Jetzt hat es mich auch mit den pop ups erwischt |
||
---|---|---|
#0
| ||
18.06.2006, 01:30
Member
Beiträge: 56 |
||
|
||
18.06.2006, 12:16
Ehrenmitglied
Beiträge: 29434 |
#17
formatieren geht schneller...der Rechner ist voellig verseucht............
----------------------------------------------------------------- 1. Look2Me-Destroyer V1.0.5 - abarbeiten http://virus-protect.org/l2mfix.html 2. Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. 3. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 4. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfgen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 5. echo.zip entpacken--> klicke echo.bat --> der Texteditor wird sich ffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip 6. Den folgenden Text in den Editor (Start - Zubehr - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2006, 13:04
Member
Beiträge: 56 |
#18
1.,2. u 3. erledigt..
4.: Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\system32 18.06.2006 02:44 236.077 FG20DEU.DLL 18.06.2006 01:04 50.176 hosts 15.06.2006 19:58 2.206 wpa.dbl 04.06.2006 14:52 2 wcpit.exe 01.06.2006 00:06 9.202 frameori1604.exe 01.06.2006 00:06 28.671 drsmartload261a.exe 01.06.2006 00:04 81.920 wuaclt.dll 01.06.2006 00:03 687.592 atmtd.dll._ 01.06.2006 00:03 687.592 atmtd.dll 28.05.2006 19:18 0 nvapps.xml 16.04.2006 02:51 21.840 SIntfNT.dll 16.04.2006 02:51 17.212 SIntf32.dll 16.04.2006 02:51 12.067 SIntf16.dll 26.03.2006 13:31 52.764 perfc009.dat 26.03.2006 13:31 380.350 perfh009.dat 26.03.2006 13:31 391.000 perfh007.dat 26.03.2006 13:31 63.580 perfc007.dat 26.03.2006 13:31 897.954 PerfStringBackup.INI 25.03.2006 23:51 7.006 jupdate-1.5.0_06-b05.log Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\DOKUME~1\NoName\LOKALE~1\Temp 18.06.2006 12:59 0 WER12.tmp 18.06.2006 12:55 0 WERA.tmp 2 Datei(en) 0 Bytes 0 Verzeichnis(se), 1.373.491.200 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS 18.06.2006 12:57 0 0.log 18.06.2006 12:57 50 wiaservc.log 18.06.2006 12:57 159 wiadebug.log 18.06.2006 12:56 2.048 bootstat.dat 18.06.2006 12:17 32.554 SchedLgU.Txt 18.06.2006 03:20 1.167 win.ini 18.06.2006 03:20 332 system.ini 18.06.2006 03:19 1.590.198 ntbtlog.txt 18.06.2006 01:43 0 lijyxip.exe 18.06.2006 01:43 2.855 lijyxip.PIF 18.06.2006 01:04 0 keyboard1.dat 18.06.2006 01:04 50.176 hosts 14.06.2006 00:20 54.156 QTFont.qfn 13.06.2006 14:34 578.560 warebundle.exe 12.06.2006 17:09 1.409 QTFont.for 12.06.2006 08:25 711 M3JPEG.INI 11.06.2006 01:29 133.243 setupapi.log 08.06.2006 16:51 444.371 wmsetup.log 04.06.2006 17:17 0 musicmaker.INI 04.06.2006 16:25 216 muma2003.INI 01.06.2006 00:06 16.384 hqpltsp.exe 01.06.2006 00:03 43 drsmartload2.dat 01.06.2006 00:03 28.672 drsmartload849a.exe 01.06.2006 00:03 28.672 drsmartload46a.exe 01.06.2006 00:03 28.672 drsmartload45a.exe 01.06.2006 00:03 0 newname.dat 01.06.2006 00:03 40 teller2.chk 18.04.2006 20:22 1.314 setupact.log 18.04.2006 17:22 185.645 patcher.exe 18.04.2006 17:16 25.660 shell32.exe 16.04.2006 22:42 9.096 dr.exe 16.04.2006 18:32 8.704 user32.exe 11.04.2006 16:08 440.746 DirectX.log Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\ 18.06.2006 13:03 0 sys.txt 18.06.2006 13:03 13.994 system.txt 18.06.2006 13:03 329 systemtemp.txt 18.06.2006 13:02 113.744 system32.txt 18.06.2006 12:58 9.228 MTE3NDI6ODoxNg.exe 18.06.2006 12:58 61.440 drsmartload1.exe 18.06.2006 12:56 805.306.368 pagefile.sys 18.06.2006 03:20 194 boot.ini 15.06.2006 20:11 59.597 Mendoza1.exe 13.06.2006 21:20 40.960 defender26.exe 10.06.2006 13:19 36.864 defender23a.exe 06.06.2006 23:37 28.672 drsmartload46a.exe 06.06.2006 23:37 28.672 drsmartload45a.exe 01.06.2006 18:50 32.768 keyboard25.exe 01.06.2006 18:50 40.960 defender25.exe 01.06.2006 18:50 57.344 newname25.exe 01.06.2006 00:08 0 tool5.exe 01.06.2006 00:08 0 ms1.exe 01.06.2006 00:07 0 tool4.exe 01.06.2006 00:07 0 tool3.exe 01.06.2006 00:07 0 tool1.exe 01.06.2006 00:07 0 toolbar.exe 01.06.2006 00:06 0 country.exe 01.06.2006 00:03 29.251 mc-110-12-0000228.exe 01.06.2006 00:03 578.560 warebundle.exe 01.06.2006 00:03 310.122 Trelew.exe 01.06.2006 00:03 28.672 drsmartload849a.exe 01.06.2006 00:03 57.344 newname24.exe 01.06.2006 00:03 28.672 keyboard24.exe 01.06.2006 00:02 36.864 defender24.exe 01.06.2006 00:00 0 tool2.exe 01.06.2006 00:00 0 kl1.exe 01.06.2006 00:00 0 uniq 16.04.2006 22:42 9.096 Program.exe 16.04.2006 22:42 9.096 my.exe 16.04.2006 22:42 9.096 documents.exe 11.04.2006 17:20 15.542 GF_Excpt.txt 09.04.2006 16:31 1 DXOkay.bin --------------------------------------------------------------- 5.: 10)DPF???? Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\Downloaded Program Files 26.04.2004 14:25 403 ATPartners.inf 19.11.2004 00:32 4.372 basis.xml 22.11.2004 18:12 <DIR> Cache 01.12.2004 09:41 935.712 cardsV2.dll 01.12.2004 09:39 243 cardsV2.inf 22.11.2004 18:13 <DIR> CONFLICT.1 18.06.2006 02:42 <DIR> CONFLICT.2 11.10.2000 17:49 49.152 CPSurVid.dll 03.09.2003 09:09 1.003.520 EPScontrol.dll 03.09.2003 09:06 530 EPScontrol.inf 16.03.2005 09:09 1.115.848 EPUWALcontrol.dll 15.03.2005 12:59 539 EPUWALcontrol.inf 24.01.2005 11:38 1.249 erma.inf 16.06.2004 17:03 355.955 ICQVideoControl.dll 08.06.2004 12:26 268 ICQVideoControl.inf 29.01.2004 16:02 409 ITDetector.inf 03.02.2004 11:26 49.152 ITDetector.ocx 25.08.2003 18:12 1.096 iuctl.inf 19.09.2003 16:58 819 kdx.inf 06.02.2001 12:30 302 MSSurVid.inf 11.10.2000 17:49 110.592 MSSurVid.ocx 05.11.2003 08:04 228 odyssey_webmoo.inf 22.08.2003 21:10 226 opuc.inf 31.05.2005 02:07 569 OSD15.OSD 09.10.2003 11:32 144 QTPlugin.inf 28.01.2004 12:14 524.445 RdxIE.dll 29.05.2002 23:12 9.488 sporder_.dll 27.08.2005 14:30 5.065 swflash.inf 02.12.2004 14:29 22.528 WinAdServX.dll 29.08.2003 15:55 2.136 WMAVAX.inf 30.06.2003 23:41 1.689 WMV9VCM.inf 04.11.2004 15:59 499.712 xtoolbar.dll 29 Datei(en) 4.696.391 Bytes Verzeichnis von C:\WINDOWS\Downloaded Program Files\Cache 22.11.2004 18:12 <DIR> . 22.11.2004 18:12 <DIR> .. 22.11.2004 18:12 173 4b4f1943e4e37fa06b7247718d4a15ed.xml 1 Datei(en) 173 Bytes Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1 22.11.2004 18:13 <DIR> . 22.11.2004 18:13 <DIR> .. 19.11.2004 00:32 4.372 basis.xml 22.11.2004 18:13 <DIR> Cache 19.11.2004 00:09 0 nav.bmp 19.11.2004 00:21 21 version.txt 04.11.2004 15:59 499.712 xtoolbar.dll 4 Datei(en) 504.105 Bytes Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Cache 22.11.2004 18:13 <DIR> . 22.11.2004 18:13 <DIR> .. 22.11.2004 18:13 173 4b4f1943e4e37fa06b7247718d4a15ed.xml 1 Datei(en) 173 Bytes Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.2 18.06.2006 02:42 <DIR> . 18.06.2006 02:42 <DIR> .. 19.11.2004 00:32 4.372 basis.xml 19.11.2004 00:09 0 nav.bmp 19.11.2004 00:21 21 version.txt 3 Datei(en) 4.393 Bytes Anzahl der angezeigten Dateien: 38 Datei(en) 5.205.235 Bytes 12 Verzeichnis(se), 1.373.392.896 Bytes frei -------------------------------------------------------------------- so... und zu guter letzt 6. Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien 08.06.2006 22:55 <DIR> . 08.06.2006 22:55 <DIR> .. 