|
|
|
HijackThis
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: winapi32.MyBHO - {62E2E094-F989-48C6-B947-6E79DA2294F9} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O4 - HKLM\..\Run: [shhost] C:\Programme\OutLaster\shhost.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bargain-buddy.net/download/bargain_buddy/cab/installer_MARKETING32.cab
datfindbat
C:\WINDOWS\system32
06.05.2006 23:22 8.192 udpmod.dll
06.05.2006 23:22 8.192 questmod.dll
06.05.2006 23:22 8.192 jao.dll
06.05.2006 23:22 8.192 bridge.dll
06.05.2006 23:22 8.192 a.exe
06.05.2006 23:22 8.192 runsrv32.exe
06.05.2006 23:22 8.192 txfdb32.dll
06.05.2006 23:22 8.192 runsrv32.dll
06.05.2006 23:22 8.192 wstart.dll
06.05.2006 23:22 8.192 tcpservice2.exe
06.05.2006 23:22 8.192 dailytoolbar.dll
06.05.2006 23:22 8.192 alxres.dll
06.05.2006 21:09 4.608 taskdir.dll
04.05.2006 17:52 1 exuc32.tmp
04.05.2006 17:52 8.192 shellgui32.dll
04.05.2006 17:44 16.896 winapi32.dll
04.05.2006 17:44 48.644 winbl32.dll
04.05.2006 17:44 48.644 repigsp.exe
04.05.2006 17:44 71.684 winsrv32.exe
04.05.2006 17:44 8.708 rzcuxccp.exe
27.04.2006 19:52 6.152 phqghume.exe
C:\WINDOWS
06.05.2006 23:22 8.192 dlmax.dll
06.05.2006 23:22 8.192 Pynix.dll
06.05.2006 23:22 8.192 BTGrab.dll
06.05.2006 23:22 8.192 ZServ.dll
06.05.2006 23:22 8.192 susp.exe
06.05.2006 23:22 8.192 alxtb1.dll
06.05.2006 23:22 8.192 alxie328.dll
06.05.2006 23:22 8.192 alexaie.dll
06.05.2006 22:58 10.809 win-sec-center-logo.gif
06.05.2006 22:58 1.014 warning-bar-ico.gif
06.05.2006 22:58 6.575 remove-spyware-btn.gif
06.05.2006 22:58 64 close-bar.gif
06.05.2006 22:58 177 blue-bg.gif
06.05.2006 22:58 545 yes-icon.gif
06.05.2006 22:58 2.400 windows-compatible.gif
06.05.2006 22:58 985 true-stories.gif
06.05.2006 22:58 196 star.gif
06.05.2006 22:58 127 star-grey.gif
06.05.2006 22:58 10.829 spyware-sheriff-header.gif
06.05.2006 22:58 18.610 spyware-sheriff-box.gif
06.05.2006 22:58 9.392 reg-freeze-header.gif
06.05.2006 22:58 20.199 reg-freeze-box.gif
06.05.2006 22:58 104 no-icon.gif
06.05.2006 22:58 7.627 info.gif
06.05.2006 22:58 7.679 infected.gif
06.05.2006 22:58 352 header-bg.gif
06.05.2006 22:58 1.028 h-line-gradient.gif
06.05.2006 22:58 2.361 free-scan-btn.gif
06.05.2006 22:58 803 footer.gif
06.05.2006 22:58 1.470 facts.gif
06.05.2006 22:58 119 corner-right.gif
06.05.2006 22:58 119 corner-left.gif
06.05.2006 22:58 2.151 buy-now-btn.gif
06.05.2006 22:58 3.808 antispylab-logo.gif
06.05.2006 22:58 9.977 adware-sheriff-header.gif
06.05.2006 22:58 18.600 adware-sheriff-box.gif
Verzeichnis von C:\
22.03.2006 21:13 16 mxfilerelatedcache.mxc2
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:
registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwareSheriff_is1
Files to delete:
C:\WINDOWS\system32\udpmod.dll
C:\WINDOWS\system32\questmod.dll
C:\WINDOWS\system32\jao.dll
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\taskdir.exe
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\txfdb32.dll
C:\WINDOWS\system32\runsrv32.dll
C:\WINDOWS\system32\wstart.dll
C:\WINDOWS\system32\tcpservice2.exe
C:\WINDOWS\system32\dailytoolbar.dll
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\taskdir.dll
C:\WINDOWS\system32\exuc32.tmp
C:\WINDOWS\system32\shellgui32.dll
C:\WINDOWS\system32\winapi32.dll
C:\WINDOWS\system32\winbl32.dll
C:\WINDOWS\system32\repigsp.exe
C:\WINDOWS\system32\winsrv32.exe
C:\WINDOWS\system32\rzcuxccp.exe
C:\WINDOWS\system32\phqghume.exe
C:\WINDOWS\dlmax.dll
C:\WINDOWS\Pynix.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\ZServ.dll
C:\WINDOWS\susp.exe
C:\WINDOWS\alxtb1.dll
C:\WINDOWS\alxie328.dll
C:\WINDOWS\alexaie.dll
