Home » Viren, Trojaner & Malware Forum » altbekanntes Problem Virus "your computer might be infected.." » Themenansicht
altbekanntes Problem Virus "your computer might be infected.." |
||
|---|---|---|
| #0
| ||
|
30.08.2005, 20:31
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
01.09.2005, 14:34
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo@erdenkind
b]#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten [/b] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/ O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - D:\WINDOWS\system32\hp630F.tmp O4 - HKLM\..\Run: [intell32.exe] D:\WINDOWS\system32\intell32.exe PC neustarten •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" D:\WINDOWS\system32\shnlog.exe D:\WINDOWS\popuper.exe D:\WINDOWS\system32\msole32.exe D:\WINDOWS\system32\intmon.exe D:\WINDOWS\system32\intmonp.exe D:\WINDOWS\system32\intell32.exe D:\WINDOWS\system32\hp630F.tmp PC neustarten CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html *reg-Datei oben im Browser: Datei -- Seite speichern unter.. -- wähle "Desktop" -- speichern http://www.bleepingcomputer.com/files/reg/smitfraud.reg dann erscheint eine smitfraud.reg auf dem Desktop Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "smitfraud.reg" auf dem Desktop doppelklicken und mit "ja" bestätigen, damit die reg*-Datei der Registry beigefügt wird und sofort den PC neustarten. smitRem TOOL (Entfernungstool) Download: http://noahdfear.geekstogo.com/ öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste die Textdatei in den Thread Lade Ewido von dieser Seite -- poste mir das Log vom SCan http://virus-protect.org/ewido.html #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.11.2005, 04:34
Member
Beiträge: 11 |
#3
hi
kann mir bitte auch mal einer Idoit erklären wie ich das genau machen muss? Logfile of HijackThis v1.99.1 Scan saved at 04:33:44, on 05.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\D-Tools\daemon.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\cisvc.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Temporäres Verzeichnis 5 für hijackthis.zip\HijackThis.exe R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [P.S.Guard] C:\Programme\P.S.Guard\PSGuard.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WorldAntiSpy.lnk = C:\Programme\WorldAntiSpy\WorldAntiSpy.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.power-url.de/InstallationsAssistent.ocx O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOKUME~1\USER\LOKALE~1\TEMP\_VWUPSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe schonmal vielen dank mfg new |
|
|
|
|
|
|
05.11.2005, 16:57
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@newhope
öffne das HijackThis -- Button "scan" -- vor den Malware-Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [P.S.Guard] C:\Programme\P.S.Guard\PSGuard.exe PC neustarten deinstalliere: P.S.Guard CCleaner http://www.ccleaner.com/ccdownload.asp lösche alle temp-Dateien  Lade diese zip-Datei, entpacke http://users.telenet.be/bluepatchy/miekiemoes/tools/Psguardregfix.zip ClickThis.bat (klicken)--> der Editor oeffnet sich (kopiere alles ab und in den Thread vom Sicherheitsforum) psguardrem.reg (klicken) und der Registry beifuegen smitRem TOOL (Entfernungstool) http://noahdfear.geekstogo.com/ öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) -->poste das Log vom Scan 4 Logs hier kopieren http://virus-protect.org/datfindbat.html dann sehen wir weiter  --------------------------------------------------------- Info: P.S.Guard http://virus-protect.org/artikel/spyware/psguard.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.11.2005, 19:22
Member
Beiträge: 11 |
#5
danke das du mir hilfst aber kannst du mir das
smitRem TOOL (Entfernungstool) http://noahdfear.geekstogo.com/ öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) -->poste das Log vom Scan noch etwas näher erklären und wo ich das hinkopieren soll ClickThis.bat (klicken)--> der Editor oeffnet sich (kopiere alles ab und in den Thread vom Sicherheitsforum) und mfg new |
|
|
|
|
|
|
05.11.2005, 19:51
Ehrenmitglied
 Beiträge: 6028 |
#6
Start>Suchen>smitfiles.txt doppelklick auf smitfiles und abkopieren und in den Thread damit
Zitat suche smitfiles.txt und poste die Textdatei in den Thread __________ MfG Argus |
|
|
|
|
|
|
05.11.2005, 20:23
Member
Beiträge: 11 |
#7
achso danke
smitRem © log file version 2.7 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ warnhp.html uninstIU.exe ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN!  Dieser Beitrag wurde am 05.11.2005 um 20:56 Uhr von newhope editiert.
