Spyware Scan Details Start Date: 15.10.2006 11:39:55 End Date: 15.10.2006 12:14:41 Total Time: 34 mins 46 secs Detected spyware BearShare P2P Program more information... Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Ignored Infected files detected c:\programme\bearshare\bearshare.dat c:\programme\bearshare\bearshare.exe c:\programme\bearshare\bsidle.dll c:\programme\bearshare\freepeers.ini c:\programme\bearshare\history.txt c:\programme\bearshare\install.log c:\programme\bearshare\proinstall2.ini c:\programme\bearshare\runmsc.dll c:\programme\bearshare\unwise.exe c:\programme\bearshare\webstats.bat c:\programme\bearshare\webstats.exe c:\programme\bearshare\webstats.ini c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\connect.txt c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\db\hostiles-chat.txt c:\programme\bearshare\db\library.2.db c:\programme\bearshare\db\library.2.db.lastgoodload.bak c:\programme\bearshare\db\library.db c:\programme\bearshare\db\library.db.lastgoodload.bak c:\programme\bearshare\db\searches.ini c:\programme\bearshare\logs\hosts-state.txt c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt c:\programme\bearshare\logs\streams.txt c:\programme\bearshare\sounds\notify.wav c:\dokumente und einstellungen\all users\startmenü\programme\bearshare.lnk c:\dokumente und einstellungen\stefan\desktop\bearshare downloads.lnk c:\dokumente und einstellungen\stefan\desktop\bearshare.lnk Infected registry entries detected HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.5.1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.com/help.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 C:\WINDOWS\System32\scardssp.dll HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ThreadingModel Free HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID Scardssp.SCard.1 HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\TypeLib {82C38704-19F1-11D3-A11F-00C04F79F800} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\VersionIndependentProgID Scardssp.SCard HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} SCard Class HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} NaFtuawfuahd Eto`Zk~R@wyAavU}EDJ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qprUxdabz _qfYPZghkN[FF\B`ric|FYM HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} iqJlOdnpoftod yp~YRvPnFrMYJJZzZtXgmHDSYX HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} dkbJaE K}Nhh|Wgczysx~tr\y{N\hs HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ejkmnqdc HMsiyOd]JEjDHnfG}FprJ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ruIqfzqX AzTiiK]XJyYIRYZdE HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} bpIqjbNzr ]Ac[k@b`BBBbURHL HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vxhgluvWNzL FCtydU|{w^TcP@_[miPfEXGiSr~DP` HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Zunv L\RSC}gRBgRTgolF|rf HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} UmfzwrRj vFeJVxQD_mxRRFJVFcgukI HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} YavqcthxFo yOsAEfg]|]PPJJE{Q@S HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} rGwqkwZy IKWy}eyjFVLdWt`wySn\gPQt HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} CqlYa EQ\a[efHS[iBEWrCLgh|jvl|ewbV HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} twNPpai [xrMxXyiQdDtySLcEDVY\K HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} yDtBnauiwkSjb RaaYR[hVyYfS HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} nzyhvAejt Eto`Zk~R@wyAavU}EDJ_qfX HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} mgXrQsZ qZwhkN[FF\B`ric|FYMyp~YR HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} dnTzpgf vPnFrMYJJZzZtXgmHDSY HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ioyPB XK}Nhh|Wgczysx~tr\y{N HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} nubB [eGV]{nxHynIRjNTi~G`qHJafSu HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ctVGlkP ~WSX]y^HBA[xUH|c\Bv HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} fjtDluL ~uhDCRBRNxDGAcMh HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jsSqq I[fH_cb`]_biw{rEWxep~q HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Dmewwizh k|{\RSstSSEj]NSfX|K_IcrwAGBBVx HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} scor VP^qoO`G][~c``\UnSu@ubfC|URQmCr HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} meupjqeglf zQmccnOSzz|HjQS|ewdbwYN[\ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} gwitaymxjqcr gP_tEQ\a[ehHS[iBETqDLgh|jkkKO|Sd HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} dgmTyh Jy}ZHYRJ^mrElJS_lpRf HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ccNogzdeO uvAAaYmdWWps` HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,5,1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale EN Spyblocs.eBlocs Rogue Security Program more information... Details: Spyblocs.eBlocs is an anti-spyware program that scans for spyware and adware on the user's computer. Status: Ignored Infected files detected c:\dokumente und einstellungen\stefan\desktop\remove spyware.url NetMon Potentially Dangerous Tool more information... Details: NetMon is a trojan downloader that contacts remote servers to download and install additonal software, adware or malware, without notice and consent. Status: Ignored Infected files detected c:\windows\uninstall_nmon.vbs WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Ignored Infected files detected C:\Programme\BearShare\RunMSC.dll Infected registry entries detected HKEY_CLASSES_ROOT\runmsc.loader.1\clsid HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\clsid HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\curver HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class Need2FindBar Potentially Unwanted Program more information... Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function. Status: Ignored Infected files detected C:\Programme\Mozilla Firefox\plugins\NPNd2fn.dll Infected registry entries detected HKEY_CURRENT_USER\Software\Need2Find HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.20741) HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id 0E049BEF-6D63-4315-B179-2ADEC2305406 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 162.44794 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2006100604 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 122 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\ Look2Me Adware (General) more information... Details: Look2Me monitors the web sites you visit and sends the log to the vendor's server. Look2Me will also open pop-up windows. Status: Ignored Infected files detected C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0LABW1WT\AppWrap[1].exe Zestyfind Adware (General) more information... Details: Zestyfind is an adware application that monitors the user's web browsing and displays pop-up advertising on the desktop. Status: Ignored Infected files detected C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UVANCRMZ\AppWrap[1].exe Command Service Adware (General) more information... Details: Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. Status: Ignored Infected files detected C:\WINDOWS\U3RlZmFu\asappsrv.dll C:\WINDOWS\U3RlZmFu\command.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Policies {645FF040-5081-101B-9F08-00AA002F954E} 0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies {6BF52A52-394A-11D3-B153-00C04F79FAA6} 6 KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\Software\Kazaa\Settings + HKEY_CURRENT_USER\Software\Kazaa\Settings Date HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer + HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1 HKEY_CURRENT_USER\Software\Kazaa Tmp 0 Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 StartPage.TimesSquare Hijacker more information... Details: StartPage.TimesSquare hijacks the IE start page and search pages and displays ads. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main Default_Search_URL http://searchbar.findthewebsiteyouneed.com VSToolbar Toolbar more information... Details: VSToolbar is an adware application that installs a browser helper object (BHO) in Internet Explorer. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Search Toolbar Corp\Toolbar Vision