altbekanntes Problem Virus "your computer might be infected.."

#0
30.08.2005, 20:31
...neu hier

Beiträge: 1
#1 NAja, hab hier in dem Forum das Problem schon mal gefunden, aber brauch trotzdem hilfe beim beseitigen.
Hier für die Suchmaschiene zum finden: Der Desktop wechselt zu:
"Warning! Your computer might be infected with spyware or adware!!! Strange Homepage, popups,loss of important data and unstable functioning are the sure signs that you are infected. Click here to get the latest spyware removal software. Your computer is still vulnerable to new attacks!!!"
Wer kann mir helfen? Wie? Naja, ausführliche Beschreibungen wären eine Hilfe..
Hier die HiJackLog:
Logfile of HijackThis v1.99.1
Scan saved at 19:45:55, on 30.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Norton AntiVirus\navapsvc.exe
D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\srvany.exe
D:\WINDOWS\system32\resetservice.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Programme\Messenger\msmsgs.exe
D:\WINDOWS\system32\shnlog.exe
D:\WINDOWS\popuper.exe
D:\WINDOWS\system32\msole32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
D:\Programme\Winamp\winampa.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\intmon.exe
D:\WINDOWS\system32\intmonp.exe
D:\WINDOWS\system32\wpabaln.exe
D:\Programme\Internet Explorer\iexplore.exe
D:\Dokumente und Einstellungen\aga\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - D:\WINDOWS\system32\hp630F.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [intell32.exe] D:\WINDOWS\system32\intell32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programme\Adobe Reader\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D129F70E-213D-40B3-9990-7BD79D0B3674}: NameServer = 217.237.151.225 217.237.150.225
O20 - Winlogon Notify: reset5 - D:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Reset 5 - Unknown owner - D:\WINDOWS\system32\srvany.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

Danke im vorraus!!
Seitenanfang Seitenende
01.09.2005, 14:34
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@erdenkind

b]#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten [/b]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - D:\WINDOWS\system32\hp630F.tmp
O4 - HKLM\..\Run: [intell32.exe] D:\WINDOWS\system32\intell32.exe

PC neustarten

•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

D:\WINDOWS\system32\shnlog.exe
D:\WINDOWS\popuper.exe
D:\WINDOWS\system32\msole32.exe
D:\WINDOWS\system32\intmon.exe
D:\WINDOWS\system32\intmonp.exe
D:\WINDOWS\system32\intell32.exe
D:\WINDOWS\system32\hp630F.tmp

PC neustarten

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html

*reg-Datei
oben im Browser: Datei -- Seite speichern unter.. -- wähle "Desktop" -- speichern
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
dann erscheint eine smitfraud.reg auf dem Desktop
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "smitfraud.reg" auf dem Desktop doppelklicken und mit "ja" bestätigen, damit die reg*-Datei der Registry beigefügt wird und sofort den PC neustarten.

smitRem TOOL (Entfernungstool)
Download: http://noahdfear.geekstogo.com/
öffne smitRem folder,Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)
suche smitfiles.txt und poste die Textdatei in den Thread

Lade Ewido von dieser Seite -- poste mir das Log vom SCan
http://virus-protect.org/ewido.html

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.11.2005, 04:34
Member

Beiträge: 11
#3 hi
kann mir bitte auch mal einer Idoit erklären wie ich das genau machen muss?

