgPlusRes.dll
D:\Programme\Messenger Plus! 3\Setup.dat
E:\Daten_admin\Meine empfangenen Dateien\Messenger Plus! - Setup.exe
E:\Sik_maria\Dokumente und Einstellungen\maria\Eigene Dateien\Meine empfangenen Dateien\MsgPlus-301.exe
E:\Sik_maria\Programme\Messenger Plus! 2\MsgPlus.exe
E:\Sik_maria\Programme\Messenger Plus! 3\MsgPlus.exe
E:\Sik_maria\Programme\Messenger Plus! 3\MsgPlusH.dll
E:\Sik_maria\Programme\Messenger Plus! 3\MsgPlusH1.dll
E:\Sik_maria\Programme\Messenger Plus! 3\Resources\MsgPlusRes.dll
E:\Sik_maria\Programme\Messenger Plus! 3\Setup.dat


FlashEnhancer Browser Plug-in more information...
Details: FlashEnhancer is a Browser Helper Object that displays advertising popups while surfing the web.
Status: Deleted

Files detected
E:\Sik_maria\Program Files\Common Files\Java\fecpy.cfg
E:\Sik_maria\Program Files\Common Files\Java\fecpy.exe
E:\Sik_maria\Program Files\Common Files\Java\Xcpy1.cfg
E:\Sik_maria\Program Files\Common Files\Java\Xcpy1.exe
E:\Sik_maria\Program Files\Fen\Fen.dll
E:\Sik_maria\Program Files\Fen\t.bak
E:\Sik_maria\Program Files\XML\t.bak
E:\Sik_maria\Program Files\XML\XML.dll


AproposMedia.ContextPlus Hijacker more information...
Details: AproposMedia.ContextPlus is a component of PeopleOnPage that spawns pop-up ads and hijacks browser settings including the user's default homepage and search settings. Some variants may install a toolbar.
Status: Deleted

Files detected
E:\Sik_maria\Programme\CxtPls\ProxyStub.dll
E:\Sik_maria\Programme\CxtPls\WinGenerics.dll


AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Files detected
C:\PROGRAMME\ANTI-LEECH\ALIE_1.0.2.3\iesetup2.exe
C:\PROGRAMME\ANTI-LEECH
C:\PROGRAMME\ANTI-LEECH\ALIE_1.0.2.3

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ANTI-LEECH ALIE


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components.
Status: Deleted

Files detected
C:\DOKUMENTE UND EINSTELLUNGEN\Besitzer\ANWENDUNGSDATEN\NETPUMPER\Besitzer.ini
C:\PROGRAMME\NETPUMPER\ZM\NP_0094_1.exe
C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\NETPUMPER
C:\PROGRAMME\NETPUMPER
C:\PROGRAMME\NETPUMPER\ZM

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\NETPUMPER
HKEY_LOCAL_MACHINE\SOFTWARE\NETPUMPER\Affiliated
HKEY_LOCAL_MACHINE\SOFTWARE\NETPUMPER\Affiliated\free
HKEY_LOCAL_MACHINE\SOFTWARE\NETPUMPER\Affiliated\free\Firstrun
HKEY_LOCAL_MACHINE\SOFTWARE\NETPUMPER\Affiliated\free\Firstrun
HKEY_LOCAL_MACHINE\SOFTWARE\NETPUMPER
HKEY_USERS\S-1-5-21-1606980848-1644491937-725345543-1003\SOFTWARE\NETPUMPER
HKEY_USERS\S-1-5-21-1606980848-1644491937-725345543-1003\SOFTWARE\NETPUMPER\Besitzer
HKEY_USERS\S-1-5-21-1606980848-1644491937-725345543-1003\SOFTWARE\NETPUMPER\Besitzer
HKEY_USERS\S-1-5-21-1606980848-1644491937-725345543-1003\SOFTWARE\NETPUMPER\Besitzer
HKEY_USERS\S-1-5-21-1606980848-1644491937-725345543-1003\SOFTWARE\NETPUMPER\Besitzer
HKEY_USERS\S-1-5-21-1606980848-1644491937-725345543-1003\SOFTWARE\NETPUMPER\Besitzer


eDonkey2000 P2P Program more information...
Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Files detected
d:\programme\edonkey2000\Plugins\ed2kie.dll
E:\Sik_maria\Programme\eDonkey2000\edonkey2000.exe

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID


Altnet Download Manager Low Risk Adware more information...
Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network.
Status: Deleted

Files detected
E:\Sik_maria\Program Files\Altnet\Download Manager\dminfo3.cab
E:\Sik_maria\Program Files\Altnet\Points Manager\LocalPages\altnet.css


Cookie: PriceBandit Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@apmebf[2].txt
c:\dokumente und einstellungen\maria\cookies\maria@apmebf[2].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@tradedoubler[2].txt
c:\dokumente und einstellungen\maria\cookies\maria@tradedoubler[1].txt


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@ad.yieldmanager[2].txt
c:\dokumente und einstellungen\maria\cookies\maria@ad.yieldmanager[2].txt


Elkern.a (v) Virus.Generic more information...
Details: rather than infect them.
Status: Deleted

Files detected
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunk body face\Seek Cake Bits.exe


C2.Lop (v) Hijacker more information...
Status: Deleted

Processes detected
c:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunk body face\01testtitle.exe

Files detected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acid 01 nurb hide\Cast proxy.exe
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\lies knob\ABOUTGLUE.exe
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Thunk body face\gflfcrdc.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\backups\backup-20070308-232620-367.dll
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\bis1A2.exe
C:\Programme\NetPumper\ZM\NP_0094_1.exe

Registry entries detected
HKEY_USERS\S-1-5-21-1606980848-1644491937-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN


zu 8.
wollte ich machen, ging auch immer bis zur letzten sekunde und dann kam jedesmal (habs mind. 5x probiert):

An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...


neuer Hijack-log:


Logfile of HijackThis v1.99.1
Scan saved at 09:34:12, on 09.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
D:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
D:\Programme\Power DVD\PDVDServ.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FRITZ!DSL\FritzDsl.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.t-online.de/service/redir/tosw5_internet.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RemoteControl] "D:\Programme\Power DVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = D:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOKUME~1\BESITZER\LOKALE~1\TEMP\_VWUPSRV.EXE
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe



danke schon mal für die idiotensichere anleitung *g* hab mir wirklich mühe gegeben, alles genau zu befolgen

lg,
wieleda

[gipsy111]

Deinstalliere (falls nicht vorhanden), dann das Verzeichnis löschen

E:\Sik_maria
D:\Programme\eDonkey2000\
C:\PROGRAMME\ANTI-LEECH
BearShare
_____________________________________________________________________________

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

cd\
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
notepad files.txt

____________________________________________________________________________________

Lade dir Ewido, und installiere es. Nachdem führt du die erforderlichen Updates durch!
Danach geht's du in den abgesicherten Modus und machst einen Fullscan und poste bitte danach den Scanreport(:arrow: http://virus-protect.org/ewido.html )