18.01.2006 00:40 <DIR> Adobe 28.11.2005 00:26 <DIR> Adobe Systems Shared 12.10.2003 21:28 <DIR> Ahead 08.06.2006 22:55 <DIR> Blizzard Entertainment 16.04.2005 01:13 <DIR> CMEII 12.10.2003 21:12 <DIR> Designer 12.10.2003 13:53 <DIR> Dienste 23.12.2004 00:34 <DIR> Digidesign 28.12.2003 03:34 <DIR> DirectX 05.06.2005 18:46 <DIR> GMT 07.06.2006 02:02 <DIR> ifwm 01.06.2006 00:03 <DIR> InetGet 16.10.2003 22:22 <DIR> InstallShield 30.12.2003 23:48 <DIR> Java 12.02.2005 19:14 <DIR> Macromedia 12.02.2005 19:14 <DIR> Macromedia Shared 04.06.2006 17:10 <DIR> MAGIX Shared 12.10.2003 21:12 <DIR> Microsoft Shared 12.10.2003 13:53 <DIR> MSSoap 12.10.2003 14:47 <DIR> ODBC 23.12.2004 15:29 <DIR> PACE Anti-Piracy 23.08.2005 01:43 <DIR> PlayOnline 15.06.2004 17:30 <DIR> Real 17.01.2004 17:11 <DIR> Sierra 12.10.2003 14:47 <DIR> SpeechEngines 18.06.2006 02:11 <DIR> STOPzilla! 12.09.2004 16:06 <DIR> Symantec Shared 12.10.2003 21:10 <DIR> System 05.03.2005 00:34 <DIR> Vbox 19.10.2004 22:29 <DIR> Wise Installation Wizard 15.06.2004 17:30 <DIR> xing shared 0 Datei(en) 0 Bytes 33 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\System32\P2P Networking 26.11.2003 22:59 <DIR> . 26.11.2003 22:59 <DIR> .. 26.11.2003 22:59 <DIR> Cache 26.11.2003 22:59 90.112 MARSHAL.DLL 26.11.2003 22:59 9.205 P2P Networking.eng 26.11.2003 22:59 480.768 P2P Networking.exe 3 Datei(en) 580.085 Bytes 3 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Wsr 17.06.2006 00:17 <DIR> . 17.06.2006 00:17 <DIR> .. 19.08.2002 17:54 663.552 WinsysRsr.exe 1 Datei(en) 663.552 Bytes 2 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Program Files Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\PartyGaming\PartyPoker 08.05.2006 16:21 <DIR> . 08.05.2006 16:21 <DIR> .. 05.01.2006 18:34 7.362 addchips.wav 08.05.2006 16:07 <DIR> Articles 05.01.2006 18:34 2.561 cards_dealing.wav 05.01.2006 18:34 869 cards_sliding.wav 05.01.2006 18:34 11.062 chimes.wav 05.01.2006 18:34 1.687 chips_sliding.wav 05.01.2006 18:34 80.856 ding.wav 12.01.2006 22:48 366 Exit.html 05.01.2006 18:34 59.716 firework3.wav 08.05.2006 16:07 7.752 GRA.ini 31.03.2006 09:38 <DIR> Images 17.02.2006 22:33 59.246 INSTALL.LOG 17.02.2006 22:33 707 install.sss 08.05.2006 16:07 0 llh.dll 06.01.2006 00:59 1.632 login.html 05.01.2006 18:34 9.946 mouse_move.wav 08.05.2006 16:21 0 Notes.txt 25.04.2006 16:08 1.662.976 PartyPoker.dll 06.01.2006 19:10 39.104 poker.bin 17.02.2006 22:33 140 ppunistall.bat 14.02.2006 22:58 857 preloader.html 05.01.2006 18:34 16.544 reminder.wav 05.01.2006 18:34 15.724 ring.wav 30.01.2006 00:13 110.592 RunApp.exe 08.05.2006 16:07 6.650 TabConfig.txt 05.01.2006 18:34 5.004 tap.wav 08.05.2006 16:07 <DIR> tmpUpgrade 17.02.2006 22:33 730.966 Uninstall.exe 25 Datei(en) 2.832.319 Bytes 5 Verzeichnis(se), 1.373.323.264 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Fellowes\MediaFACE 4.0 11.05.2004 15:02 <DIR> . 11.05.2004 15:02 <DIR> .. 14.08.2003 13:19 6.358 AboutLogo.bmp 18.08.2003 17:37 45.056 AudioCD.dll 18.08.2003 17:39 155.648 BarCodeWizard.dll 12.08.2003 12:34 24.576 BarCodeWizardRes.dll 12.08.2003 12:38 892.928 BCGCB58.dll 19.08.2003 13:36 86.016 CDRipper.dll 12.08.2003 11:57 380.928 CDRipperX.ocx 18.08.2003 17:51 798.720 CommonSkinCtrls.dll 19.08.2003 13:36 106.496 DCWrapper.dll 18.08.2003 17:48 77.824 DownloadMgr.dll 12.08.2003 12:37 12.288 DownMgrRes.dll 19.08.2003 13:35 143.360 FormAppearance.dll 12.08.2003 11:57 1.687.552 gdiplus.dll 18.08.2003 17:44 208.896 ImgEffect.dll 12.08.2003 12:34 20.480 ImgEffectRes.dll 18.08.2003 17:44 192.512 ImgLoader.dll 12.08.2003 12:34 16.384 ImgLoaderRes.dll 12.08.2003 11:52 14.473 License.txt 12.08.2003 12:37 12.288 LMLRes.dll 12.08.2003 20:10 901.120 LMUIRes.dll 18.08.2003 17:40 630.881 lmWizard.dll 18.08.2003 17:40 520.296 LmWizIB.dll 12.08.2003 12:34 425.984 lmWizRes.dll 12.08.2003 11:52 562.556 MediaFACE.bmp 18.08.2003 17:36 102.400 MediaFace.exe 14.08.2003 13:18 0 MediaFace.exe.local 14.08.2003 13:19 964 MediaFace.exe.manifest 12.08.2003 11:40 1.874 MediaFACE4.ali 12.08.2003 11:52 3.016.329 MediaFACE4.chm 18.08.2003 17:36 2.781.269 MediaFaceUI.dll 12.08.2003 11:52 562.556 MediaFACE_t.bmp 18.08.2003 17:45 487.424 MF2Conv.dll 12.08.2003 12:34 16.384 MF2ConvRes.dll 12.08.2003 12:34 1.347.584 MF3DRes.dll 18.08.2003 17:38 172.032 MF3DView.dll 18.08.2003 17:37 147.456 MFCBID.dll 12.08.2003 11:57 204.800 mfcbr_client.dll 18.08.2003 17:48 36.864 MFCDLabelDll.dll 18.08.2003 17:46 118.784 MFCNBPHook.dll 18.08.2003 17:41 122.880 MFContentList.dll 18.08.2003 17:38 159.744 MFExport.dll 12.08.2003 12:34 57.344 MFEXPRes.dll 13.08.2003 19:03 32.768 MFExtRes.dll 18.08.2003 17:46 204.800 MFGearProHook.dll 18.08.2003 17:46 90.112 MFHookManager.dll 18.08.2003 17:46 118.784 MFHotBurnHook.dll 18.08.2003 17:37 192.512 MFID3.dll 18.08.2003 17:48 53.248 mfl.dll 18.08.2003 17:46 114.688 MFLiquidHook.dll 18.08.2003 17:47 155.648 MFLiquidPL.dll 18.08.2003 17:46 118.784 MFNeroHook.dll 18.08.2003 17:46 114.688 MFNTIHook.dll 19.08.2003 13:35 1.052.672 MFO.dll 12.08.2003 12:37 16.384 MFORes.dll 18.08.2003 17:39 155.648 MFPCalib.exe 12.08.2003 12:34 118.784 MFPCRes.dll 12.08.2003 12:34 409.600 MFPPRes.dll 19.08.2003 13:36 278.528 MFPrint.dll 18.08.2003 17:47 110.592 MFRealHook.dll 18.08.2003 17:48 118.784 MFRoxioAudioHook.dll 18.08.2003 17:46 118.784 MFRoxioHook.dll 19.08.2003 13:35 94.208 MFRT.dll 19.08.2003 13:36 49.152 MfRunWiz.exe 18.08.2003 17:48 73.728 MFSA.dll 18.08.2003 17:51 729.088 MfScWiz.dll 18.08.2003 17:45 86.016 MFShlExt.dll 18.08.2003 17:46 122.880 MFSimpleCDHook.dll 18.08.2003 17:29 176.128 mftnview.dll 18.08.2003 17:48 110.592 MFWMPHook.dll 18.08.2003 17:28 1.585.152 MFWorkarea.dll 12.08.2003 12:37 24.576 MFWorkareaRes.dll 18.08.2003 17:48 102.400 MJBHook.dll 18.08.2003 17:47 40.960 MJBPL.dll 18.08.2003 17:37 57.344 MP3List.dll 18.08.2003 17:47 102.400 MP3PLUSHook.dll 18.08.2003 17:47 61.440 MP3PLUSPL.dll 11.05.2004 14:59 <DIR> My Projects 20.08.2002 10:45 6.287.360 NET1.exe 18.08.2003 17:43 172.032 PaperViewer.dll 14.08.2003 13:19 299 PrivateGdiPlus.manifest 18.08.2003 17:28 86.016 PrjViewer.dll 18.08.2003 17:47 172.032 RealPL.dll 18.08.2003 17:46 53.248 SetHook.exe 11.05.2004 15:00 <DIR> Settings 19.08.2003 13:35 237.568 SkinEngine.dll 12.08.2003 12:36 24.576 SPPVRes.dll 12.08.2003 11:52 35.420 TrialBanner.gif 12.08.2003 11:59 4.085.904 wmfdist.exe 18.08.2003 17:48 180.224 WMPPL.dll 87 Datei(en) 35.586.859 Bytes 4 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\Temp 18.06.2006 12:53 <DIR> . 18.06.2006 12:53 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Temp 18.06.2006 12:53 <DIR> . 18.06.2006 12:53 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.373.319.168 Bytes frei ------------------------------------------------------------------ Schonmal danke, dass du dich so um mich kmmerst^^.. und vor allem so schnell geantwortet hast Habe alle 6 Punkte befolgt.. joar.. des wrs frs erste Dieser Beitrag wurde am 18.06.2006 um 13:09 Uhr von Porlzum editiert.
|
|
|
||
18.06.2006, 14:07
Ehrenmitglied
Beiträge: 29434 |
#19
1.