Logfile of HijackThis v1.99.1
Scan saved at 04:33:44, on 05.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\D-Tools\daemon.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Programme\P.S.Guard\PSGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WorldAntiSpy.lnk = C:\Programme\WorldAntiSpy\WorldAntiSpy.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOKUME~1\USER\LOKALE~1\TEMP\_VWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

schonmal vielen dank mfg new
Seitenanfang Seitenende
05.11.2005, 16:57
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo@newhope

öffne das HijackThis -- Button "scan" -- vor den Malware-Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [P.S.Guard] C:\Programme\P.S.Guard\PSGuard.exe

PC neustarten

deinstalliere: P.S.Guard

CCleaner
http://www.ccleaner.com/ccdownload.asp
lösche alle temp-Dateien


Lade diese zip-Datei, entpacke

http://users.telenet.be/bluepatchy/miekiemoes/tools/Psguardregfix.zip

ClickThis.bat
(klicken)--> der Editor oeffnet sich (kopiere alles ab und in den Thread vom Sicherheitsforum)

psguardrem.reg
(klicken) und der Registry beifuegen

smitRem TOOL (Entfernungstool)
http://noahdfear.geekstogo.com/
öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) -->poste das Log vom Scan

4 Logs hier kopieren
http://virus-protect.org/datfindbat.html

dann sehen wir weiter ;)
---------------------------------------------------------
Info: P.S.Guard
http://virus-protect.org/artikel/spyware/psguard.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.11.2005, 19:22
Member

Beiträge: 11
#5 danke das du mir hilfst aber kannst du mir das

smitRem TOOL (Entfernungstool)
http://noahdfear.geekstogo.com/
öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) -->poste das Log vom Scan

noch etwas näher erklären und wo ich das hinkopieren soll

ClickThis.bat (klicken)--> der Editor oeffnet sich (kopiere alles ab und in den Thread vom Sicherheitsforum)
und

mfg new
Seitenanfang Seitenende
05.11.2005, 19:51
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 Start>Suchen>smitfiles.txt doppelklick auf smitfiles und abkopieren und in den Thread damit

Zitat

suche smitfiles.txt und poste die Textdatei in den Thread

__________
MfG Argus
Seitenanfang Seitenende
05.11.2005, 20:23
Member

Beiträge: 11
#7 achso danke

smitRem © log file
version 2.7

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

warnhp.html
uninstIU.exe


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! ;)
Dieser Beitrag wurde am 05.11.2005 um 20:56 Uhr von newhope editiert.
Seitenanfang Seitenende
05.11.2005, 20:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
Seitenanfang Seitenende
05.11.2005, 20:56
Member

Beiträge: 11
#9 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3405-0632

Verzeichnis von C:\WINDOWS\system32

05.11.2005 20:37 31.767 vsconfig.xml
05.11.2005 13:09 552 d3d8caps.dat
30.10.2005 11:03 40.326 perfc009.dat
30.10.2005 11:03 311.938 perfh009.dat
30.10.2005 11:03 48.552 perfc007.dat
30.10.2005 11:03 317.168 perfh007.dat
30.10.2005 11:03 723.744 PerfStringBackup.INI
24.10.2005 16:45 16.832 amcompat.tlb
24.10.2005 16:45 23.392 nscompat.tlb
23.10.2005 17:39 4.212 zllictbl.dat
21.10.2005 19:28 2.206 wpa.dbl
08.09.2005 17:12 98.304 CmdLineExt.dll
29.08.2005 18:09 71.424 zlcommdb.dll
29.08.2005 18:09 79.616 zlcomm.dll
29.08.2005 18:09 100.096 vsxml.dll
29.08.2005 18:09 382.720 vsutil.dll
29.08.2005 18:09 71.424 vsregexp.dll
29.08.2005 18:08 227.072 vspubapi.dll
29.08.2005 18:08 104.192 vsmonapi.dll
29.08.2005 18:08 141.056 vsinit.dll
29.08.2005 18:08 368.256 vsdatant.sys
29.08.2005 18:08 83.712 vsdata.dll
29.08.2005 17:52 54.960 vsutil_loc0407.dll
27.08.2005 21:49 21.840 SIntfNT.dll
27.08.2005 21:49 17.212 SIntf32.dll
27.08.2005 21:49 12.067 SIntf16.dll


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3405-0632

Verzeichnis von C:\DOKUME~1\user\LOKALE~1\Temp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3405-0632

