Mein Inernet Explorer öffnet sich selbstständig und zeigt andauernd irgendwelche Werbeseiten an! Ich habe beireits Antivirensoftware und alles das über meinen PC gejagt, hat alles nicht geholfen,Werbung erscheint noch immer!
Was kann ich da tun???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:50, on 27.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\APPS\Powercinema\PCMService.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\ISW\alice\signup\alicecnn.exe
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
C:\Programme\uTorrent\uTorrent.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\APPS\RecordNow\RecordNow.exe
C:\Dokumente und Einstellungen\dijana1\Eigene Dateien\programi dijana\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice-dsl.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programme\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [axis web cake second] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Book Slow Axis Web\Long hope.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [datemags] C:\DOKUME~1\dijana1\ANWEND~1\CITYCL~1\Fastbleh.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2239C0C-B31E-4C99-822F-D82279F247DD}: NameServer = 62.109.123.197 213.191.74.19
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programme\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 11668 bytes

Hi,

Bitte folgende Files prüfen:

Zitat:

C:\DOKUME~1\dijana1\ANWEND~1\CITYCL~1\Fastbleh.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Book Slow Axis Web\Long hope.exe

VirusTotal - Free Online Virus and Malware Scan
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen

Poste das Ergebnis mit Filename;

Falls beides erkannt wurde, hier weiter:
Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code: Alles auswählenAufklappen

ATTFilter

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|axis web cake second
 
Files to delete:
C:\DOKUME~1\dijana1\ANWEND~1\CITYCL~1\Fastbleh.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Book Slow Axis Web\Long hope.exe
         

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.


4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.


Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code: Alles auswählenAufklappen

ATTFilter

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBIniti alSetup1.0.0.15-3.cab
O4 - HKCU\..\Run: [datemags] C:\DOKUME~1\dijana1\ANWEND~1\CITYCL~1\Fastbleh.exe
         

Chris

[QUOTE=Chris4You;341678]Hi,

Bitte folgende Files prüfen:

VirusTotal - Free Online Virus and Malware Scan
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen

Poste das Ergebnis mit Filename;




Wenn ich das gemacht hab söoll ich das Ergebnis mit File name dir hier posten?
Danke

Das wurde erkant ,das andere nicht

C:\DOKUME~1\dijana1\ANWEND~1\CITYCL~1\Fastbleh.exe

soll ich das ergebnis von Virus Total hier schicken?

Zitat:

Zitat von diki

Das wurde erkant ,das andere nicht

C:\DOKUME~1\dijana1\ANWEND~1\CITYCL~1\Fastbleh.exe

soll ich das ergebnis von Virus Total hier schicken?

Poste bitte beide Ergebnisse.....Auch wenn nix gefunden wird! Manche Viren verstecken sich vor so eonem Scan und es wird dann nur ne größe von 0 kb angezeigt!
Also: beide Dateien Prüfen und alles, inkl. der Dateigröße und Prüfsumme Posten!

Datei Fastbleh.exe empfangen 2008.05.28 14:11:17 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 3/32 (9.38%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit is zwischen 43 und 62 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:


Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.5.28.0 2008.05.28 -
AntiVir 7.8.0.19 2008.05.28 -
Authentium 5.1.0.4 2008.05.28 -
Avast 4.8.1195.0 2008.05.28 -
AVG 7.5.0.516 2008.05.28 -
BitDefender 7.2 2008.05.28 -
CAT-QuickHeal 9.50 2008.05.26 -
ClamAV 0.92.1 2008.05.28 -
DrWeb 4.44.0.09170 2008.05.28 Trojan.Swizzor.based
eSafe 7.0.15.0 2008.05.27 -
eTrust-Vet 31.4.5829 2008.05.28 -
Ewido 4.0 2008.05.28 -
F-Prot 4.4.4.56 2008.05.27 W32/Swizzor.D.gen!Eldorado
F-Secure 6.70.13260.0 2008.05.28 -
Fortinet 3.14.0.0 2008.05.27 -
GData 2.0.7306.1023 2008.05.28 -
Ikarus T3.1.1.26.0 2008.05.28 -
Kaspersky 7.0.0.125 2008.05.28 -
McAfee 5304 2008.05.27 -
Microsoft 1.3520 2008.05.28 -
NOD32v2 3138 2008.05.28 -
Norman 5.80.02 2008.05.27 -
Panda 9.0.0.4 2008.05.28 -
Prevx1 V2 2008.05.28 -
Rising 20.46.22.00 2008.05.28 -
Sophos 4.29.0 2008.05.28 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.28 Adware.Lop
TheHacker 6.2.92.321 2008.05.27 -
VBA32 3.12.6.6 2008.05.28 -
VirusBuster 4.3.26:9 2008.05.27 -
Webwasher-Gateway 6.6.2 2008.05.28 -
weitere Informationen
File size: 418304 bytes
MD5...: 74e36167f381df1a432b2c2185532178
SHA1..: d146b5809e23bde480d0f43d1331bc302bb1ddae
SHA256: 7e199b26f0eb7b46054230e9156242fc93ec7ae9b6d15bb321de0546265b5bf8
SHA512: c04b27a88559af01c3da6728447f26bbfaef47c20424d91339efb322311d9cef
7f7f85219ec03a1052f98359051c4e87f5c8dfa83e5a795300dea502049c4c57
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x407ea4
timedatestamp.....: 0x4729f9b0 (Thu Nov 01 16:07:12 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1cb33 0x1cc00 6.16 810a4916b8f3075245e3f0eaea422982
.rdata 0x1e000 0x5410 0x2200 5.07 c338438d32795869ffc3ce9f229089d9
.data 0x24000 0x44df4 0x44e00 7.89 ab57752af381af50c674f990c8a9e838
.rsrc 0x69000 0x20dc 0x2200 3.27 58d53b699d044a74b692b8a5d9168187