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgefhrt, dann wird der PC automatisch neustarten 2. poste das log vom avenger, was erscheint ** 3. poste die logs von datfindbat bis februar 2006 ** 4. Den folgenden Text in den Editor (Start - Zubehr - Editor) kopieren und als com.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die com.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2006, 15:06
Member
Beiträge: 56 |
#20
So..1. getan, hier 2.,die log vom avenger:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\acjcthdj ******************* Script file located at: \??\C:\qecahyod.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Could not open file C:\Programme\ipwins\ipwins.exe for deletion Deletion of file C:\Programme\ipwins\ipwins.exe failed! Could not process line: C:\Programme\ipwins\ipwins.exe Status: 0xc000003a File C:\WINDOWS\system32\FG20DEU.DLL deleted successfully. File C:\WINDOWS\system32\hosts deleted successfully. File C:\WINDOWS\system32\wcpit.exe deleted successfully. File C:\WINDOWS\system32\frameori1604.exe deleted successfully. File C:\WINDOWS\system32\drsmartload261a.exe deleted successfully. File C:\WINDOWS\system32\wuaclt.dll deleted successfully. File C:\WINDOWS\system32\atmtd.dll._ deleted successfully. File C:\WINDOWS\system32\atmtd.dll deleted successfully. File C:\WINDOWS\lijyxip.exe deleted successfully. File C:\WINDOWS\lijyxip.PIF deleted successfully. File C:\WINDOWS\keyboard1.dat deleted successfully. File C:\WINDOWS\hosts deleted successfully. File C:\WINDOWS\warebundle.exe deleted successfully. File C:\WINDOWS\hqpltsp.exe deleted successfully. File C:\WINDOWS\drsmartload2.dat deleted successfully. File C:\WINDOWS\drsmartload849a.exe deleted successfully. File C:\WINDOWS\drsmartload46a.exe deleted successfully. File C:\WINDOWS\drsmartload45a.exe deleted successfully. File C:\WINDOWS\newname.dat deleted successfully. File C:\WINDOWS\teller2.chk deleted successfully. File C:\WINDOWS\patcher.exe deleted successfully. File C:\WINDOWS\shell32.exe deleted successfully. File C:\WINDOWS\dr.exe deleted successfully. File C:\WINDOWS\user32.exe deleted successfully. File C:\MTE3NDI6ODoxNg.exe not found! Deletion of file C:\MTE3NDI6ODoxNg.exe failed! Could not process line: C:\MTE3NDI6ODoxNg.exe Status: 0xc0000034 File C:\drsmartload1.exe deleted successfully. File C:\Mendoza1.exe deleted successfully. File C:\defender26.exe deleted successfully. File C:\defender23a.exe deleted successfully. File C:\drsmartload46a.exe deleted successfully. File C:\drsmartload45a.exe deleted successfully. File C:\keyboard25.exe deleted successfully. File C:\defender25.exe deleted successfully. File C:\newname25.exe deleted successfully. File C:\tool5.exe deleted successfully. File C:\ms1.exe deleted successfully. File C:\tool4.exe deleted successfully. File C:\tool3.exe deleted successfully. File C:\tool1.exe deleted successfully. File C:\toolbar.exe deleted successfully. File C:\country.exe deleted successfully. File C:\mc-110-12-0000228.exe deleted successfully. File C:\warebundle.exe deleted successfully. File C:\Trelew.exe deleted successfully. File C:\drsmartload849a.exe deleted successfully. File C:\newname24.exe deleted successfully. File C:\keyboard24.exe deleted successfully. File C:\defender24.exe deleted successfully. File C:\tool2.exe deleted successfully. File C:\kl1.exe deleted successfully. File C:\uniq deleted successfully. File C:\Program.exe deleted successfully. File C:\my.exe deleted successfully. File C:\documents.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\xtoolbar.dll deleted successfully. File C:\WINDOWS\Downloaded Program Files\RdxIE.dll deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dl not found! Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dl failed! Could not process line: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dl Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. ------------------------------------------------ 3.: datfind.bat logs: Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\system32 15.06.2006 19:58 2.206 wpa.dbl 28.05.2006 19:18 0 nvapps.xml 16.04.2006 02:51 21.840 SIntfNT.dll 16.04.2006 02:51 17.212 SIntf32.dll 16.04.2006 02:51 12.067 SIntf16.dll 26.03.2006 13:31 52.764 perfc009.dat 26.03.2006 13:31 380.350 perfh009.dat 26.03.2006 13:31 63.580 perfc007.dat 26.03.2006 13:31 391.000 perfh007.dat 26.03.2006 13:31 897.954 PerfStringBackup.INI 25.03.2006 23:51 7.006 jupdate-1.5.0_06-b05.log 18.01.2006 14:05 57.344 avsda.dll Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\DOKUME~1\NoName\LOKALE~1\Temp 18.06.2006 13:07 204 jusched.log 18.06.2006 12:59 0 WER12.tmp 18.06.2006 12:55 0 WERA.tmp 3 Datei(en) 204 Bytes 0 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS 18.06.2006 15:00 0 0.log 18.06.2006 14:59 50 wiaservc.log 18.06.2006 14:59 159 wiadebug.log 18.06.2006 14:59 2.048 bootstat.dat 18.06.2006 14:58 32.138 SchedLgU.Txt 18.06.2006 03:20 1.167 win.ini 18.06.2006 03:20 332 system.ini 18.06.2006 03:19 1.590.198 ntbtlog.txt 14.06.2006 00:20 54.156 QTFont.qfn 12.06.2006 17:09 1.409 QTFont.for 12.06.2006 08:25 711 M3JPEG.INI 11.06.2006 01:29 133.243 setupapi.log 08.06.2006 16:51 444.371 wmsetup.log 04.06.2006 17:17 0 musicmaker.INI 04.06.2006 16:25 216 muma2003.INI 18.04.2006 20:22 1.314 setupact.log 11.04.2006 16:08 440.746 DirectX.log 26.03.2006 16:41 606.848 flashax.exe 26.03.2006 16:41 12.288 impborl.dll 01.03.2006 16:18 36.475 up.exe 14.02.2006 05:30 354 sampler.INI 14.02.2006 05:30 753 beatbox.INI 19.01.2006 17:48 10.372 EventSystem.log 03.01.2006 17:45 1.989 uninstall_nmon.vbs Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\ 18.06.2006 15:03 0 sys.txt 18.06.2006 15:03 13.190 system.txt 18.06.2006 15:03 378 systemtemp.txt 18.06.2006 15:01 113.350 system32.txt 18.06.2006 14:59 805.306.368 pagefile.sys 18.06.2006 14:59 7.730 avenger.txt 18.06.2006 13:07 10.139 files.txt 18.06.2006 13:05 3.253 DirDPF.txt 18.06.2006 13:05 2 DirDPFCns.txt 18.06.2006 03:20 194 boot.ini 11.04.2006 17:20 15.542 GF_Excpt.txt 09.04.2006 16:31 1 DXOkay.bin 12.03.2006 18:11 254 777.htm 14.02.2006 06:18 43 settingsc.ini 07.05.2005 16:11 4.102 EyeCandyLog.txt 26.04.2005 18:04 389 log.txt 23.04.2005 12:21 152 Delme.bat 09.04.2005 13:39 20.671 f2install.log 09.04.2005 11:46 7 p!0! 17.02.2005 06:11 1.123 DV.txt 24.01.2005 18:22 509 hpfr5550.log 24.01.2005 18:22 0 hpfr5550.xml (hab immer mal nen monat mehr kopiert, vorsichtshalber..) ---------------------------- und zu guter letzt 4.: Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien 08.06.2006 22:55 <DIR> . 08.06.2006 22:55 <DIR> .. 18.01.2006 00:40 <DIR> Adobe 28.11.2005 00:26 <DIR> Adobe Systems Shared 12.10.2003 21:28 <DIR> Ahead 08.06.2006 22:55 <DIR> Blizzard Entertainment 16.04.2005 01:13 <DIR> CMEII 12.10.2003 21:12 <DIR> Designer 12.10.2003 13:53 <DIR> Dienste 23.12.2004 00:34 <DIR> Digidesign 28.12.2003 03:34 <DIR> DirectX 05.06.2005 18:46 <DIR> GMT 07.06.2006 02:02 <DIR> ifwm 01.06.2006 00:03 <DIR> InetGet 16.10.2003 22:22 <DIR> InstallShield 30.12.2003 23:48 <DIR> Java 12.02.2005 19:14 <DIR> Macromedia 12.02.2005 19:14 <DIR> Macromedia Shared 04.06.2006 17:10 <DIR> MAGIX Shared 12.10.2003 21:12 <DIR> Microsoft Shared 12.10.2003 13:53 <DIR> MSSoap 12.10.2003 14:47 <DIR> ODBC 23.12.2004 15:29 <DIR> PACE Anti-Piracy 23.08.2005 01:43 <DIR> PlayOnline 15.06.2004 17:30 <DIR> Real 17.01.2004 17:11 <DIR> Sierra 12.10.2003 14:47 <DIR> SpeechEngines 18.06.2006 02:11 <DIR> STOPzilla! 12.09.2004 16:06 <DIR> Symantec Shared 12.10.2003 21:10 <DIR> System 05.03.2005 00:34 <DIR> Vbox 19.10.2004 22:29 <DIR> Wise Installation Wizard 15.06.2004 17:30 <DIR> xing shared 0 Datei(en) 0 Bytes 33 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\System32\P2P Networking 26.11.2003 22:59 <DIR> . 26.11.2003 22:59 <DIR> .. 26.11.2003 22:59 <DIR> Cache 26.11.2003 22:59 90.112 MARSHAL.DLL 26.11.2003 22:59 9.205 P2P Networking.eng 26.11.2003 22:59 480.768 P2P Networking.exe 3 Datei(en) 580.085 Bytes 3 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Wsr 17.06.2006 00:17 <DIR> . 17.06.2006 00:17 <DIR> .. 19.08.2002 17:54 663.552 WinsysRsr.exe 1 Datei(en) 663.552 Bytes 2 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Program Files Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\PartyGaming\PartyPoker 08.05.2006 16:21 <DIR> . 08.05.2006 16:21 <DIR> .. 