Verzeichnis von C:\WINDOWS

05.11.2005 20:37 0 0.log
05.11.2005 20:37 48.633 WindowsUpdate.log
05.11.2005 20:36 2.048 bootstat.dat
05.11.2005 20:35 668 SchedLgU.Txt
05.11.2005 19:55 0 setuperr.log
05.11.2005 19:55 60 setupact.log
05.11.2005 18:56 52.154 ntbtlog.txt
05.11.2005 15:44 2.029 wmsetup.log
05.11.2005 01:38 34.304 notepad.com
26.10.2005 23:31 1.998 ModemLog_Smart Link 56K Modem.txt
24.10.2005 16:44 316.640 WMSysPr9.prx
06.09.2005 14:56 99.024 MozillaUninstall.exe
06.09.2005 14:56 12.268 mozver.dat
06.09.2005 14:56 496 win.ini
27.08.2005 21:45 214 SIERRA.INI
25.08.2005 18:40 4 info147.sys
25.08.2005 18:40 4 num41.jbd

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3405-0632

Verzeichnis von C:\

05.11.2005 20:45 0 sys.txt
05.11.2005 20:45 4.413 system.txt
05.11.2005 20:43 132 systemtemp.txt
05.11.2005 20:38 88.410 system32.txt
05.11.2005 20:36 805.306.368 pagefile.sys
05.11.2005 19:54 1.025 smitfiles.txt
24.09.2005 12:32 1.090 INSTALL.LOG
07.10.2004 18:00 128 NBDriver.ini
07.10.2004 17:21 0 AUTOEXEC.BAT
07.10.2004 17:21 0 CONFIG.SYS
07.10.2004 17:21 0 MSDOS.SYS
07.10.2004 17:21 0 IO.SYS
07.10.2004 17:15 194 boot.ini
29.08.2002 13:00 4.952 bootfont.bin
29.08.2002 13:00 47.580 NTDETECT.COM
29.08.2002 13:00 235.296 ntldr

ich weiß nicht ob das richtig ist was ich da jetzt alles reinkopiert habe aber der hintergrund ist jetzt ganz weiß und ich kann das immer noch nicht ändern kann mir bitte einer sagen was ich jetzt noch machen muß
Seitenanfang Seitenende
05.11.2005, 21:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10
Oben auf der Seite
--> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\notepad.com
C:\WINDOWS\info147.sys
C:\WINDOWS\num41.jbd


--------------------------------------------------------------------------------
scanne mit ewido (poste den scanreport)
http://virus-protect.org/ewido.html

counterspy
http://virus-protect.org/counterspy.html

nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove

*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)

Lade diese zip-Datei, entpacke
http://users.telenet.be/bluepatchy/miekiemoes/tools/Psguardregfix.zip

ClickThis.bat (klicken)--> der Editor oeffnet sich (kopiere alles ab und in den Thread vom Sicherheitsforum)

psguardrem.reg (klicken) und der Registry beifuegen


Zitat

29.03.2005 14:37 4 info147.sys
29.03.2005 14:37 4 data4711.bak
29.03.2005 14:37 4 num41.jbd

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.11.2005, 23:20
Member

Beiträge: 11
#11 ich weiß nicht ob das richtig war weil ich die ergebnisse nicht kopieren und wenn ich die url angebe dann steht da das sie nicht mehr aktuel ist aber bei mir kam raus das der erste mit viren voll steckt und bei den anderen keine viren gefunden wurden
Dieser Beitrag wurde am 05.11.2005 um 23:32 Uhr von newhope editiert.
Seitenanfang Seitenende
05.11.2005, 23:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 ja, das habe ich mir gedacht...schade, dass du es nicht abkopieren kannst...es wuerde mich interessieren............
mache mal das:

C:\WINDOWS\notepad.com

http://virusscan.jotti.org/de/

versuche irgendwie den Text hier zu kopieren ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.11.2005, 23:53
Member