|
|
|
|
|
|
|
05.11.2005, 20:46
Ehrenmitglied
Beiträge: 29434 |
#8
4 Logs hier kopieren
http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.11.2005, 20:56
Member
Beiträge: 11 |
#9
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3405-0632 Verzeichnis von C:\WINDOWS\system32 05.11.2005 20:37 31.767 vsconfig.xml 05.11.2005 13:09 552 d3d8caps.dat 30.10.2005 11:03 40.326 perfc009.dat 30.10.2005 11:03 311.938 perfh009.dat 30.10.2005 11:03 48.552 perfc007.dat 30.10.2005 11:03 317.168 perfh007.dat 30.10.2005 11:03 723.744 PerfStringBackup.INI 24.10.2005 16:45 16.832 amcompat.tlb 24.10.2005 16:45 23.392 nscompat.tlb 23.10.2005 17:39 4.212 zllictbl.dat 21.10.2005 19:28 2.206 wpa.dbl 08.09.2005 17:12 98.304 CmdLineExt.dll 29.08.2005 18:09 71.424 zlcommdb.dll 29.08.2005 18:09 79.616 zlcomm.dll 29.08.2005 18:09 100.096 vsxml.dll 29.08.2005 18:09 382.720 vsutil.dll 29.08.2005 18:09 71.424 vsregexp.dll 29.08.2005 18:08 227.072 vspubapi.dll 29.08.2005 18:08 104.192 vsmonapi.dll 29.08.2005 18:08 141.056 vsinit.dll 29.08.2005 18:08 368.256 vsdatant.sys 29.08.2005 18:08 83.712 vsdata.dll 29.08.2005 17:52 54.960 vsutil_loc0407.dll 27.08.2005 21:49 21.840 SIntfNT.dll 27.08.2005 21:49 17.212 SIntf32.dll 27.08.2005 21:49 12.067 SIntf16.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3405-0632 Verzeichnis von C:\DOKUME~1\user\LOKALE~1\Temp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3405-0632 Verzeichnis von C:\WINDOWS 05.11.2005 20:37 0 0.log 05.11.2005 20:37 48.633 WindowsUpdate.log 05.11.2005 20:36 2.048 bootstat.dat 05.11.2005 20:35 668 SchedLgU.Txt 05.11.2005 19:55 0 setuperr.log 05.11.2005 19:55 60 setupact.log 05.11.2005 18:56 52.154 ntbtlog.txt 05.11.2005 15:44 2.029 wmsetup.log 05.11.2005 01:38 34.304 notepad.com 26.10.2005 23:31 1.998 ModemLog_Smart Link 56K Modem.txt 24.10.2005 16:44 316.640 WMSysPr9.prx 06.09.2005 14:56 99.024 MozillaUninstall.exe 06.09.2005 14:56 12.268 mozver.dat 06.09.2005 14:56 496 win.ini 27.08.2005 21:45 214 SIERRA.INI 25.08.2005 18:40 4 info147.sys 25.08.2005 18:40 4 num41.jbd Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 3405-0632 Verzeichnis von C:\ 05.11.2005 20:45 0 sys.txt 05.11.2005 20:45 4.413 system.txt 05.11.2005 20:43 132 systemtemp.txt 05.11.2005 20:38 88.410 system32.txt 05.11.2005 20:36 805.306.368 pagefile.sys 05.11.2005 19:54 1.025 smitfiles.txt 24.09.2005 12:32 1.090 INSTALL.LOG 07.10.2004 18:00 128 NBDriver.ini 07.10.2004 17:21 0 AUTOEXEC.BAT 07.10.2004 17:21 0 CONFIG.SYS 07.10.2004 17:21 0 MSDOS.SYS 07.10.2004 17:21 0 IO.SYS 07.10.2004 17:15 194 boot.ini 29.08.2002 13:00 4.952 bootfont.bin 29.08.2002 13:00 47.580 NTDETECT.COM 29.08.2002 13:00 235.296 ntldr ich weiß nicht ob das richtig ist was ich da jetzt alles reinkopiert habe aber der hintergrund ist jetzt ganz weiß und ich kann das immer noch nicht ändern kann mir bitte einer sagen was ich jetzt noch machen muß |
|
|
|
|
|
|
05.11.2005, 21:55
Ehrenmitglied
Beiträge: 29434 |
#10
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html C:\WINDOWS\notepad.com C:\WINDOWS\info147.sys C:\WINDOWS\num41.jbd -------------------------------------------------------------------------------- scanne mit ewido (poste den scanreport) http://virus-protect.org/ewido.html counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) Lade diese zip-Datei, entpacke http://users.telenet.be/bluepatchy/miekiemoes/tools/Psguardregfix.zip ClickThis.bat (klicken)--> der Editor oeffnet sich (kopiere alles ab und in den Thread vom Sicherheitsforum) psguardrem.reg (klicken) und der Registry beifuegen Zitat 29.03.2005 14:37 4 info147.sys __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.11.2005, 23:20
Member
Beiträge: 11 |
#11
ich weiß nicht ob das richtig war weil ich die ergebnisse nicht kopieren und wenn ich die url angebe dann steht da das sie nicht mehr aktuel ist aber bei mir kam raus das der erste mit viren voll steckt und bei den anderen keine viren gefunden wurden
Dieser Beitrag wurde am 05.11.2005 um 23:32 Uhr von newhope editiert.
|
|
|
|
|
|
|
05.11.2005, 23:44
Ehrenmitglied
Beiträge: 29434 |
#12
ja, das habe ich mir gedacht...schade, dass du es nicht abkopieren kannst...es wuerde mich interessieren............
mache mal das: C:\WINDOWS\notepad.com http://virusscan.jotti.org/de/ versuche irgendwie den Text hier zu kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.11.2005, 23:53
Member
Beiträge: 11 |
#13
hier kann ich es kopieren
Datei: notepad.com Status: INFIZIERT/MALWARE Entdeckte Packprogramme: - AntiVir Trojan/Small.EV.251 gefunden ArcaVir Keine Viren gefunden Avast Keine Viren gefunden AVG Antivirus Generic.CXS gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Trojan.LowZones.109 gefunden F-Prot Antivirus Keine Viren gefunden Fortinet W32/Small.EV-tr gefunden Kaspersky Anti-Virus Trojan.Win32.Small.ev gefunden NOD32 Keine Viren gefunden Norman Virus Control W32/Smalldrp.EZX gefunden UNA Keine Viren gefunden VBA32 Trojan.LowZones.109 gefunden was soll ich mit der datei dann machen? |