05.01.2006 18:34 7.362 addchips.wav 08.05.2006 16:07 <DIR> Articles 05.01.2006 18:34 2.561 cards_dealing.wav 05.01.2006 18:34 869 cards_sliding.wav 05.01.2006 18:34 11.062 chimes.wav 05.01.2006 18:34 1.687 chips_sliding.wav 05.01.2006 18:34 80.856 ding.wav 12.01.2006 22:48 366 Exit.html 05.01.2006 18:34 59.716 firework3.wav 08.05.2006 16:07 7.752 GRA.ini 31.03.2006 09:38 <DIR> Images 17.02.2006 22:33 59.246 INSTALL.LOG 17.02.2006 22:33 707 install.sss 08.05.2006 16:07 0 llh.dll 06.01.2006 00:59 1.632 login.html 05.01.2006 18:34 9.946 mouse_move.wav 08.05.2006 16:21 0 Notes.txt 25.04.2006 16:08 1.662.976 PartyPoker.dll 06.01.2006 19:10 39.104 poker.bin 17.02.2006 22:33 140 ppunistall.bat 14.02.2006 22:58 857 preloader.html 05.01.2006 18:34 16.544 reminder.wav 05.01.2006 18:34 15.724 ring.wav 30.01.2006 00:13 110.592 RunApp.exe 08.05.2006 16:07 6.650 TabConfig.txt 05.01.2006 18:34 5.004 tap.wav 08.05.2006 16:07 <DIR> tmpUpgrade 17.02.2006 22:33 730.966 Uninstall.exe 25 Datei(en) 2.832.319 Bytes 5 Verzeichnis(se), 1.373.323.264 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Fellowes\MediaFACE 4.0 11.05.2004 15:02 <DIR> . 11.05.2004 15:02 <DIR> .. 14.08.2003 13:19 6.358 AboutLogo.bmp 18.08.2003 17:37 45.056 AudioCD.dll 18.08.2003 17:39 155.648 BarCodeWizard.dll 12.08.2003 12:34 24.576 BarCodeWizardRes.dll 12.08.2003 12:38 892.928 BCGCB58.dll 19.08.2003 13:36 86.016 CDRipper.dll 12.08.2003 11:57 380.928 CDRipperX.ocx 18.08.2003 17:51 798.720 CommonSkinCtrls.dll 19.08.2003 13:36 106.496 DCWrapper.dll 18.08.2003 17:48 77.824 DownloadMgr.dll 12.08.2003 12:37 12.288 DownMgrRes.dll 19.08.2003 13:35 143.360 FormAppearance.dll 12.08.2003 11:57 1.687.552 gdiplus.dll 18.08.2003 17:44 208.896 ImgEffect.dll 12.08.2003 12:34 20.480 ImgEffectRes.dll 18.08.2003 17:44 192.512 ImgLoader.dll 12.08.2003 12:34 16.384 ImgLoaderRes.dll 12.08.2003 11:52 14.473 License.txt 12.08.2003 12:37 12.288 LMLRes.dll 12.08.2003 20:10 901.120 LMUIRes.dll 18.08.2003 17:40 630.881 lmWizard.dll 18.08.2003 17:40 520.296 LmWizIB.dll 12.08.2003 12:34 425.984 lmWizRes.dll 12.08.2003 11:52 562.556 MediaFACE.bmp 18.08.2003 17:36 102.400 MediaFace.exe 14.08.2003 13:18 0 MediaFace.exe.local 14.08.2003 13:19 964 MediaFace.exe.manifest 12.08.2003 11:40 1.874 MediaFACE4.ali 12.08.2003 11:52 3.016.329 MediaFACE4.chm 18.08.2003 17:36 2.781.269 MediaFaceUI.dll 12.08.2003 11:52 562.556 MediaFACE_t.bmp 18.08.2003 17:45 487.424 MF2Conv.dll 12.08.2003 12:34 16.384 MF2ConvRes.dll 12.08.2003 12:34 1.347.584 MF3DRes.dll 18.08.2003 17:38 172.032 MF3DView.dll 18.08.2003 17:37 147.456 MFCBID.dll 12.08.2003 11:57 204.800 mfcbr_client.dll 18.08.2003 17:48 36.864 MFCDLabelDll.dll 18.08.2003 17:46 118.784 MFCNBPHook.dll 18.08.2003 17:41 122.880 MFContentList.dll 18.08.2003 17:38 159.744 MFExport.dll 12.08.2003 12:34 57.344 MFEXPRes.dll 13.08.2003 19:03 32.768 MFExtRes.dll 18.08.2003 17:46 204.800 MFGearProHook.dll 18.08.2003 17:46 90.112 MFHookManager.dll 18.08.2003 17:46 118.784 MFHotBurnHook.dll 18.08.2003 17:37 192.512 MFID3.dll 18.08.2003 17:48 53.248 mfl.dll 18.08.2003 17:46 114.688 MFLiquidHook.dll 18.08.2003 17:47 155.648 MFLiquidPL.dll 18.08.2003 17:46 118.784 MFNeroHook.dll 18.08.2003 17:46 114.688 MFNTIHook.dll 19.08.2003 13:35 1.052.672 MFO.dll 12.08.2003 12:37 16.384 MFORes.dll 18.08.2003 17:39 155.648 MFPCalib.exe 12.08.2003 12:34 118.784 MFPCRes.dll 12.08.2003 12:34 409.600 MFPPRes.dll 19.08.2003 13:36 278.528 MFPrint.dll 18.08.2003 17:47 110.592 MFRealHook.dll 18.08.2003 17:48 118.784 MFRoxioAudioHook.dll 18.08.2003 17:46 118.784 MFRoxioHook.dll 19.08.2003 13:35 94.208 MFRT.dll 19.08.2003 13:36 49.152 MfRunWiz.exe 18.08.2003 17:48 73.728 MFSA.dll 18.08.2003 17:51 729.088 MfScWiz.dll 18.08.2003 17:45 86.016 MFShlExt.dll 18.08.2003 17:46 122.880 MFSimpleCDHook.dll 18.08.2003 17:29 176.128 mftnview.dll 18.08.2003 17:48 110.592 MFWMPHook.dll 18.08.2003 17:28 1.585.152 MFWorkarea.dll 12.08.2003 12:37 24.576 MFWorkareaRes.dll 18.08.2003 17:48 102.400 MJBHook.dll 18.08.2003 17:47 40.960 MJBPL.dll 18.08.2003 17:37 57.344 MP3List.dll 18.08.2003 17:47 102.400 MP3PLUSHook.dll 18.08.2003 17:47 61.440 MP3PLUSPL.dll 11.05.2004 14:59 <DIR> My Projects 20.08.2002 10:45 6.287.360 NET1.exe 18.08.2003 17:43 172.032 PaperViewer.dll 14.08.2003 13:19 299 PrivateGdiPlus.manifest 18.08.2003 17:28 86.016 PrjViewer.dll 18.08.2003 17:47 172.032 RealPL.dll 18.08.2003 17:46 53.248 SetHook.exe 11.05.2004 15:00 <DIR> Settings 19.08.2003 13:35 237.568 SkinEngine.dll 12.08.2003 12:36 24.576 SPPVRes.dll 12.08.2003 11:52 35.420 TrialBanner.gif 12.08.2003 11:59 4.085.904 wmfdist.exe 18.08.2003 17:48 180.224 WMPPL.dll 87 Datei(en) 35.586.859 Bytes 4 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\Temp 18.06.2006 12:53 <DIR> . 18.06.2006 12:53 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Temp 18.06.2006 12:53 <DIR> . 18.06.2006 12:53 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\GMT 05.06.2005 18:46 <DIR> . 05.06.2005 18:46 <DIR> .. 29.01.2005 15:59 <DIR> 107l445785 09.12.2004 23:02 <DIR> 59337w8tyk 10.01.2005 22:39 <DIR> 63nznjtgq1 19.12.2004 22:33 <DIR> 77n4d52960 05.06.2004 11:23 <DIR> 82mckg5z8d 08.08.2004 12:12 <DIR> 8le8i365z1 05.06.2005 00:29 <DIR> 9075u011mw 28.11.2004 20:34 <DIR> 9dnrx894rn 09.04.2005 12:28 <DIR> a97j5e9m6o 05.06.2004 16:17 <DIR> Data 16.04.2005 01:13 <DIR> DownloadTemp 02.02.2004 11:17 438.329 EGGCEngine.dll 02.02.2004 11:17 766.009 egIEEngine.dll 02.02.2004 11:17 127.034 EGIEProcess.dll 02.02.2004 11:17 462.905 EGNSEngine.dll 08.08.2004 19:54 <DIR> f7ihi17u3h 10.11.2003 21:42 4.244 FillIn.wav 05.06.2005 20:26 48.855 Gator.log 02.02.2004 11:17 356.352 GatorRes.dll 02.02.2004 11:17 245.821 GatorStubSetup.exe 10.11.2003 21:42 678 GMT.exe.manifest 10.11.2003 21:42 29.390 Helper.wav 25.11.2004 15:46 <DIR> k19k629ena 05.06.2005 20:42 148 mepbs.dat 05.06.2005 20:48 148 mepcme.dat 05.06.2005 20:42 148 mepcmeft.dat 05.06.2005 21:16 148 mepgh.dat 05.06.2005 20:48 148 mepimg.dat 05.06.2005 20:48 148 meprca.dat 29.01.2005 13:24 <DIR> n59qvud14x 16.01.2005 22:15 <DIR> o67029g6qp 16.07.2004 16:16 <DIR> qk1nym94yb 26.04.2004 15:57 421.947 RTA04720 26.04.2004 15:57 421.947 RTA63730 26.04.2004 15:58 1.396.795 RTB04720 26.04.2004 15:58 1.396.795 RTB63730 26.04.2004 15:58 127.036 RTC04720 26.04.2004 15:58 127.036 RTC63730 26.04.2004 15:57 458.811 RTD04720 26.04.2004 15:57 458.811 RTD63730 26.04.2004 15:56 356.352 RTE04720 26.04.2004 15:56 356.352 RTE63730 26.04.2004 15:56 245.823 RTF04720 26.04.2004 15:56 245.823 RTF63730 26.04.2004 16:07 2.117.684 RTG04720 05.06.2005 20:58 <DIR> scripts 05.06.2005 18:56 <DIR> ufz89g2f71 03.12.2004 20:25 <DIR> xo921fzwjd 03.09.2004 20:14 <DIR> znxeeiydn5 29 Datei(en) 10.611.717 Bytes 22 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\ifwm 07.06.2006 02:02 <DIR> . 07.06.2006 02:02 <DIR> .. 01.06.2006 00:04 0 ifwma.lck 01.06.2006 00:04 <DIR> ifwmd 06.06.2006 23:44 1.536 ifwmh 01.06.2006 00:05 0 ifwml.lck 01.06.2006 00:04 0 ifwmm.lck 4 Datei(en) 1.536 Bytes 3 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\InetGet 01.06.2006 00:03 <DIR> . 01.06.2006 00:03 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.345.400.832 Bytes frei |
|
|
||
18.06.2006, 16:36
Ehrenmitglied
Beiträge: 29434 |
#21
Den folgenden Text in den Editor (Start - Zubehr - Editor) kopieren und als lis.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die lis.bat doppelt klicken--> kopiere den Text, der erscheint
Zitat cd\---------------------------------------------------------------------------- 1. kopiere in den Avenger: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgefhrt, dann wird der PC automatisch neustarten ** 2. poste das log vom Avenger ** 3. loesche: C:\Programme\Gemeinsame Dateien\ifwm C:\Programme\Gemeinsame Dateien\GMT C:\Programme\Gemeinsame Dateien\STOPzilla! C:\WINDOWS\System32\P2P Networking C:\Programme\Gemeinsame Dateien\CMEII C:\Programme\ipwins ** 4 Start - Einstellungen - Systemsteuerung - Software deinstalliere: "RX Bar" [C:\Programme\RXToolBar ] deinstalliere: C:\Programme\PartyGaming deinstalliere: C:\Programme\Network Monitor deinstalliere: "P2P Networking" ** 5. Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden fr: *Ignore *Remove --> Status: Deleted *Quarantaine whle immer Remove und starte den PC neu (dann kopiere den Scanreport ab (wirst du wahrscheinlich als Anhang posten muessen...siehe unten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2006, 16:59
Ehrenmitglied
Beiträge: 29434 |
#22
bevor du mit Counterspy scannst:
ffne das HijackThis -- Button "scan" -- vor die Malware-Eintrge Hkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O1 - Hosts: |a`PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2006, 17:08
Member
Beiträge: 56 |
#23
Hallchen..