Beiträge: 11
#13 hier kann ich es kopieren

Datei: notepad.com
Status: INFIZIERT/MALWARE
Entdeckte Packprogramme: -

AntiVir Trojan/Small.EV.251 gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Generic.CXS gefunden
BitDefender Keine Viren gefunden
ClamAV Keine Viren gefunden
Dr.Web Trojan.LowZones.109 gefunden
F-Prot Antivirus Keine Viren gefunden
Fortinet W32/Small.EV-tr gefunden
Kaspersky Anti-Virus Trojan.Win32.Small.ev gefunden
NOD32 Keine Viren gefunden
Norman Virus Control W32/Smalldrp.EZX gefunden
UNA Keine Viren gefunden
VBA32 Trojan.LowZones.109 gefunden

was soll ich mit der datei dann machen?
Seitenanfang Seitenende
06.11.2005, 01:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 loesche also diese Datei,ich wusste, dass es nichts anstaendiges ist ;)

C:\WINDOWS\notepad.com

dann arbeite alles weitere ab, was ich geschrieben hatte

Zitat

scanne mit ewido (poste den scanreport)
http://virus-protect.org/ewido.html

counterspy
http://virus-protect.org/counterspy.html

nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)

Lade diese zip-Datei, entpacke
http://users.telenet.be/bluepatchy/miekiemoes/tools/Psguardregfix.zip

ClickThis.bat (klicken)--> der Editor oeffnet sich (kopiere alles ab und in den Thread vom Sicherheitsforum)

psguardrem.reg (klicken) und der Registry beifuegen

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.11.2005, 01:53
Member

Beiträge: 11
#15 ---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 01:51:29, 06.11.2005
+ Report-Checksumme: A4212EEF

+ Scanergebnis:

C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKCURun -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnce -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnceEx -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKLMRun -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnce -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnceEx -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\BrowserObjects -> Spyware.PSGuard : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Cookies\user@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Cookies\user@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\user\Cookies\user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup


::Report Ende


hmm der report von counterspy ist ziemlich lang ist das normal?

Spyware Scan Details
Start Date: 06.11.2005 12:00:19
End Date: 06.11.2005 14:33:39
Total Time: 2 hrs 33 mins 20 secs

Detected spyware

eGroup Adware more information...
Status: Deleted

Infected files detected
c:\programme\instant access\center\icons\video party.url
c:\programme\instant access\desktopicons\video party.url


Instant Access Dialer more information...
Details: InstantAccess is a dialer that gives a user access to premium services of a third-party Web site, by dialing a high cost numbers using a modem.
Status: Deleted

Infected files detected
c:\programme\instant access\center\icons\video party.url
C:\WINDOWS\Downloaded Program Files\EGAUTH.inf

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\Contains\Files C:\WINDOWS\eg_auth_1041.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\DownloadInformation CODEBASE http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\EGAUTH.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\InstalledVersion 1,0,4,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\InstalledVersion LastModified Thu, 12 May 2005 09:15:27 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} Installer MSICD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\Contains\Files C:\WINDOWS\eg_auth_1041.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\DownloadInformation CODEBASE http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\EGAUTH.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\InstalledVersion 1,0,4,0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\InstalledVersion LastModified Thu, 12 May 2005 09:15:27 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} Installer MSICD


EGroup Dialer Dialer more information...
Details: EGroup Dialer is an ActiveX control for premium-rate diallers, usually for porn sites.
Status: Deleted

Infected files detected
c:\windows\tmlpcert2005


RBot.steam Trojan more information...
Status: Deleted

Infected files detected
C:\Programme\Valve\platform\steam_dev.exe
C:\Spiele\cs 1.6\platform\steam_dev.exe


Trojan.Desktophijack Trojan more information...
Details: Trojan.Desktophijack modifies the home page and desktop settings on a compromised computer.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main Display Inline Images yes