( 6 imports )
> GDI32.dll: RestoreDC, UpdateICMRegKeyW, PolylineTo, CreatePatternBrush, GetCharABCWidthsA, GetCharABCWidthsFloatW, SetPixel, SetICMProfileW, EnumFontFamiliesW, SetPolyFillMode, CheckColorsInGamut, GetGraphicsMode, EnumFontFamiliesExA, GetCharWidth32A, GetBitmapDimensionEx, SetMapperFlags, gdiPlaySpoolStream, CreateRectRgn, EnumFontFamiliesExW, RoundRect, CreateRectRgnIndirect, MoveToEx, GdiPlayDCScript, TextOutW
> ADVAPI32.dll: CryptImportKey, RegQueryMultipleValuesW, RegRestoreKeyA, RegRestoreKeyW, DuplicateToken, RegSaveKeyW, CryptContextAddRef, RegSetValueExA, LookupPrivilegeValueW, RegEnumValueA, RegConnectRegistryW, CryptDestroyHash, RegQueryMultipleValuesA, CryptSetProviderExA, CreateServiceA, CryptEnumProvidersA, RegOpenKeyW, CryptSetProviderW, LookupAccountSidW
> KERNEL32.dll: VirtualProtect, CreateFileMappingW, LoadLibraryA, GetStringTypeW, GetStdHandle, GetTimeFormatA, InitializeCriticalSection, EnterCriticalSection, UnhandledExceptionFilter, HeapCreate, IsValidCodePage, GetFileType, GetLocaleInfoA, SetHandleCount, CompareStringW, HeapSize, GetCurrentThreadId, FormatMessageA, TlsGetValue, TerminateProcess, GetModuleFileNameW, SetEnvironmentVariableA, HeapReAlloc, VirtualAlloc, GetStringTypeA, ExitThread, LeaveCriticalSection, WriteFile, IsBadWritePtr, LCMapStringA, GetTimeZoneInformation, HeapFree, TlsAlloc, GetStartupInfoW, GetStartupInfoA, TlsSetValue, VirtualFreeEx, GetVersionExA, GetDateFormatA, GetLastError, VirtualFree, GetCPInfo, TlsFree, VirtualQuery, GetUserDefaultLCID, CompareStringA, EnumSystemLocalesA, GetSystemInfo, GetModuleFileNameA, GetTickCount, GetEnvironmentStringsW, GetLocaleInfoW, InterlockedExchange, ExitProcess, GetCommandLineA, GetACP, QueryPerformanceCounter, GetCommandLineW, GetEnvironmentStrings, GetCurrentProcessId, DeleteCriticalSection, IsValidLocale, HeapAlloc, GetCurrentThread, GetPrivateProfileStringA, WaitForSingleObject, MultiByteToWideChar, GetOEMCP, GetSystemTimeAsFileTime, GetCurrentProcess, GetProcAddress, FreeEnvironmentStringsW, GetModuleHandleA, LCMapStringW, FreeEnvironmentStringsA, HeapDestroy, RtlUnwind, SetLastError, WideCharToMultiByte, GetExitCodeProcess, GetStringTypeExW
> WININET.dll: FtpOpenFileW, GopherCreateLocatorA, InternetCreateUrlA, FindFirstUrlCacheContainerA
> comdlg32.dll: ChooseFontW
> SHELL32.dll: FindExecutableW, DragFinish, DragQueryFile, SHGetPathFromIDListW

( 0 exports )

0 bytes size received / Se ha recibido un archivo vacio

Bei diese:

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Book Slow Axis Web\Long hope.exe


wird mir immer gesagt:
Datei konnte nicht gefunden werden.
Überprüfen sie ob der Dateiname richtig ist.