also.. 1.: lis.bat-- Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien 08.06.2006 22:55 <DIR> . 08.06.2006 22:55 <DIR> .. 18.01.2006 00:40 <DIR> Adobe 28.11.2005 00:26 <DIR> Adobe Systems Shared 12.10.2003 21:28 <DIR> Ahead 08.06.2006 22:55 <DIR> Blizzard Entertainment 16.04.2005 01:13 <DIR> CMEII 12.10.2003 21:12 <DIR> Designer 12.10.2003 13:53 <DIR> Dienste 23.12.2004 00:34 <DIR> Digidesign 28.12.2003 03:34 <DIR> DirectX 05.06.2005 18:46 <DIR> GMT 07.06.2006 02:02 <DIR> ifwm 01.06.2006 00:03 <DIR> InetGet 16.10.2003 22:22 <DIR> InstallShield 30.12.2003 23:48 <DIR> Java 12.02.2005 19:14 <DIR> Macromedia 12.02.2005 19:14 <DIR> Macromedia Shared 04.06.2006 17:10 <DIR> MAGIX Shared 12.10.2003 21:12 <DIR> Microsoft Shared 12.10.2003 13:53 <DIR> MSSoap 12.10.2003 14:47 <DIR> ODBC 23.12.2004 15:29 <DIR> PACE Anti-Piracy 23.08.2005 01:43 <DIR> PlayOnline 15.06.2004 17:30 <DIR> Real 17.01.2004 17:11 <DIR> Sierra 12.10.2003 14:47 <DIR> SpeechEngines 18.06.2006 02:11 <DIR> STOPzilla! 12.09.2004 16:06 <DIR> Symantec Shared 12.10.2003 21:10 <DIR> System 05.03.2005 00:34 <DIR> Vbox 19.10.2004 22:29 <DIR> Wise Installation Wizard 15.06.2004 17:30 <DIR> xing shared 0 Datei(en) 0 Bytes 33 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\System32\P2P Networking 26.11.2003 22:59 <DIR> . 26.11.2003 22:59 <DIR> .. 26.11.2003 22:59 <DIR> Cache 26.11.2003 22:59 90.112 MARSHAL.DLL 26.11.2003 22:59 9.205 P2P Networking.eng 26.11.2003 22:59 480.768 P2P Networking.exe 3 Datei(en) 580.085 Bytes 3 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Wsr 17.06.2006 00:17 <DIR> . 17.06.2006 00:17 <DIR> .. 19.08.2002 17:54 663.552 WinsysRsr.exe 1 Datei(en) 663.552 Bytes 2 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Program Files Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\PartyGaming\PartyPoker 08.05.2006 16:21 <DIR> . 08.05.2006 16:21 <DIR> .. 05.01.2006 18:34 7.362 addchips.wav 08.05.2006 16:07 <DIR> Articles 05.01.2006 18:34 2.561 cards_dealing.wav 05.01.2006 18:34 869 cards_sliding.wav 05.01.2006 18:34 11.062 chimes.wav 05.01.2006 18:34 1.687 chips_sliding.wav 05.01.2006 18:34 80.856 ding.wav 12.01.2006 22:48 366 Exit.html 05.01.2006 18:34 59.716 firework3.wav 08.05.2006 16:07 7.752 GRA.ini 31.03.2006 09:38 <DIR> Images 17.02.2006 22:33 59.246 INSTALL.LOG 17.02.2006 22:33 707 install.sss 08.05.2006 16:07 0 llh.dll 06.01.2006 00:59 1.632 login.html 05.01.2006 18:34 9.946 mouse_move.wav 08.05.2006 16:21 0 Notes.txt 25.04.2006 16:08 1.662.976 PartyPoker.dll 06.01.2006 19:10 39.104 poker.bin 17.02.2006 22:33 140 ppunistall.bat 14.02.2006 22:58 857 preloader.html 05.01.2006 18:34 16.544 reminder.wav 05.01.2006 18:34 15.724 ring.wav 30.01.2006 00:13 110.592 RunApp.exe 08.05.2006 16:07 6.650 TabConfig.txt 05.01.2006 18:34 5.004 tap.wav 08.05.2006 16:07 <DIR> tmpUpgrade 17.02.2006 22:33 730.966 Uninstall.exe 25 Datei(en) 2.832.319 Bytes 5 Verzeichnis(se), 1.373.323.264 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Fellowes\MediaFACE 4.0 11.05.2004 15:02 <DIR> . 11.05.2004 15:02 <DIR> .. 14.08.2003 13:19 6.358 AboutLogo.bmp 18.08.2003 17:37 45.056 AudioCD.dll 18.08.2003 17:39 155.648 BarCodeWizard.dll 12.08.2003 12:34 24.576 BarCodeWizardRes.dll 12.08.2003 12:38 892.928 BCGCB58.dll 19.08.2003 13:36 86.016 CDRipper.dll 12.08.2003 11:57 380.928 CDRipperX.ocx 18.08.2003 17:51 798.720 CommonSkinCtrls.dll 19.08.2003 13:36 106.496 DCWrapper.dll 18.08.2003 17:48 77.824 DownloadMgr.dll 12.08.2003 12:37 12.288 DownMgrRes.dll 19.08.2003 13:35 143.360 FormAppearance.dll 12.08.2003 11:57 1.687.552 gdiplus.dll 18.08.2003 17:44 208.896 ImgEffect.dll 12.08.2003 12:34 20.480 ImgEffectRes.dll 18.08.2003 17:44 192.512 ImgLoader.dll 12.08.2003 12:34 16.384 ImgLoaderRes.dll 12.08.2003 11:52 14.473 License.txt 12.08.2003 12:37 12.288 LMLRes.dll 12.08.2003 20:10 901.120 LMUIRes.dll 18.08.2003 17:40 630.881 lmWizard.dll 18.08.2003 17:40 520.296 LmWizIB.dll 12.08.2003 12:34 425.984 lmWizRes.dll 12.08.2003 11:52 562.556 MediaFACE.bmp 18.08.2003 17:36 102.400 MediaFace.exe 14.08.2003 13:18 0 MediaFace.exe.local 14.08.2003 13:19 964 MediaFace.exe.manifest 12.08.2003 11:40 1.874 MediaFACE4.ali 12.08.2003 11:52 3.016.329 MediaFACE4.chm 18.08.2003 17:36 2.781.269 MediaFaceUI.dll 12.08.2003 11:52 562.556 MediaFACE_t.bmp 18.08.2003 17:45 487.424 MF2Conv.dll 12.08.2003 12:34 16.384 MF2ConvRes.dll 12.08.2003 12:34 1.347.584 MF3DRes.dll 18.08.2003 17:38 172.032 MF3DView.dll 18.08.2003 17:37 147.456 MFCBID.dll 12.08.2003 11:57 204.800 mfcbr_client.dll 18.08.2003 17:48 36.864 MFCDLabelDll.dll 18.08.2003 17:46 118.784 MFCNBPHook.dll 18.08.2003 17:41 122.880 MFContentList.dll 18.08.2003 17:38 159.744 MFExport.dll 12.08.2003 12:34 57.344 MFEXPRes.dll 13.08.2003 19:03 32.768 MFExtRes.dll 18.08.2003 17:46 204.800 MFGearProHook.dll 18.08.2003 17:46 90.112 MFHookManager.dll 18.08.2003 17:46 118.784 MFHotBurnHook.dll 18.08.2003 17:37 192.512 MFID3.dll 18.08.2003 17:48 53.248 mfl.dll 18.08.2003 17:46 114.688 MFLiquidHook.dll 18.08.2003 17:47 155.648 MFLiquidPL.dll 18.08.2003 17:46 118.784 MFNeroHook.dll 18.08.2003 17:46 114.688 MFNTIHook.dll 19.08.2003 13:35 1.052.672 MFO.dll 12.08.2003 12:37 16.384 MFORes.dll 18.08.2003 17:39 155.648 MFPCalib.exe 12.08.2003 12:34 118.784 MFPCRes.dll 12.08.2003 12:34 409.600 MFPPRes.dll 19.08.2003 13:36 278.528 MFPrint.dll 18.08.2003 17:47 110.592 MFRealHook.dll 18.08.2003 17:48 118.784 MFRoxioAudioHook.dll 18.08.2003 17:46 118.784 MFRoxioHook.dll 19.08.2003 13:35 94.208 MFRT.dll 19.08.2003 13:36 49.152 MfRunWiz.exe 18.08.2003 17:48 73.728 MFSA.dll 18.08.2003 17:51 729.088 MfScWiz.dll 18.08.2003 17:45 86.016 MFShlExt.dll 18.08.2003 17:46 122.880 MFSimpleCDHook.dll 18.08.2003 17:29 176.128 mftnview.dll 18.08.2003 17:48 110.592 MFWMPHook.dll 18.08.2003 17:28 1.585.152 MFWorkarea.dll 12.08.2003 12:37 24.576 MFWorkareaRes.dll 18.08.2003 17:48 102.400 MJBHook.dll 18.08.2003 17:47 40.960 MJBPL.dll 18.08.2003 17:37 57.344 MP3List.dll 18.08.2003 17:47 102.400 MP3PLUSHook.dll 18.08.2003 17:47 61.440 MP3PLUSPL.dll 11.05.2004 14:59 <DIR> My Projects 20.08.2002 10:45 6.287.360 NET1.exe 18.08.2003 17:43 172.032 PaperViewer.dll 14.08.2003 13:19 299 PrivateGdiPlus.manifest 18.08.2003 17:28 86.016 PrjViewer.dll 18.08.2003 17:47 172.032 RealPL.dll 18.08.2003 17:46 53.248 SetHook.exe 11.05.2004 15:00 <DIR> Settings 19.08.2003 13:35 237.568 SkinEngine.dll 12.08.2003 12:36 24.576 SPPVRes.dll 12.08.2003 11:52 35.420 TrialBanner.gif 12.08.2003 11:59 4.085.904 wmfdist.exe 18.08.2003 17:48 180.224 WMPPL.dll 87 Datei(en) 35.586.859 Bytes 4 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\Temp 18.06.2006 12:53 <DIR> . 18.06.2006 12:53 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Temp 18.06.2006 12:53 <DIR> . 18.06.2006 12:53 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\GMT 05.06.2005 18:46 <DIR> . 05.06.2005 18:46 <DIR> .. 29.01.2005 15:59 <DIR> 107l445785 09.12.2004 23:02 <DIR> 59337w8tyk 10.01.2005 22:39 <DIR> 63nznjtgq1 19.12.2004 22:33 <DIR> 77n4d52960 05.06.2004 11:23 <DIR> 82mckg5z8d 08.08.2004 12:12 <DIR> 8le8i365z1 05.06.2005 00:29 <DIR> 9075u011mw 28.11.2004 20:34 <DIR> 9dnrx894rn 09.04.2005 12:28 <DIR> a97j5e9m6o 05.06.2004 16:17 <DIR> Data 16.04.2005 01:13 <DIR> DownloadTemp 02.02.2004 11:17 438.329 EGGCEngine.dll 02.02.2004 11:17 766.009 egIEEngine.dll 02.02.2004 11:17 127.034 EGIEProcess.dll 02.02.2004 11:17 462.905 EGNSEngine.dll 08.08.2004 19:54 <DIR> f7ihi17u3h 10.11.2003 21:42 4.244 FillIn.wav 05.06.2005 20:26 48.855 Gator.log 02.02.2004 11:17 356.352 GatorRes.dll 02.02.2004 11:17 245.821 GatorStubSetup.exe 10.11.2003 21:42 678 GMT.exe.manifest 10.11.2003 21:42 29.390 Helper.wav 25.11.2004 15:46 <DIR> k19k629ena 05.06.2005 20:42 148 mepbs.dat 05.06.2005 20:48 148 mepcme.dat 05.06.2005 20:42 148 mepcmeft.dat 05.06.2005 21:16 148 mepgh.dat 05.06.2005 20:48 148 mepimg.dat 05.06.2005 20:48 148 meprca.dat 29.01.2005 13:24 <DIR> n59qvud14x 16.01.2005 22:15 <DIR> o67029g6qp 16.07.2004 16:16 <DIR> qk1nym94yb 26.04.2004 15:57 421.947 RTA04720 26.04.2004 15:57 421.947 RTA63730 26.04.2004 15:58 1.396.795 RTB04720 26.04.2004 15:58 1.396.795 RTB63730 26.04.2004 15:58 127.036 RTC04720 26.04.2004 15:58 127.036 RTC63730 26.04.2004 15:57 458.811 RTD04720 26.04.2004 15:57 458.811 RTD63730 26.04.2004 15:56 356.352 RTE04720 26.04.2004 15:56 356.352 RTE63730 26.04.2004 15:56 245.823 RTF04720 26.04.2004 15:56 245.823 RTF63730 26.04.2004 16:07 2.117.684 RTG04720 05.06.2005 20:58 <DIR> scripts 05.06.2005 18:56 <DIR> ufz89g2f71 03.12.2004 20:25 <DIR> xo921fzwjd 03.09.2004 20:14 <DIR> znxeeiydn5 29 Datei(en) 10.611.717 Bytes 22 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\ifwm 07.06.2006 02:02 <DIR> . 07.06.2006 02:02 <DIR> .. 01.06.2006 00:04 0 ifwma.lck 01.06.2006 00:04 <DIR> ifwmd 06.06.2006 23:44 1.536 ifwmh 01.06.2006 00:05 0 ifwml.lck 01.06.2006 00:04 0 ifwmm.lck 4 Datei(en) 1.536 Bytes 3 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\InetGet 01.06.2006 00:03 <DIR> . 01.06.2006 00:03 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII 16.04.2005 01:13 <DIR> . 16.04.2005 01:13 <DIR> .. 