Adw.PSGuard Adware more information...
Details: PSGuard is a fraudulent anti-spyware program which uses desktop advertising to scare users into paying for the product.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main Display Inline Images yes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057E242F-2947-4e0a-8E61-A11345D97EA6}


Adw.WorldAntiSpy Adware more information...
Details: Adw.WorldAntiSpy is a program that supposedly scans the users machine for malware.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log LogFilePath C:\Programme\WorldAntiSpy\Log\was.log
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Command Processor\AutoRun Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@ Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI Query
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Command Processor\AutoRun {fa0a41a4-8e4a-49ed-ac9c-56c5ef947d0b}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\@ {a8a46b6b-7692-4d15-80e7-0ecc500c9990}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@ {ec79257e-6e88-4fb5-bf4f-5aaeeefa08a3}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL {e9dc8aae-db01-465f-92ce-71ced4f5e504}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL {f0a878ae-47e1-4c37-bb21-d6115d692589}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page {e981f822-b0e0-4f76-8e89-464705c3f2aa}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar {2f6b0d5d-421b-4a2a-a46c-4365a0641206}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page {1a4bb080-ad42-41dc-9aab-6c3451f996e5}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page {d8b6270d-fe62-4502-ad97-9fa8789aba29}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL {9b8797cc-9c0d-4ae5-89dc-4faf758fedee}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@ {1555891c-2a47-4e3b-9142-dc6b77ae2604}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile {3fdb412b-286e-4129-945e-2984e8cc14af}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile {dd7bc076-5555-4621-b010-1bf5cafa422e}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@ {dbefc6a1-864d-4cf1-8435-30cbff90de2f}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell {cd33bdfd-2097-48ae-b032-1f36b8615657}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching {64d9046e-8af3-44d0-b195-53d4e58cde8f}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable {14b62295-ac02-494f-a58f-69a897e5d1c9}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer {77d2bc7f-350b-49bd-8ba5-c5ff437d0ee6}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell {7d8ad961-655c-49e9-9d3e-e67fa2561d4b}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ {d200b16c-4039-4e30-872a-1e0ae6dbe90d}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ {73c21364-781c-4c61-bfc1-548e63f0d422}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@ {82dee5b5-f53b-4a86-8c6c-cf72f90fec59}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew {b6d8a7cc-2e53-4cb6-9507-434527072f8c}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia {9e952605-0cf4-47c7-ae92-70cba2471a02}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost {249b89e4-fc2c-471b-8bf2-1e37638aad24}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@ {8bf7ac91-695f-4abe-a441-e9ecc199de75}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@ {58f91cdc-6468-410d-89df-87e491a328ca}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@ {8cf50191-4da5-4419-92a0-99a1ad113c74}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@ {09b0af25-f0b8-4b85-a79b-677b064899aa}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@ {d242ebfc-8908-441a-9a57-3e4b2445fdcb}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching {5875d608-0168-4b04-9b6a-682d4e5076e3}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds {cefa9fe6-18cc-4d57-8356-7ad0156be464}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot {1061de95-c484-486f-bb85-4822e5098d4a}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown {9576e0d7-bfba-45e8-8545-ba34626b2d85}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword {1cdd7250-45c3-4e61-8506-869360dbe509}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL {22c8ace6-430f-47cb-9e55-a2148f703ad6}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL {3d8f5ccb-5c10-46dd-bac1-362e4c2e1de7}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page {7280b114-4481-464b-bd22-fd37cf4665d0}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar {46b79203-e206-405f-a2be-65f3a72a7a11}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page {129d8c6d-f4a4-42a1-bbb1-6ae732779356}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page {762ba791-4662-40e9-98e3-9e83c7fede3d}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL {f397ad98-4e9c-4061-b214-76ba74ad9ef7}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@ {7f82e47b-2de0-4663-9938-19352ed5e54e}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled {f78aab61-902f-42e0-a30b-9063c2775e64}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ {a19e787c-2e69-4d90-bc61-7113c4af6af9}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ {c745cd15-96f3-49e8-8d2d-f34da4e61563}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@ {099c689c-bc3a-4406-bd7b-a08f64a67549}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon {c1985b80-0db8-4a64-b9a8-9307c0af320c}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount {0157a0b8-334f-48ec-a425-7010c0115305}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName {e3749133-1283-4c9b-8ef2-84cf6ced2751}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword {c90491dc-50a7-4968-b8af-d0785052e905}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName {acb627f8-e100-45eb-bbbb-5f6634dc3c5d}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI {3e475f22-5fdc-42f4-9c96-882d2378f0b6}