|
|
|
|
|
|
06.11.2005, 01:18
Ehrenmitglied
Beiträge: 29434 |
#14
loesche also diese Datei,ich wusste, dass es nichts anstaendiges ist
C:\WINDOWS\notepad.com dann arbeite alles weitere ab, was ich geschrieben hatte Zitat scanne mit ewido (poste den scanreport) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
06.11.2005, 01:53
Member
Beiträge: 11 |
#15
---------------------------------------------------------
ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 01:51:29, 06.11.2005 + Report-Checksumme: A4212EEF + Scanergebnis: C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKCURun -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnce -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKCURun\RunOnceEx -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKLMRun -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnce -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\HKLMRun\RunOnceEx -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\StartMenuAllUsers -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\Autorun\StartMenuCurrentUser -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Anwendungsdaten\PSGuard.com\P.S.Guard\BrowserObjects -> Spyware.PSGuard : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Cookies\user@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Cookies\user@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\user\Cookies\user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup ::Report Ende hmm der report von counterspy ist ziemlich lang ist das normal? Spyware Scan Details Start Date: 06.11.2005 12:00:19 End Date: 06.11.2005 14:33:39 Total Time: 2 hrs 33 mins 20 secs Detected spyware eGroup Adware more information... Status: Deleted Infected files detected c:\programme\instant access\center\icons\video party.url c:\programme\instant access\desktopicons\video party.url Instant Access Dialer more information... Details: InstantAccess is a dialer that gives a user access to premium services of a third-party Web site, by dialing a high cost numbers using a modem. Status: Deleted Infected files detected c:\programme\instant access\center\icons\video party.url C:\WINDOWS\Downloaded Program Files\EGAUTH.inf Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\Contains\Files C:\WINDOWS\eg_auth_1041.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\DownloadInformation CODEBASE http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\EGAUTH.inf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\InstalledVersion 1,0,4,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\InstalledVersion LastModified Thu, 12 May 2005 09:15:27 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} Installer MSICD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\Contains\Files C:\WINDOWS\eg_auth_1041.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\DownloadInformation CODEBASE http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\EGAUTH.inf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\InstalledVersion 1,0,4,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}\InstalledVersion LastModified Thu, 12 May 2005 09:15:27 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E} Installer MSICD EGroup Dialer Dialer more information... Details: EGroup Dialer is an ActiveX control for premium-rate diallers, usually for porn sites. Status: Deleted Infected files detected c:\windows\tmlpcert2005 RBot.steam Trojan more information... Status: Deleted Infected files detected C:\Programme\Valve\platform\steam_dev.exe C:\Spiele\cs 1.6\platform\steam_dev.exe Trojan.Desktophijack Trojan more information... Details: Trojan.Desktophijack modifies the home page and desktop settings on a compromised computer. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main Display Inline Images yes Adw.PSGuard Adware more information... Details: PSGuard is a fraudulent anti-spyware program which uses desktop advertising to scare users into paying for the product. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main Display Inline Images yes HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057E242F-2947-4e0a-8E61-A11345D97EA6} Adw.WorldAntiSpy Adware more information... Details: Adw.WorldAntiSpy is a program that supposedly scans the users machine for malware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Log LogFilePath C:\Programme\WorldAntiSpy\Log\was.log HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Command Processor\AutoRun Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@ Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI Query HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Command Processor\AutoRun {fa0a41a4-8e4a-49ed-ac9c-56c5ef947d0b} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\@ {a8a46b6b-7692-4d15-80e7-0ecc500c9990} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@ {ec79257e-6e88-4fb5-bf4f-5aaeeefa08a3} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL {e9dc8aae-db01-465f-92ce-71ced4f5e504} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL {f0a878ae-47e1-4c37-bb21-d6115d692589} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page {e981f822-b0e0-4f76-8e89-464705c3f2aa} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar {2f6b0d5d-421b-4a2a-a46c-4365a0641206} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page {1a4bb080-ad42-41dc-9aab-6c3451f996e5} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page {d8b6270d-fe62-4502-ad97-9fa8789aba29} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL {9b8797cc-9c0d-4ae5-89dc-4faf758fedee} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@ {1555891c-2a47-4e3b-9142-dc6b77ae2604} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile {3fdb412b-286e-4129-945e-2984e8cc14af} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile {dd7bc076-5555-4621-b010-1bf5cafa422e} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@ {dbefc6a1-864d-4cf1-8435-30cbff90de2f} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell {cd33bdfd-2097-48ae-b032-1f36b8615657} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching {64d9046e-8af3-44d0-b195-53d4e58cde8f} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable {14b62295-ac02-494f-a58f-69a897e5d1c9} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer {77d2bc7f-350b-49bd-8ba5-c5ff437d0ee6} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell {7d8ad961-655c-49e9-9d3e-e67fa2561d4b} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ {d200b16c-4039-4e30-872a-1e0ae6dbe90d} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ {73c21364-781c-4c61-bfc1-548e63f0d422} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@ {82dee5b5-f53b-4a86-8c6c-cf72f90fec59} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew {b6d8a7cc-2e53-4cb6-9507-434527072f8c} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia {9e952605-0cf4-47c7-ae92-70cba2471a02} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost {249b89e4-fc2c-471b-8bf2-1e37638aad24} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@ {8bf7ac91-695f-4abe-a441-e9ecc199de75} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@ {58f91cdc-6468-410d-89df-87e491a328ca} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@ {8cf50191-4da5-4419-92a0-99a1ad113c74} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@ {09b0af25-f0b8-4b85-a79b-677b064899aa} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@ {d242ebfc-8908-441a-9a57-3e4b2445fdcb} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching {5875d608-0168-4b04-9b6a-682d4e5076e3} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds {cefa9fe6-18cc-4d57-8356-7ad0156be464} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot {1061de95-c484-486f-bb85-4822e5098d4a} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown {9576e0d7-bfba-45e8-8545-ba34626b2d85} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword {1cdd7250-45c3-4e61-8506-869360dbe509} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL {22c8ace6-430f-47cb-9e55-a2148f703ad6} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL {3d8f5ccb-5c10-46dd-bac1-362e4c2e1de7} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page {7280b114-4481-464b-bd22-fd37cf4665d0} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar {46b79203-e206-405f-a2be-65f3a72a7a11} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page {129d8c6d-f4a4-42a1-bbb1-6ae732779356} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page {762ba791-4662-40e9-98e3-9e83c7fede3d} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL {f397ad98-4e9c-4061-b214-76ba74ad9ef7} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@ {7f82e47b-2de0-4663-9938-19352ed5e54e} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled {f78aab61-902f-42e0-a30b-9063c2775e64} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ {a19e787c-2e69-4d90-bc61-7113c4af6af9} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ {c745cd15-96f3-49e8-8d2d-f34da4e61563} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@ {099c689c-bc3a-4406-bd7b-a08f64a67549} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon {c1985b80-0db8-4a64-b9a8-9307c0af320c} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount {0157a0b8-334f-48ec-a425-7010c0115305} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName {e3749133-1283-4c9b-8ef2-84cf6ced2751} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword {c90491dc-50a7-4968-b8af-d0785052e905} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName {acb627f8-e100-45eb-bbbb-5f6634dc3c5d} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI {3e475f22-5fdc-42f4-9c96-882d2378f0b6} HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Monitor SnapshotFolder C:\Programme\WorldAntiSpy\Monitor\Snapshot HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes CH_UPDATE_USE_PROXY 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\checkboxes CH_UPDATE_AUTHENTIFICATE 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_IP HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_PORT HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_USER HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_PASS HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_BHO 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DEFAULT_INTERNET_APPLICATIONS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DEFAULT_PAGES 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DIALUP_SETTINGS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DNS_SETTINGS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_ENABLED 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_GATEWAY 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_HANDLERS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_INTERNET_EXPLORER 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_MIME_FILTERS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_NAMESPACE_HANDLERS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_NETWORK_CONNECTIONS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PASSWORD_CACHING 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PROTOCOLS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PROXY_SETTINGS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_TOOLBARS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_APPLICATION_ALIASES 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_AUTOMATIC_LOGON 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_COM_COMPONENTS_REGISTRATION 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_CONTEXT_MENUS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_DEFAULT_RULE_FOR_IE_SUBKEYS 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_DISK_CLEAR 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_ENABLED 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PAGE_FILE_CLEARING 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PASSWORD_CACHING_REMOVE 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PREPROCESSOR_BEFORE_COMMAND_LINE 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_SET_SHELL 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_STARTUP 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_SYSTEM_AUTO_REBOOT 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_TIME_SINCHRONIZATION 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_WINDOWS_INSTALLER 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_WINDOWS_SCRIPTING 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_MINIMIZEONSTART 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_SILENT_STARTUP 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_SCAN_ON_STARTUP 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_START_ON_STARTUP 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes CHK_SCAN_BACKGROUND 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_DEEP 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_NORM 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_QUICK 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_HIGH 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_NORM 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_LOW 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_USE_PROXY 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_AUTHENTIFICATE 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_ENABLE_AUTO 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\Update\textinputs TI_UPDATE_TIMEOUT 3 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags initialized 1 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags registered 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\flags aid 93 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings baseUpdated --- HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings coreUpdated --- HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings lastScanned November 5, 2005 at 9:46:13 AM HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings memScanned 23 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings memDetected 0 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings fileScanned 347 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings fileDetected 8 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings regScanned 257610 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings regDetected 7 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings cookiesScanned 347 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\options\WASOptions\strings cookiesDetected 8 HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Quarantine QuarantineFolder C:\Programme\WorldAntiSpy\Quarantine HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com\Scanner Base C:\Programme\WorldAntiSpy\Scanner\Base\Base.dat HKEY_LOCAL_MACHINE\SOFTWARE\WorldAntiSpy.com Version 1.3.10 b3260(Freeman) World AntiSpy Potentially Unwanted Software more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Log LogFilePath C:\Programme\WorldAntiSpy\Log\was.log HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Command Processor\AutoRun Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@ Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI Query HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Command Processor\AutoRun {fa0a41a4-8e4a-49ed-ac9c-56c5ef947d0b} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\@ {a8a46b6b-7692-4d15-80e7-0ecc500c9990} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@ {ec79257e-6e88-4fb5-bf4f-5aaeeefa08a3} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL {e9dc8aae-db01-465f-92ce-71ced4f5e504} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL {f0a878ae-47e1-4c37-bb21-d6115d692589} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page {e981f822-b0e0-4f76-8e89-464705c3f2aa} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar {2f6b0d5d-421b-4a2a-a46c-4365a0641206} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page {1a4bb080-ad42-41dc-9aab-6c3451f996e5} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page {d8b6270d-fe62-4502-ad97-9fa8789aba29} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL {9b8797cc-9c0d-4ae5-89dc-4faf758fedee} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@ {1555891c-2a47-4e3b-9142-dc6b77ae2604} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile {3fdb412b-286e-4129-945e-2984e8cc14af} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile {dd7bc076-5555-4621-b010-1bf5cafa422e} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@ {dbefc6a1-864d-4cf1-8435-30cbff90de2f} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell {cd33bdfd-2097-48ae-b032-1f36b8615657} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching {64d9046e-8af3-44d0-b195-53d4e58cde8f} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable {14b62295-ac02-494f-a58f-69a897e5d1c9} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer {77d2bc7f-350b-49bd-8ba5-c5ff437d0ee6} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell {7d8ad961-655c-49e9-9d3e-e67fa2561d4b} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ {d200b16c-4039-4e30-872a-1e0ae6dbe90d} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ {73c21364-781c-4c61-bfc1-548e63f0d422} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@ {82dee5b5-f53b-4a86-8c6c-cf72f90fec59} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew {b6d8a7cc-2e53-4cb6-9507-434527072f8c} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia {9e952605-0cf4-47c7-ae92-70cba2471a02} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost {249b89e4-fc2c-471b-8bf2-1e37638aad24} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@ {8bf7ac91-695f-4abe-a441-e9ecc199de75} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@ {58f91cdc-6468-410d-89df-87e491a328ca} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@ {8cf50191-4da5-4419-92a0-99a1ad113c74} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@ {09b0af25-f0b8-4b85-a79b-677b064899aa} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@ {d242ebfc-8908-441a-9a57-3e4b2445fdcb} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching {5875d608-0168-4b04-9b6a-682d4e5076e3} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds {cefa9fe6-18cc-4d57-8356-7ad0156be464} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot {1061de95-c484-486f-bb85-4822e5098d4a} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown {9576e0d7-bfba-45e8-8545-ba34626b2d85} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword {1cdd7250-45c3-4e61-8506-869360dbe509} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL {22c8ace6-430f-47cb-9e55-a2148f703ad6} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL {3d8f5ccb-5c10-46dd-bac1-362e4c2e1de7} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page {7280b114-4481-464b-bd22-fd37cf4665d0} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar {46b79203-e206-405f-a2be-65f3a72a7a11} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page {129d8c6d-f4a4-42a1-bbb1-6ae732779356} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page {762ba791-4662-40e9-98e3-9e83c7fede3d} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL {f397ad98-4e9c-4061-b214-76ba74ad9ef7} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@ {7f82e47b-2de0-4663-9938-19352ed5e54e} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled {f78aab61-902f-42e0-a30b-9063c2775e64} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@ {a19e787c-2e69-4d90-bc61-7113c4af6af9} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@ {c745cd15-96f3-49e8-8d2d-f34da4e61563} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@ {099c689c-bc3a-4406-bd7b-a08f64a67549} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon {c1985b80-0db8-4a64-b9a8-9307c0af320c} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount {0157a0b8-334f-48ec-a425-7010c0115305} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName {e3749133-1283-4c9b-8ef2-84cf6ced2751} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword {c90491dc-50a7-4968-b8af-d0785052e905} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName {acb627f8-e100-45eb-bbbb-5f6634dc3c5d} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI {3e475f22-5fdc-42f4-9c96-882d2378f0b6} HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor SnapshotFolder C:\Programme\WorldAntiSpy\Monitor\Snapshot HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\checkboxes CH_UPDATE_USE_PROXY 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\checkboxes CH_UPDATE_AUTHENTIFICATE 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_IP HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_PORT HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_USER HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs TI_UPDATE_PROXY_PASS HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_BHO 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DEFAULT_INTERNET_APPLICATIONS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DEFAULT_PAGES 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DIALUP_SETTINGS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_DNS_SETTINGS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_ENABLED 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_GATEWAY 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_HANDLERS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_INTERNET_EXPLORER 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_MIME_FILTERS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_NAMESPACE_HANDLERS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_NETWORK_CONNECTIONS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PASSWORD_CACHING 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PROTOCOLS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_PROXY_SETTINGS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes CH_ISH_TOOLBARS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_APPLICATION_ALIASES 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_AUTOMATIC_LOGON 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_COM_COMPONENTS_REGISTRATION 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_CONTEXT_MENUS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_DEFAULT_RULE_FOR_IE_SUBKEYS 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_DISK_CLEAR 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_ENABLED 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PAGE_FILE_CLEARING 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PASSWORD_CACHING_REMOVE 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_PREPROCESSOR_BEFORE_COMMAND_LINE 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_SET_SHELL 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_STARTUP 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_SYSTEM_AUTO_REBOOT 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_TIME_SINCHRONIZATION 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_WINDOWS_INSTALLER 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes CH_SH_WINDOWS_SCRIPTING 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_MINIMIZEONSTART 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_SILENT_STARTUP 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_SCAN_ON_STARTUP 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes CHK_OPTIONS_START_ON_STARTUP 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes CHK_SCAN_BACKGROUND 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_DEEP 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_NORM 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_DEPTH_QUICK 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_HIGH 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_NORM 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes R_SCAN_PRI_LOW 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_USE_PROXY 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_AUTHENTIFICATE 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes CH_UPDATE_ENABLE_AUTO 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\textinputs