C:\WINDOWS\win-sec-center-logo.gif
C:\WINDOWS\warning-bar-ico.gif
C:\WINDOWS\remove-spyware-btn.gif
C:\WINDOWS\close-bar.gif
C:\WINDOWS\blue-bg.gif
C:\WINDOWS\yes-icon.gif
C:\WINDOWS\windows-compatible.gif
C:\WINDOWS\true-stories.gif
C:\WINDOWS\star.gif
C:\WINDOWS\star-grey.gif
C:\WINDOWS\spyware-sheriff-header.gif
C:\WINDOWS\spyware-sheriff-box.gif
C:\WINDOWS\reg-freeze-header.gif
C:\WINDOWS\reg-freeze-box.gif
C:\WINDOWS\no-icon.gif
C:\WINDOWS\info.gif
C:\WINDOWS\infected.gif
C:\WINDOWS\header-bg.gif
C:\WINDOWS\h-line-gradient.gif
C:\WINDOWS\free-scan-btn.gif
C:\WINDOWS\footer.gif
C:\WINDOWS\facts.gif
C:\WINDOWS\corner-right.gif
C:\WINDOWS\corner-left.gif
C:\WINDOWS\buy-now-btn.gif
C:\WINDOWS\antispylab-logo.gif
C:\WINDOWS\adware-sheriff-header.gif
C:\WINDOWS\adware-sheriff-box.gif
C:\mxfilerelatedcache.mxc2
Folders to delete:
C:\Programme\AdwareSheriff
|
deinstalliere:
Win-Tools Easy Installer (by WebSearch)
New.net Domains 7.22
webHancer Customer Companion
webHancer Survey Companion
OutLaster
---------------------
Counterspy
NewDotNet Browser Plug-in
c:\Programme\NewDotNet\newdotnet7_22.dll
c:\programme\newdotnet\readme.html
c:\programme\newdotnet\uninstall6_38.exe
c:\programme\newdotnet\uninstall7_22.exe
c:\windows\ndnuninstall6_38.exe
C:\WINDOWS\NDNuninstall6_98.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net
webHancer Adware
c:\programme\whinstall\whagent.inf
c:\programme\whinstall\whinstaller.ini
HKEY_LOCAL_MACHINE\software\webhancer
Trojan.Vxgame Trojan
c:\windows\system32\svcp.csv
c:\windows\system32\winsub.xml
Trojan.svcHost
c:\windows\system32\zlbw.dll
Proxy-Lager Backdoor
c:\windows\system32\parad.raw.exe
C:\WINDOWS\system32\voblaizdupla.exe
IBIS.WinTools Browser Plug-in
C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1008\Dc59\WToolsA.exe
Trojan.Blarul.D Backdoor
C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1008\Dc60\shhost.exe
VX2.Transponder Browser Plug-in
HKEY_LOCAL_MACHINE\software\respondmiter
HKEY_LOCAL_MACHINE\software\respondmiter Adware.Srv32 C:\WINDOWS\system32\runsrv32.exe
Bridge/WinFavorites Adware
HKEY_CLASSES_ROOT\Jao.jao
HKEY_CLASSES_ROOT\Bridge.brdg
Trojan.Downloader.Various Trojan
KEY_CLASSES_ROOT\winapi32.MyBHO
HKEY_CLASSES_ROOT\winapi32.MyBHO\Clsid {62E2E094-F989-48C6-B947-6E79DA2294F9}
HKEY_CLASSES_ROOT\winapi32.MyBHO winapi32.MyBHO
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)
AdwareSheriff
in edit und klicke "Ok".
Notepad wird sich öffnen
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwareSheriff_is1] --> löschen !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdwareSheriff_is1]
"Inno Setup: App Path"="C:\\Programme\\AdwareSheriff"
"InstallLocation"="C:\\Programme\\AdwareSheriff\\"
"Inno Setup: Icon Group"="AdwareSheriff"
"DisplayName"="AdwareSheriff 1.1"
"DisplayIcon"="C:\\Programme\\AdwareSheriff\\asheriff.exe"
"UninstallString"="\"C:\\Programme\\AdwareSheriff\\unins000.exe\""
"QuietUninstallString"="\"C:\\Programme\\AdwareSheriff\\unins000.exe\" /SILENT"
"Publisher"="AdwareSheriff.com"
"URLInfoAbout"="http://www.adwaresheriff.com"
"HelpLink"="http://www.adwaresheriff.com"
"URLUpdateInfo"="http://www.adwaresheriff.com"
[HKEY_USERS\S-1-5-21-1547161642-602162358-839522115-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\AdwareSheriff\\asheriff.exe"="AdwareSheriff antispyware"
HKEY_CURRENT_USER\Software\ADV --> löschen !
|
Link: adwaresheriff
Link: AdwareSheriff + SpySheriff
SpySheriff, AntiSpyLab, RegFreeze , AdwareSheriff , Windows Security Center
C:\Programme\AdwareSheriff\asheriff.exe
O4 - Startup: asheriff.lnk = C:\Archivos de programa\AdwareSheriff\asheriff.exe
|
|
|