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor SnapshotFolder C:\Programme\WorldAntiSpy\Monitor\Snapshot
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes CH_UPDATE_USE_PROXY 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes CH_UPDATE_AUTHENTIFICATE 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_IP
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_PORT
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_USER
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_PASS
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_BHO 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DEFAULT_INTERNET_APPLICATIONS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DEFAULT_PAGES 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DIALUP_SETTINGS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DNS_SETTINGS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_ENABLED 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_GATEWAY 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_HANDLERS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_INTERNET_EXPLORER 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_MIME_FILTERS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_NAMESPACE_HANDLERS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_NETWORK_CONNECTIONS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PASSWORD_CACHING 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PROTOCOLS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PROXY_SETTINGS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_TOOLBARS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_APPLICATION_ALIASES 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_AUTOMATIC_LOGON 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_COM_COMPONENTS_REGISTRATION 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_CONTEXT_MENUS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_DEFAULT_RULE_FOR_IE_SUBKEYS 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_DISK_CLEAR 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_ENABLED 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PAGE_FILE_CLEARING 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PASSWORD_CACHING_REMOVE 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PREPROCESSOR_BEFORE_COMMAND_LINE 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_SET_SHELL 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_STARTUP 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_SYSTEM_AUTO_REBOOT 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_TIME_SINCHRONIZATION 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_WINDOWS_INSTALLER 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_WINDOWS_SCRIPTING 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_MINIMIZEONSTART 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_SILENT_STARTUP 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_SCAN_ON_STARTUP 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_START_ON_STARTUP 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes CHK_SCAN_BACKGROUND 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_DEEP 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_NORM 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_QUICK 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_HIGH 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_NORM 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_LOW 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_USE_PROXY 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_AUTHENTIFICATE 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_ENABLE_AUTO 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\textinputs TI_UPDATE_TIMEOUT 3
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags initialized 1
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags registered 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags aid 93
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings baseUpdated ---
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings coreUpdated ---
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings lastScanned November 5, 2005 at 9:46:13 AM
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings memScanned 23
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings memDetected 0
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings fileScanned 347
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings fileDetected 8
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings regScanned 257610
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings regDetected 7
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings cookiesScanned 347
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings cookiesDetected 8
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine QuarantineFolder C:\Programme\WorldAntiSpy\Quarantine
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner Base C:\Programme\WorldAntiSpy\Scanner\Base\Base.dat
HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com Version 1.3.10 b3260(Freeman)