12.03.2005 00:28 1.109 CMEDiagnostics.log 02.02.2004 11:18 90.165 CMEIIAPI.dll 02.02.2004 11:18 335.924 GAppMgr.dll 10.04.2005 12:33 146 GatorSupportInfo.txt 02.02.2004 11:18 135.224 GController.dll 02.02.2004 11:18 249.909 GDwldEng.dll 02.02.2004 11:18 110.642 GIocl.dll 02.02.2004 11:18 90.168 GIoclClient.dll 02.02.2004 11:18 167.989 GMTProxy.dll 02.02.2004 11:18 221.234 GObjs.dll 02.02.2004 11:18 110.643 GStore.dll 02.02.2004 11:18 102.457 GStoreServer.dll 02.02.2004 11:18 434.227 Gtools.dll 27.11.2003 00:30 <DIR> gui 26.04.2004 16:11 90.167 RTA04720 26.04.2004 16:11 90.167 RTA63730 26.04.2004 16:13 90.112 RTB04720 26.04.2004 16:13 90.112 RTB63730 26.04.2004 16:13 442.422 RTC04720 26.04.2004 16:13 442.422 RTC63730 26.04.2004 16:13 237.626 RTD04720 26.04.2004 16:13 237.626 RTD63730 26.04.2004 16:13 249.911 RTE04720 26.04.2004 16:13 249.911 RTE63730 26.04.2004 16:12 110.644 RTF04720 26.04.2004 16:11 90.170 RTG04720 26.04.2004 16:13 167.991 RTH04720 12.03.2005 00:28 <DIR> store 26 Datei(en) 4.639.118 Bytes 4 Verzeichnis(se), 1.344.512.000 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII 16.04.2005 01:13 <DIR> . 16.04.2005 01:13 <DIR> .. 12.03.2005 00:28 1.109 CMEDiagnostics.log 02.02.2004 11:18 90.165 CMEIIAPI.dll 02.02.2004 11:18 335.924 GAppMgr.dll 10.04.2005 12:33 146 GatorSupportInfo.txt 02.02.2004 11:18 135.224 GController.dll 02.02.2004 11:18 249.909 GDwldEng.dll 02.02.2004 11:18 110.642 GIocl.dll 02.02.2004 11:18 90.168 GIoclClient.dll 02.02.2004 11:18 167.989 GMTProxy.dll 02.02.2004 11:18 221.234 GObjs.dll 02.02.2004 11:18 110.643 GStore.dll 02.02.2004 11:18 102.457 GStoreServer.dll 02.02.2004 11:18 434.227 Gtools.dll 27.11.2003 00:30 <DIR> gui 26.04.2004 16:11 90.167 RTA04720 26.04.2004 16:11 90.167 RTA63730 26.04.2004 16:13 90.112 RTB04720 26.04.2004 16:13 90.112 RTB63730 26.04.2004 16:13 442.422 RTC04720 26.04.2004 16:13 442.422 RTC63730 26.04.2004 16:13 237.626 RTD04720 26.04.2004 16:13 237.626 RTD63730 26.04.2004 16:13 249.911 RTE04720 26.04.2004 16:13 249.911 RTE63730 26.04.2004 16:12 110.644 RTF04720 26.04.2004 16:11 90.170 RTG04720 26.04.2004 16:13 167.991 RTH04720 12.03.2005 00:28 <DIR> store 26 Datei(en) 4.639.118 Bytes 4 Verzeichnis(se), 1.344.507.904 Bytes frei -------------------------- 2. - da gibts n error... hier die errorlog.txt (vor dem neustarten) ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: [KEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E} ..ab dem punkt, wart ich mal auf deine antwort.. Dieser Beitrag wurde am 18.06.2006 um 17:11 Uhr von Porlzum editiert.
|
|
|
||
18.06.2006, 17:09
Ehrenmitglied
Beiträge: 29434 |
#24
du postest immer das gleiche..ich gebe jeder bat einen anderen namen
warte 10 Minuten, ich baue das noch mit ein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2006, 17:15
Ehrenmitglied
Beiträge: 29434 |
#25
so, nun kannst du den avenger anwenden, danach poste dessen log, fixe alle malware mit dem hijacktHis und sanne mit Counterspy (+ ...alle logs posten, von avenger und vom counterspy als anhang)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2006, 17:21
Member
Beiträge: 56 |
#26
also hier nochmal die lis.bat:
Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien 08.06.2006 22:55 <DIR> . 08.06.2006 22:55 <DIR> .. 18.01.2006 00:40 <DIR> Adobe 28.11.2005 00:26 <DIR> Adobe Systems Shared 12.10.2003 21:28 <DIR> Ahead 08.06.2006 22:55 <DIR> Blizzard Entertainment 16.04.2005 01:13 <DIR> CMEII 12.10.2003 21:12 <DIR> Designer 12.10.2003 13:53 <DIR> Dienste 23.12.2004 00:34 <DIR> Digidesign 28.12.2003 03:34 <DIR> DirectX 05.06.2005 18:46 <DIR> GMT 07.06.2006 02:02 <DIR> ifwm 01.06.2006 00:03 <DIR> InetGet 16.10.2003 22:22 <DIR> InstallShield 30.12.2003 23:48 <DIR> Java 12.02.2005 19:14 <DIR> Macromedia 12.02.2005 19:14 <DIR> Macromedia Shared 04.06.2006 17:10 <DIR> MAGIX Shared 12.10.2003 21:12 <DIR> Microsoft Shared 12.10.2003 13:53 <DIR> MSSoap 12.10.2003 14:47 <DIR> ODBC 23.12.2004 15:29 <DIR> PACE Anti-Piracy 23.08.2005 01:43 <DIR> PlayOnline 15.06.2004 17:30 <DIR> Real 17.01.2004 17:11 <DIR> Sierra 12.10.2003 14:47 <DIR> SpeechEngines 18.06.2006 02:11 <DIR> STOPzilla! 12.09.2004 16:06 <DIR> Symantec Shared 12.10.2003 21:10 <DIR> System 05.03.2005 00:34 <DIR> Vbox 19.10.2004 22:29 <DIR> Wise Installation Wizard 15.06.2004 17:30 <DIR> xing shared 0 Datei(en) 0 Bytes 33 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\System32\P2P Networking 26.11.2003 22:59 <DIR> . 26.11.2003 22:59 <DIR> .. 26.11.2003 22:59 <DIR> Cache 26.11.2003 22:59 90.112 MARSHAL.DLL 26.11.2003 22:59 9.205 P2P Networking.eng 26.11.2003 22:59 480.768 P2P Networking.exe 3 Datei(en) 580.085 Bytes 3 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Wsr 17.06.2006 00:17 <DIR> . 17.06.2006 00:17 <DIR> .. 19.08.2002 17:54 663.552 WinsysRsr.exe 1 Datei(en) 663.552 Bytes 2 Verzeichnis(se), 1.373.327.360 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Program Files Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\PartyGaming\PartyPoker 08.05.2006 16:21 <DIR> . 08.05.2006 16:21 <DIR> .. 05.01.2006 18:34 7.362 addchips.wav 08.05.2006 16:07 <DIR> Articles 05.01.2006 18:34 2.561 cards_dealing.wav 05.01.2006 18:34 869 cards_sliding.wav 05.01.2006 18:34 11.062 chimes.wav 05.01.2006 18:34 1.687 chips_sliding.wav 05.01.2006 18:34 80.856 ding.wav 12.01.2006 22:48 366 Exit.html 05.01.2006 18:34 59.716 firework3.wav 08.05.2006 16:07 7.752 GRA.ini 31.03.2006 09:38 <DIR> Images 17.02.2006 22:33 59.246 INSTALL.LOG 17.02.2006 22:33 707 install.sss 08.05.2006 16:07 0 llh.dll 06.01.2006 00:59 1.632 login.html 05.01.2006 18:34 9.946 mouse_move.wav 08.05.2006 16:21 0 Notes.txt 25.04.2006 16:08 1.662.976 PartyPoker.dll 06.01.2006 19:10 39.104 poker.bin 17.02.2006 22:33 140 ppunistall.bat 14.02.2006 22:58 857 preloader.html 05.01.2006 18:34 16.544 reminder.wav 05.01.2006 18:34 15.724 ring.wav 30.01.2006 00:13 110.592 RunApp.exe 08.05.2006 16:07 6.650 TabConfig.txt 05.01.2006 18:34 5.004 tap.wav 08.05.2006 16:07 <DIR> tmpUpgrade 17.02.2006 22:33 730.966 Uninstall.exe 25 Datei(en) 2.832.319 Bytes 5 Verzeichnis(se), 1.373.323.264 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Fellowes\MediaFACE 4.0 11.05.2004 15:02 <DIR> . 11.05.2004 15:02 <DIR> .. 14.08.2003 13:19 6.358 AboutLogo.bmp 18.08.2003 17:37 45.056 AudioCD.dll 18.08.2003 17:39 155.648 BarCodeWizard.dll 12.08.2003 12:34 24.576 BarCodeWizardRes.dll 12.08.2003 12:38 892.928 BCGCB58.dll 19.08.2003 13:36 86.016 CDRipper.dll 12.08.2003 11:57 380.928 CDRipperX.ocx 18.08.2003 17:51 798.720 CommonSkinCtrls.dll 19.08.2003 13:36 106.496 DCWrapper.dll 18.08.2003 17:48 77.824 DownloadMgr.dll 12.08.2003 12:37 12.288 DownMgrRes.dll 19.08.2003 13:35 143.360 FormAppearance.dll 12.08.2003 11:57 1.687.552 gdiplus.dll 18.08.2003 17:44 208.896 ImgEffect.dll 12.08.2003 12:34 20.480 ImgEffectRes.dll 18.08.2003 17:44 192.512 ImgLoader.dll 12.08.2003 12:34 16.384 ImgLoaderRes.dll 12.08.2003 11:52 14.473 License.txt 12.08.2003 12:37 12.288 LMLRes.dll 12.08.2003 20:10 901.120 LMUIRes.dll 18.08.2003 17:40 630.881 lmWizard.dll 18.08.2003 17:40 520.296 LmWizIB.dll 12.08.2003 12:34 425.984 lmWizRes.dll 12.08.2003 11:52 562.556 MediaFACE.bmp 18.08.2003 17:36 102.400 MediaFace.exe 14.08.2003 13:18 0 MediaFace.exe.local 14.08.2003 13:19 964 MediaFace.exe.manifest 12.08.2003 11:40 1.874 MediaFACE4.ali 12.08.2003 11:52 3.016.329 MediaFACE4.chm 18.08.2003 17:36 2.781.269 MediaFaceUI.dll 12.08.2003 11:52 562.556 MediaFACE_t.bmp 18.08.2003 17:45 487.424 MF2Conv.dll 12.08.2003 12:34 16.384 MF2ConvRes.dll 12.08.2003 12:34 1.347.584 MF3DRes.dll 18.08.2003 17:38 172.032 MF3DView.dll 18.08.2003 17:37 147.456 MFCBID.dll 12.08.2003 11:57 204.800 mfcbr_client.dll 18.08.2003 17:48 36.864 MFCDLabelDll.dll 18.08.2003 17:46 118.784 MFCNBPHook.dll 18.08.2003 17:41 122.880 MFContentList.dll 18.08.2003 17:38 159.744 MFExport.dll 12.08.2003 12:34 57.344 MFEXPRes.dll 13.08.2003 19:03 32.768 MFExtRes.dll 18.08.2003 17:46 204.800 MFGearProHook.dll 18.08.2003 17:46 90.112 MFHookManager.dll 18.08.2003 17:46 118.784 MFHotBurnHook.dll 18.08.2003 17:37 192.512 MFID3.dll 18.08.2003 17:48 53.248 mfl.dll 18.08.2003 17:46 114.688 MFLiquidHook.dll 18.08.2003 17:47 155.648 MFLiquidPL.dll 18.08.2003 17:46 118.784 MFNeroHook.dll 18.08.2003 17:46 114.688 MFNTIHook.dll 19.08.2003 13:35 1.052.672 MFO.dll 12.08.2003 12:37 16.384 MFORes.dll 18.08.2003 17:39 155.648 MFPCalib.exe 12.08.2003 12:34 118.784 MFPCRes.dll 12.08.2003 12:34 409.600 MFPPRes.dll 19.08.2003 13:36 278.528 MFPrint.dll 18.08.2003 17:47 110.592 MFRealHook.dll 18.08.2003 17:48 118.784 MFRoxioAudioHook.dll 18.08.2003 17:46 118.784 MFRoxioHook.dll 19.08.2003 13:35 94.208 MFRT.dll 19.08.2003 13:36 49.152 MfRunWiz.exe 18.08.2003 17:48 73.728 MFSA.dll 18.08.2003 17:51 729.088 MfScWiz.dll 18.08.2003 17:45 86.016 MFShlExt.dll 18.08.2003 17:46 122.880 MFSimpleCDHook.dll 18.08.2003 17:29 176.128 mftnview.dll 18.08.2003 17:48 110.592 MFWMPHook.dll 18.08.2003 17:28 1.585.152 MFWorkarea.dll 12.08.2003 12:37 24.576 MFWorkareaRes.dll 18.08.2003 17:48 102.400 MJBHook.dll 18.08.2003 17:47 40.960 MJBPL.dll 18.08.2003 17:37 57.344 MP3List.dll 18.08.2003 17:47 102.400 MP3PLUSHook.dll 18.08.2003 17:47 61.440 MP3PLUSPL.dll 11.05.2004 14:59 <DIR> My Projects 20.08.2002 10:45 6.287.360 NET1.exe 18.08.2003 17:43 172.032 PaperViewer.dll 14.08.2003 13:19 299 PrivateGdiPlus.manifest 18.08.2003 17:28 86.016 PrjViewer.dll 18.08.2003 17:47 172.032 RealPL.dll 18.08.2003 17:46 53.248 SetHook.exe 11.05.2004 15:00 <DIR> Settings 19.08.2003 13:35 237.568 SkinEngine.dll 12.08.2003 12:36 24.576 SPPVRes.dll 12.08.2003 11:52 35.420 TrialBanner.gif 12.08.2003 11:59 4.085.904 wmfdist.exe 18.08.2003 17:48 180.224 WMPPL.dll 87 Datei(en) 35.586.859 Bytes 4 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\Temp 18.06.2006 12:53 <DIR> . 