TI_UPDATE_TIMEOUT 3 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags initialized 1 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags registered 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags aid 93 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings baseUpdated --- HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings coreUpdated --- HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings lastScanned November 5, 2005 at 9:46:13 AM HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings memScanned 23 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings memDetected 0 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings fileScanned 347 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings fileDetected 8 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings regScanned 257610 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings regDetected 7 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings cookiesScanned 347 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings cookiesDetected 8 HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Quarantine QuarantineFolder C:\Programme\WorldAntiSpy\Quarantine HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Scanner Base C:\Programme\WorldAntiSpy\Scanner\Base\Base.dat HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com Version 1.3.10 b3260(Freeman) ATDMT.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\user\cookies\user@atdmt[1].txt Claria.DashBar Cookie Cookie more information... Details: DashBar cookie is a small text file placed on the user's computer after when visiting the Claria/GAIN DashBar website. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\user\cookies\user@belnk[1].txt Mediaplex.com Cookie more information... Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\user\cookies\user@mediaplex[1].txt WindowsMedia Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\user\cookies\user@windowsmedia[2].txt was soll ich jetzt ich jetzt mit den infizierten dateien machen? und das ist der bericht von ClickThis.bat Testing presence of HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD ........... Testing presence of HKEY_LOCAL_MACHINE\SOFTWARE\PSGuard.com ........... Creating dummy .......... Der Vorgang wurde erfolgreich ausgeführt. Der Vorgang wurde erfolgreich ausgeführt. Hiving Dummy / Saving Dummyhive .......... Der Vorgang wurde erfolgreich ausgeführt. Der Vorgang wurde erfolgreich ausgeführt. Deleting Dummy .......... Der Vorgang wurde erfolgreich ausgeführt. Der Vorgang wurde erfolgreich ausgeführt. Adding Dummyhive ........... Deleting ShudderLTD/PSGuard.com ........... Checking if ShudderLTD/PSGuard.com is still present .......... Deleting leftovers in registry .......... Leftovers deleted! aber kannste du mit nochmal erklären was ich damit machen soll? 29.03.2005 14:37 4 info147.sys 29.03.2005 14:37 4 data4711.bak 29.03.2005 14:37 4 num41.jbd Dieser Beitrag wurde am 06.11.2005 um 15:11 Uhr von newhope editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hier für die Suchmaschiene zum finden: Der Desktop wechselt zu:
"Warning! Your computer might be infected with spyware or adware!!! Strange Homepage, popups,loss of important data and unstable functioning are the sure signs that you are infected. Click here to get the latest spyware removal software. Your computer is still vulnerable to new attacks!!!"
Wer kann mir helfen? Wie? Naja, ausführliche Beschreibungen wären eine Hilfe..
Hier die HiJackLog:
Logfile of HijackThis v1.99.1
Scan saved at 19:45:55, on 30.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Norton AntiVirus\navapsvc.exe
D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\srvany.exe
D:\WINDOWS\system32\resetservice.exe
D:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Programme\Messenger\msmsgs.exe
D:\WINDOWS\system32\shnlog.exe
D:\WINDOWS\popuper.exe
D:\WINDOWS\system32\msole32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
D:\Programme\Winamp\winampa.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\intmon.exe
D:\WINDOWS\system32\intmonp.exe
D:\WINDOWS\system32\wpabaln.exe
D:\Programme\Internet Explorer\iexplore.exe
D:\Dokumente und Einstellungen\aga\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - D:\WINDOWS\system32\hp630F.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [intell32.exe] D:\WINDOWS\system32\intell32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programme\Adobe Reader\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D129F70E-213D-40B3-9990-7BD79D0B3674}: NameServer = 217.237.151.225 217.237.150.225
O20 - Winlogon Notify: reset5 - D:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Reset 5 - Unknown owner - D:\WINDOWS\system32\srvany.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
Danke im vorraus!!