World AntiSpy Potentially Unwanted Software more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Log LogFilePath C:\Programme\WorldAntiSpy\Log\was.log
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Command Processor\AutoRun Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@ Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI Query
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Command Processor\AutoRun {fa0a41a4-8e4a-49ed-ac9c-56c5ef947d0b}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\@ {a8a46b6b-7692-4d15-80e7-0ecc500c9990}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@ {ec79257e-6e88-4fb5-bf4f-5aaeeefa08a3}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL {e9dc8aae-db01-465f-92ce-71ced4f5e504}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL {f0a878ae-47e1-4c37-bb21-d6115d692589}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page {e981f822-b0e0-4f76-8e89-464705c3f2aa}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar {2f6b0d5d-421b-4a2a-a46c-4365a0641206}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page {1a4bb080-ad42-41dc-9aab-6c3451f996e5}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page {d8b6270d-fe62-4502-ad97-9fa8789aba29}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL {9b8797cc-9c0d-4ae5-89dc-4faf758fedee}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@ {1555891c-2a47-4e3b-9142-dc6b77ae2604}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile {3fdb412b-286e-4129-945e-2984e8cc14af}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile {dd7bc076-5555-4621-b010-1bf5cafa422e}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@ {dbefc6a1-864d-4cf1-8435-30cbff90de2f}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell {cd33bdfd-2097-48ae-b032-1f36b8615657}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching {64d9046e-8af3-44d0-b195-53d4e58cde8f}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable {14b62295-ac02-494f-a58f-69a897e5d1c9}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer {77d2bc7f-350b-49bd-8ba5-c5ff437d0ee6}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell {7d8ad961-655c-49e9-9d3e-e67fa2561d4b}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ {d200b16c-4039-4e30-872a-1e0ae6dbe90d}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ {73c21364-781c-4c61-bfc1-548e63f0d422}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@ {82dee5b5-f53b-4a86-8c6c-cf72f90fec59}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew {b6d8a7cc-2e53-4cb6-9507-434527072f8c}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia {9e952605-0cf4-47c7-ae92-70cba2471a02}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost {249b89e4-fc2c-471b-8bf2-1e37638aad24}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@ {8bf7ac91-695f-4abe-a441-e9ecc199de75}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@ {58f91cdc-6468-410d-89df-87e491a328ca}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@ {8cf50191-4da5-4419-92a0-99a1ad113c74}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@ {09b0af25-f0b8-4b85-a79b-677b064899aa}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@ {d242ebfc-8908-441a-9a57-3e4b2445fdcb}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching {5875d608-0168-4b04-9b6a-682d4e5076e3}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds {cefa9fe6-18cc-4d57-8356-7ad0156be464}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot {1061de95-c484-486f-bb85-4822e5098d4a}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown {9576e0d7-bfba-45e8-8545-ba34626b2d85}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword {1cdd7250-45c3-4e61-8506-869360dbe509}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL {22c8ace6-430f-47cb-9e55-a2148f703ad6}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL {3d8f5ccb-5c10-46dd-bac1-362e4c2e1de7}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page {7280b114-4481-464b-bd22-fd37cf4665d0}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar {46b79203-e206-405f-a2be-65f3a72a7a11}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page {129d8c6d-f4a4-42a1-bbb1-6ae732779356}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page {762ba791-4662-40e9-98e3-9e83c7fede3d}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL {f397ad98-4e9c-4061-b214-76ba74ad9ef7}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@ {7f82e47b-2de0-4663-9938-19352ed5e54e}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled {f78aab61-902f-42e0-a30b-9063c2775e64}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ {a19e787c-2e69-4d90-bc61-7113c4af6af9}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ {c745cd15-96f3-49e8-8d2d-f34da4e61563}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@ {099c689c-bc3a-4406-bd7b-a08f64a67549}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon {c1985b80-0db8-4a64-b9a8-9307c0af320c}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount {0157a0b8-334f-48ec-a425-7010c0115305}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName {e3749133-1283-4c9b-8ef2-84cf6ced2751}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword {c90491dc-50a7-4968-b8af-d0785052e905}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName {acb627f8-e100-45eb-bbbb-5f6634dc3c5d}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI {3e475f22-5fdc-42f4-9c96-882d2378f0b6}
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor SnapshotFolder C:\Programme\WorldAntiSpy\Monitor\Snapshot
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\checkboxes CH_UPDATE_USE_PROXY 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\checkboxes CH_UPDATE_AUTHENTIFICATE 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_IP
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_PORT
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_USER
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_PASS
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_BHO 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DEFAULT_INTERNET_APPLICATIONS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DEFAULT_PAGES 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DIALUP_SETTINGS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DNS_SETTINGS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_ENABLED 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_GATEWAY 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_HANDLERS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_INTERNET_EXPLORER 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_MIME_FILTERS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_NAMESPACE_HANDLERS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_NETWORK_CONNECTIONS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PASSWORD_CACHING 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PROTOCOLS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PROXY_SETTINGS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_TOOLBARS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_APPLICATION_ALIASES 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_AUTOMATIC_LOGON 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_COM_COMPONENTS_REGISTRATION 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_CONTEXT_MENUS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_DEFAULT_RULE_FOR_IE_SUBKEYS 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_DISK_CLEAR 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_ENABLED 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PAGE_FILE_CLEARING 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PASSWORD_CACHING_REMOVE 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PREPROCESSOR_BEFORE_COMMAND_LINE 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_SET_SHELL 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_STARTUP 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_SYSTEM_AUTO_REBOOT 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_TIME_SINCHRONIZATION 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_WINDOWS_INSTALLER 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_WINDOWS_SCRIPTING 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_MINIMIZEONSTART 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_SILENT_STARTUP 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_SCAN_ON_STARTUP 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_START_ON_STARTUP 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes CHK_SCAN_BACKGROUND 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_DEEP 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_NORM 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_QUICK 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_HIGH 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_NORM 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_LOW 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_USE_PROXY 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_AUTHENTIFICATE 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_ENABLE_AUTO 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\textinputs TI_UPDATE_TIMEOUT 3
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags initialized 1
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags registered 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags aid 93
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings baseUpdated ---
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings coreUpdated ---
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings lastScanned November 5, 2005 at 9:46:13 AM
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings memScanned 23
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings memDetected 0
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings fileScanned 347
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings fileDetected 8
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings regScanned 257610
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings regDetected 7
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings cookiesScanned 347
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings cookiesDetected 8
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Quarantine QuarantineFolder C:\Programme\WorldAntiSpy\Quarantine
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Scanner Base C:\Programme\WorldAntiSpy\Scanner\Base\Base.dat
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com Version 1.3.10 b3260(Freeman)