Hi,

macht nichts, führe die angegebenen Scripte aus und poste wie angegeben die Ergebnisse und ein neues HJ-Log;

Danach folge noch dem Link hier und arbeite Ihn ab (die Jobs z.B.)...
http://www.trojaner-board.de/28388-a...n-swizzor.html

chris

Datei Fastbleh.exe empfangen 2008.05.28 15:47:45 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 3/32 (9.38%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit is zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:


Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.5.28.0 2008.05.28 -
AntiVir 7.8.0.19 2008.05.28 -
Authentium 5.1.0.4 2008.05.28 -
Avast 4.8.1195.0 2008.05.28 -
AVG 7.5.0.516 2008.05.28 -
BitDefender 7.2 2008.05.28 -
CAT-QuickHeal 9.50 2008.05.26 -
ClamAV 0.92.1 2008.05.28 -
DrWeb 4.44.0.09170 2008.05.28 Trojan.Swizzor.based
eSafe 7.0.15.0 2008.05.27 -
eTrust-Vet 31.4.5829 2008.05.28 -
Ewido 4.0 2008.05.28 -
F-Prot 4.4.4.56 2008.05.27 W32/Swizzor.D.gen!Eldorado
F-Secure 6.70.13260.0 2008.05.28 -
Fortinet 3.14.0.0 2008.05.27 -
GData 2.0.7306.1023 2008.05.28 -
Ikarus T3.1.1.26.0 2008.05.28 -
Kaspersky 7.0.0.125 2008.05.28 -
McAfee 5304 2008.05.27 -
Microsoft 1.3520 2008.05.28 -
NOD32v2 3139 2008.05.28 -
Norman 5.80.02 2008.05.27 -
Panda 9.0.0.4 2008.05.28 -
Prevx1 V2 2008.05.28 -
Rising 20.46.22.00 2008.05.28 -
Sophos 4.29.0 2008.05.28 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.28 Adware.Lop
TheHacker 6.2.92.321 2008.05.27 -
VBA32 3.12.6.6 2008.05.28 -
VirusBuster 4.3.26:9 2008.05.27 -
Webwasher-Gateway 6.6.2 2008.05.28 -
weitere Informationen
File size: 418304 bytes
MD5...: 74e36167f381df1a432b2c2185532178
SHA1..: d146b5809e23bde480d0f43d1331bc302bb1ddae
SHA256: 7e199b26f0eb7b46054230e9156242fc93ec7ae9b6d15bb321de0546265b5bf8
SHA512: c04b27a88559af01c3da6728447f26bbfaef47c20424d91339efb322311d9cef
7f7f85219ec03a1052f98359051c4e87f5c8dfa83e5a795300dea502049c4c57
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x407ea4
timedatestamp.....: 0x4729f9b0 (Thu Nov 01 16:07:12 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1cb33 0x1cc00 6.16 810a4916b8f3075245e3f0eaea422982
.rdata 0x1e000 0x5410 0x2200 5.07 c338438d32795869ffc3ce9f229089d9
.data 0x24000 0x44df4 0x44e00 7.89 ab57752af381af50c674f990c8a9e838
.rsrc 0x69000 0x20dc 0x2200 3.27 58d53b699d044a74b692b8a5d9168187