18.06.2006 12:53 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Temp 18.06.2006 12:53 <DIR> . 18.06.2006 12:53 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.373.319.168 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\GMT 05.06.2005 18:46 <DIR> . 05.06.2005 18:46 <DIR> .. 29.01.2005 15:59 <DIR> 107l445785 09.12.2004 23:02 <DIR> 59337w8tyk 10.01.2005 22:39 <DIR> 63nznjtgq1 19.12.2004 22:33 <DIR> 77n4d52960 05.06.2004 11:23 <DIR> 82mckg5z8d 08.08.2004 12:12 <DIR> 8le8i365z1 05.06.2005 00:29 <DIR> 9075u011mw 28.11.2004 20:34 <DIR> 9dnrx894rn 09.04.2005 12:28 <DIR> a97j5e9m6o 05.06.2004 16:17 <DIR> Data 16.04.2005 01:13 <DIR> DownloadTemp 02.02.2004 11:17 438.329 EGGCEngine.dll 02.02.2004 11:17 766.009 egIEEngine.dll 02.02.2004 11:17 127.034 EGIEProcess.dll 02.02.2004 11:17 462.905 EGNSEngine.dll 08.08.2004 19:54 <DIR> f7ihi17u3h 10.11.2003 21:42 4.244 FillIn.wav 05.06.2005 20:26 48.855 Gator.log 02.02.2004 11:17 356.352 GatorRes.dll 02.02.2004 11:17 245.821 GatorStubSetup.exe 10.11.2003 21:42 678 GMT.exe.manifest 10.11.2003 21:42 29.390 Helper.wav 25.11.2004 15:46 <DIR> k19k629ena 05.06.2005 20:42 148 mepbs.dat 05.06.2005 20:48 148 mepcme.dat 05.06.2005 20:42 148 mepcmeft.dat 05.06.2005 21:16 148 mepgh.dat 05.06.2005 20:48 148 mepimg.dat 05.06.2005 20:48 148 meprca.dat 29.01.2005 13:24 <DIR> n59qvud14x 16.01.2005 22:15 <DIR> o67029g6qp 16.07.2004 16:16 <DIR> qk1nym94yb 26.04.2004 15:57 421.947 RTA04720 26.04.2004 15:57 421.947 RTA63730 26.04.2004 15:58 1.396.795 RTB04720 26.04.2004 15:58 1.396.795 RTB63730 26.04.2004 15:58 127.036 RTC04720 26.04.2004 15:58 127.036 RTC63730 26.04.2004 15:57 458.811 RTD04720 26.04.2004 15:57 458.811 RTD63730 26.04.2004 15:56 356.352 RTE04720 26.04.2004 15:56 356.352 RTE63730 26.04.2004 15:56 245.823 RTF04720 26.04.2004 15:56 245.823 RTF63730 26.04.2004 16:07 2.117.684 RTG04720 05.06.2005 20:58 <DIR> scripts 05.06.2005 18:56 <DIR> ufz89g2f71 03.12.2004 20:25 <DIR> xo921fzwjd 03.09.2004 20:14 <DIR> znxeeiydn5 29 Datei(en) 10.611.717 Bytes 22 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\ifwm 07.06.2006 02:02 <DIR> . 07.06.2006 02:02 <DIR> .. 01.06.2006 00:04 0 ifwma.lck 01.06.2006 00:04 <DIR> ifwmd 06.06.2006 23:44 1.536 ifwmh 01.06.2006 00:05 0 ifwml.lck 01.06.2006 00:04 0 ifwmm.lck 4 Datei(en) 1.536 Bytes 3 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\InetGet 01.06.2006 00:03 <DIR> . 01.06.2006 00:03 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 1.345.400.832 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII 16.04.2005 01:13 <DIR> . 16.04.2005 01:13 <DIR> .. 12.03.2005 00:28 1.109 CMEDiagnostics.log 02.02.2004 11:18 90.165 CMEIIAPI.dll 02.02.2004 11:18 335.924 GAppMgr.dll 10.04.2005 12:33 146 GatorSupportInfo.txt 02.02.2004 11:18 135.224 GController.dll 02.02.2004 11:18 249.909 GDwldEng.dll 02.02.2004 11:18 110.642 GIocl.dll 02.02.2004 11:18 90.168 GIoclClient.dll 02.02.2004 11:18 167.989 GMTProxy.dll 02.02.2004 11:18 221.234 GObjs.dll 02.02.2004 11:18 110.643 GStore.dll 02.02.2004 11:18 102.457 GStoreServer.dll 02.02.2004 11:18 434.227 Gtools.dll 27.11.2003 00:30 <DIR> gui 26.04.2004 16:11 90.167 RTA04720 26.04.2004 16:11 90.167 RTA63730 26.04.2004 16:13 90.112 RTB04720 26.04.2004 16:13 90.112 RTB63730 26.04.2004 16:13 442.422 RTC04720 26.04.2004 16:13 442.422 RTC63730 26.04.2004 16:13 237.626 RTD04720 26.04.2004 16:13 237.626 RTD63730 26.04.2004 16:13 249.911 RTE04720 26.04.2004 16:13 249.911 RTE63730 26.04.2004 16:12 110.644 RTF04720 26.04.2004 16:11 90.170 RTG04720 26.04.2004 16:13 167.991 RTH04720 12.03.2005 00:28 <DIR> store 26 Datei(en) 4.639.118 Bytes 4 Verzeichnis(se), 1.344.512.000 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII 16.04.2005 01:13 <DIR> . 16.04.2005 01:13 <DIR> .. 12.03.2005 00:28 1.109 CMEDiagnostics.log 02.02.2004 11:18 90.165 CMEIIAPI.dll 02.02.2004 11:18 335.924 GAppMgr.dll 10.04.2005 12:33 146 GatorSupportInfo.txt 02.02.2004 11:18 135.224 GController.dll 02.02.2004 11:18 249.909 GDwldEng.dll 02.02.2004 11:18 110.642 GIocl.dll 02.02.2004 11:18 90.168 GIoclClient.dll 02.02.2004 11:18 167.989 GMTProxy.dll 02.02.2004 11:18 221.234 GObjs.dll 02.02.2004 11:18 110.643 GStore.dll 02.02.2004 11:18 102.457 GStoreServer.dll 02.02.2004 11:18 434.227 Gtools.dll 27.11.2003 00:30 <DIR> gui 26.04.2004 16:11 90.167 RTA04720 26.04.2004 16:11 90.167 RTA63730 26.04.2004 16:13 90.112 RTB04720 26.04.2004 16:13 90.112 RTB63730 26.04.2004 16:13 442.422 RTC04720 26.04.2004 16:13 442.422 RTC63730 26.04.2004 16:13 237.626 RTD04720 26.04.2004 16:13 237.626 RTD63730 26.04.2004 16:13 249.911 RTE04720 26.04.2004 16:13 249.911 RTE63730 26.04.2004 16:12 110.644 RTF04720 26.04.2004 16:11 90.170 RTG04720 26.04.2004 16:13 167.991 RTH04720 12.03.2005 00:28 <DIR> store 26 Datei(en) 4.639.118 Bytes 4 Verzeichnis(se), 1.344.507.904 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII 16.04.2005 01:13 <DIR> . 16.04.2005 01:13 <DIR> .. 12.03.2005 00:28 1.109 CMEDiagnostics.log 02.02.2004 11:18 90.165 CMEIIAPI.dll 02.02.2004 11:18 335.924 GAppMgr.dll 10.04.2005 12:33 146 GatorSupportInfo.txt 02.02.2004 11:18 135.224 GController.dll 02.02.2004 11:18 249.909 GDwldEng.dll 02.02.2004 11:18 110.642 GIocl.dll 02.02.2004 11:18 90.168 GIoclClient.dll 02.02.2004 11:18 167.989 GMTProxy.dll 02.02.2004 11:18 221.234 GObjs.dll 02.02.2004 11:18 110.643 GStore.dll 02.02.2004 11:18 102.457 GStoreServer.dll 02.02.2004 11:18 434.227 Gtools.dll 27.11.2003 00:30 <DIR> gui 26.04.2004 16:11 90.167 RTA04720 26.04.2004 16:11 90.167 RTA63730 26.04.2004 16:13 90.112 RTB04720 26.04.2004 16:13 90.112 RTB63730 26.04.2004 16:13 442.422 RTC04720 26.04.2004 16:13 442.422 RTC63730 26.04.2004 16:13 237.626 RTD04720 26.04.2004 16:13 237.626 RTD63730 26.04.2004 16:13 249.911 RTE04720 26.04.2004 16:13 249.911 RTE63730 26.04.2004 16:12 110.644 RTF04720 26.04.2004 16:11 90.170 RTG04720 26.04.2004 16:13 167.991 RTH04720 12.03.2005 00:28 <DIR> store 26 Datei(en) 4.639.118 Bytes 4 Verzeichnis(se), 1.345.490.944 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Program Files --------------------------------- avenger hat error-meldungen angezeigt..habe aber trotzdem fortgesetzt: hier die log- ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\clldjmrq ******************* Script file located at: \??\C:\WINDOWS\peabohgx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor Status: 0xc0000034 Could not open file C:\Program Files\Sitecom\C2SLoad.exe for deletion Deletion of file C:\Program Files\Sitecom\C2SLoad.exe failed! Could not process line: C:\Program Files\Sitecom\C2SLoad.exe Status: 0xc000003a File C:\WINDOWS\system32\javaqq32.exe not found! Deletion of file C:\WINDOWS\system32\javaqq32.exe failed! Could not process line: C:\WINDOWS\system32\javaqq32.exe Status: 0xc0000034 File C:\WINDOWS\System32\dllhost.exe deleted successfully. Error: C:\Programme\Gemeinsame Dateien\STOPzilla! is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\STOPzilla! failed! Could not process line: C:\Programme\Gemeinsame Dateien\STOPzilla! Status: 0xc00000ba File C:\Programme\Gemeinsame Dateien\CMEII\CMEDiagnostics.log deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GatorSupportInfo.txt deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll deleted successfully. Error: C:\Programme\Gemeinsame Dateien\CMEII\gui is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\CMEII\gui failed! Could not process line: C:\Programme\Gemeinsame Dateien\CMEII\gui Status: 0xc00000ba File C:\Programme\Gemeinsame Dateien\CMEII\RTA04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTA63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTB04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTB63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTC04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTC63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTD04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTD63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTE04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTE63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTF04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTG04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\CMEII\RTH04720 deleted successfully. Error: C:\Programme\Gemeinsame Dateien\CMEII\store is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\CMEII\store failed! Could not process line: C:\Programme\Gemeinsame Dateien\CMEII\store Status: 0xc00000ba File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dll deleted successfully. File C:\777.htm deleted successfully. Could not open file C:\Programme\Network Monitor\netmon.exe for deletion Deletion of file C:\Programme\Network Monitor\netmon.exe failed! Could not process line: C:\Programme\Network Monitor\netmon.exe Status: 0xc000003a File C:\WINDOWS\uninstall_nmon.vbs deleted successfully. File C:\WINDOWS\up.exe deleted successfully. File C:\Programme\Gemeinsame Dateien\ifwm\ifwma.lck deleted successfully. Error: C:\Programme\Gemeinsame Dateien\ifwm\ifwmd is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\ifwm\ifwmd failed! Could not process line: C:\Programme\Gemeinsame Dateien\ifwm\ifwmd Status: 0xc00000ba File C:\Programme\Gemeinsame Dateien\ifwm\ifwmh deleted successfully. File C:\Programme\Gemeinsame Dateien\ifwm\ifwml.lck deleted successfully. File C:\Programme\Gemeinsame Dateien\ifwm\ifwmm.lck deleted successfully. Error: C:\Programme\Gemeinsame Dateien\InetGet