ATDMT.com Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\user\cookies\user@atdmt[1].txt


Claria.DashBar Cookie Cookie more information...
Details: DashBar cookie is a small text file placed on the user's computer after when visiting the Claria/GAIN DashBar website.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\user\cookies\user@belnk[1].txt


Mediaplex.com Cookie more information...
Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\user\cookies\user@mediaplex[1].txt


WindowsMedia Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\user\cookies\user@windowsmedia[2].txt

was soll ich jetzt ich jetzt mit den infizierten dateien machen?

und das ist der bericht von ClickThis.bat

Testing presence of HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD ...........
Testing presence of HKEY_LOCAL_MACHINE\SOFTWARE\PSGuard.com ...........


Creating dummy ..........

Der Vorgang wurde erfolgreich ausgeführt.

Der Vorgang wurde erfolgreich ausgeführt.

Hiving Dummy / Saving Dummyhive ..........

Der Vorgang wurde erfolgreich ausgeführt.

Der Vorgang wurde erfolgreich ausgeführt.

Deleting Dummy ..........



Der Vorgang wurde erfolgreich ausgeführt.

Der Vorgang wurde erfolgreich ausgeführt.

Adding Dummyhive ...........

Deleting ShudderLTD/PSGuard.com ...........

Checking if ShudderLTD/PSGuard.com is still present ..........


Deleting leftovers in registry ..........

Leftovers deleted!

aber kannste du mit nochmal erklären was ich damit machen soll?
29.03.2005 14:37 4 info147.sys
29.03.2005 14:37 4 data4711.bak
29.03.2005 14:37 4 num41.jbd
Dieser Beitrag wurde am 06.11.2005 um 15:11 Uhr von newhope editiert.
Seitenanfang Seitenende