( 6 imports )
> GDI32.dll: RestoreDC, UpdateICMRegKeyW, PolylineTo, CreatePatternBrush, GetCharABCWidthsA, GetCharABCWidthsFloatW, SetPixel, SetICMProfileW, EnumFontFamiliesW, SetPolyFillMode, CheckColorsInGamut, GetGraphicsMode, EnumFontFamiliesExA, GetCharWidth32A, GetBitmapDimensionEx, SetMapperFlags, gdiPlaySpoolStream, CreateRectRgn, EnumFontFamiliesExW, RoundRect, CreateRectRgnIndirect, MoveToEx, GdiPlayDCScript, TextOutW
> ADVAPI32.dll: CryptImportKey, RegQueryMultipleValuesW, RegRestoreKeyA, RegRestoreKeyW, DuplicateToken, RegSaveKeyW, CryptContextAddRef, RegSetValueExA, LookupPrivilegeValueW, RegEnumValueA, RegConnectRegistryW, CryptDestroyHash, RegQueryMultipleValuesA, CryptSetProviderExA, CreateServiceA, CryptEnumProvidersA, RegOpenKeyW, CryptSetProviderW, LookupAccountSidW
> KERNEL32.dll: VirtualProtect, CreateFileMappingW, LoadLibraryA, GetStringTypeW, GetStdHandle, GetTimeFormatA, InitializeCriticalSection, EnterCriticalSection, UnhandledExceptionFilter, HeapCreate, IsValidCodePage, GetFileType, GetLocaleInfoA, SetHandleCount, CompareStringW, HeapSize, GetCurrentThreadId, FormatMessageA, TlsGetValue, TerminateProcess, GetModuleFileNameW, SetEnvironmentVariableA, HeapReAlloc, VirtualAlloc, GetStringTypeA, ExitThread, LeaveCriticalSection, WriteFile, IsBadWritePtr, LCMapStringA, GetTimeZoneInformation, HeapFree, TlsAlloc, GetStartupInfoW, GetStartupInfoA, TlsSetValue, VirtualFreeEx, GetVersionExA, GetDateFormatA, GetLastError, VirtualFree, GetCPInfo, TlsFree, VirtualQuery, GetUserDefaultLCID, CompareStringA, EnumSystemLocalesA, GetSystemInfo, GetModuleFileNameA, GetTickCount, GetEnvironmentStringsW, GetLocaleInfoW, InterlockedExchange, ExitProcess, GetCommandLineA, GetACP, QueryPerformanceCounter, GetCommandLineW, GetEnvironmentStrings, GetCurrentProcessId, DeleteCriticalSection, IsValidLocale, HeapAlloc, GetCurrentThread, GetPrivateProfileStringA, WaitForSingleObject, MultiByteToWideChar, GetOEMCP, GetSystemTimeAsFileTime, GetCurrentProcess, GetProcAddress, FreeEnvironmentStringsW, GetModuleHandleA, LCMapStringW, FreeEnvironmentStringsA, HeapDestroy, RtlUnwind, SetLastError, WideCharToMultiByte, GetExitCodeProcess, GetStringTypeExW
> WININET.dll: FtpOpenFileW, GopherCreateLocatorA, InternetCreateUrlA, FindFirstUrlCacheContainerA
> comdlg32.dll: ChooseFontW
> SHELL32.dll: FindExecutableW, DragFinish, DragQueryFile, SHGetPathFromIDListW

( 0 exports )

Logfile of Trend Micro HijackThis v2.0.2



[edit]
Bitte editiere zukünftig deine Links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

Danke.
Sunny
[/edit]

Das mit Avenger geht nicht,steht immer:

Error: Invalid script. A valid script must begin with a command directive.
aborting execution!

habs doch geschaft,hier Report von Avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 08:24:10 2008

08:24:10: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 08:24:21 2008

08:24:21: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 08:24:37 2008

08:24:37: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 08:24:46 2008

08:24:46: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 08:27:45 2008

08:27:45: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 08:43:28 2008

08:43:28: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 08:44:46 2008

08:44:46: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:38:51 2008

13:38:51: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:39:16 2008

13:39:16: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:39:47 2008

13:39:47: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:39:52 2008

13:39:52: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:41:22 2008

13:41:22: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:42:47 2008

13:42:47: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:47:28 2008

13:47:28: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:56:18 2008

13:56:18: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 13:56:43 2008

13:56:43: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 15:43:50 2008

15:43:50: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 15:46:47 2008

15:46:47: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 15:59:42 2008

15:59:42: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 16:00:15 2008

16:00:15: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Wed May 28 16:01:33 2008

16:01:33: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\DOKUME~1\dijana1\ANWEND~1\CITYCL~1\Fastbleh.exe" deleted successfully.

Error: file "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Book Slow Axis Web\Long hope.exe" not found!
Deletion of file "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Book Slow Axis Web\Long hope.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|axis web cake second" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hi,

zum Schluss hat es doch noch funktioniert...

Bitte jetzt noch Antimalewarebyte:
http://www.trojaner-board.de/51187-a...i-malware.html

Poste das Log u. ein neues HJ-Log...

chris

Malwarebytes' Anti-Malware 1.12
Datenbank Version: 793

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 151463
Scan Dauer: 42 minute(s), 25 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 20
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 11
Infizierte Dateien: 8

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\3wPlayer (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images\0FE87783.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\10F0DCFF.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.