is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\InetGet failed! Could not process line: C:\Programme\Gemeinsame Dateien\InetGet Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\107l445785 is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\107l445785 failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\107l445785 Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\59337w8tyk is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\59337w8tyk failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\59337w8tyk Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\63nznjtgq1 is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\63nznjtgq1 failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\63nznjtgq1 Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\77n4d52960 is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\77n4d52960 failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\77n4d52960 Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\82mckg5z8d is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\82mckg5z8d failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\82mckg5z8d Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\8le8i365z1 is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\8le8i365z1 failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\8le8i365z1 Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\9075u011mw is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\9075u011mw failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\9075u011mw Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\9dnrx894rn is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\9dnrx894rn failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\9dnrx894rn Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\a97j5e9m6o is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\a97j5e9m6o failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\a97j5e9m6o Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\Data is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\Data failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\Data Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\DownloadTemp is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\DownloadTemp failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\DownloadTemp Status: 0xc00000ba File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll deleted successfully. Error: C:\Programme\Gemeinsame Dateien\GMT\f7ihi17u3h is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\f7ihi17u3h failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\f7ihi17u3h Status: 0xc00000ba File C:\Programme\Gemeinsame Dateien\GMT\FillIn.wav deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\Gator.log deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe.manifest deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\Helper.wav deleted successfully. Error: C:\Programme\Gemeinsame Dateien\GMT\k19k629ena is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\k19k629ena failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\k19k629ena Status: 0xc00000ba File C:\Programme\Gemeinsame Dateien\GMT\mepbs.dat deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\mepcme.dat deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\mepcmeft.dat deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\mepgh.dat deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\mepimg.dat deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\meprca.dat deleted successfully. Error: C:\Programme\Gemeinsame Dateien\GMT\n59qvud14x is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\n59qvud14x failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\n59qvud14x Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\o67029g6qp is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\o67029g6qp failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\o67029g6qp Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\qk1nym94yb is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\qk1nym94yb failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\qk1nym94yb Status: 0xc00000ba File C:\Programme\Gemeinsame Dateien\GMT\RTA04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTA63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTB04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTB63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTC04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTC63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTD04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTD63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTE04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTE63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTF04720 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTF63730 deleted successfully. File C:\Programme\Gemeinsame Dateien\GMT\RTG04720 deleted successfully. Error: C:\Programme\Gemeinsame Dateien\GMT\scripts is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\scripts failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\scripts Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\ufz89g2f71 is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\ufz89g2f71 failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\ufz89g2f71 Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\xo921fzwjd is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\xo921fzwjd failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\xo921fzwjd Status: 0xc00000ba Error: C:\Programme\Gemeinsame Dateien\GMT\znxeeiydn5 is a folder, not a file! Deletion of file C:\Programme\Gemeinsame Dateien\GMT\znxeeiydn5 failed! Could not process line: C:\Programme\Gemeinsame Dateien\GMT\znxeeiydn5 Status: 0xc00000ba File C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL deleted successfully. File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng deleted successfully. File C:\WINDOWS\System32\P2P Networking\P2P Networking.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\gator.com not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\gator.com failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} deleted successfully. Completed script processing. ******************* Finished! Terminate. ----------------------- so.. bei 3. und 4. hat alles geklappt auer: ipwins .. war nicht da.. diese "RX Bar" und Network Monitor war auch nicht zufinden.. ----------------------------- jetz hijack.. Dieser Beitrag wurde am 18.06.2006 um 17:39 Uhr von Porlzum editiert.
|
|
|
||
18.06.2006, 17:36
Ehrenmitglied
Beiträge: 29434 |
#27
1.
fixe alle mit Hijackthis, was ich geschrieben hatte. + PC neustarten 2. Versteckte- und Systemdateien sichtbar machen http://virus-protect.org/invisible.html 3. loesche:..am besten im abgesicherten Modus ! C:\Programme\Gemeinsame Dateien\ifwm C:\Programme\Gemeinsame Dateien\GMT C:\Programme\Gemeinsame Dateien\STOPzilla! C:\Programme\Gemeinsame Dateien\InetGet C:\Programme\Gemeinsame Dateien\CMEII C:\WINDOWS\System32\P2P Networking C:\Programme\ipwins C:\Program Files\Sitecom deinstalliere/loesche: C:\Programme\PartyGaming ** 4. Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden fr: *Ignore *Remove --> Status: Deleted *Quarantaine whle immer Remove und starte den PC neu (dann kopiere den Scanreport ab (wirst du wahrscheinlich als Anhang posten muessen...siehe unten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2006, 17:40
Member
Beiträge: 56 |
#28
okay..
es waren einige, z.B. die ganzen O1er berhaupt nicht da.. habe demzufolge alle, die da waren, die du aufgelistet hast gelscht.. nun reboot und counterspy.. ergebnisse folgen.. SOO... Hier das Counterspy-LOG: Spyware Scan Details Start Date: 18.06.2006 18:18:15 End Date: 18.06.2006 19:36:08 Total Time: 1 hrs 17 mins 53 secs Detected spyware EUniverse Updater Hijacker more information... Details: EUniverse is an adware program that runs at startup, generates popup ads, and performs a number of spyware related functions such as transmitting personal information and hijacking Internet Explorer. Status: Deleted Infected files detected c:\programme\common files\updater\data1.dat c:\programme\common files\updater\data2.dat Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO DisplayName ATP HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO UninstallString regsvr32 /s /u "C:\WINDOWS\System32\ATPartners.dll" IST.ISTbar Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a users consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0 KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected c:\programme\kazaa\plugins.htm c:\programme\kazaa\thumbs.db c:\programme\kazaa\versions.dat c:\programme\kazaa\db\ctx4-031117.cab c:\programme\kazaa\db\data1024.dbb c:\programme\kazaa\db\data256.dbb c:\programme\kazaa\db\data4096.dbb c:\programme\kazaa\db\dmo4-031118.cab c:\programme\kazaa\db\np.tmp c:\programme\kazaa\db\tsi4-031223.cab c:\programme\kazaa\db\tss4.cab c:\programme\kazaa\my shared folder\[keygen] half life 2 episode one.exe Morpheus P2P Program more information... Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing. Status: Deleted webHancer Adware (General) more information... Details: webHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user. Status: Deleted Infected files detected c:\programme\webhancer\programs\license.txt c:\programme\webhancer\programs\readme.txt c:\programme\webhancer\programs\whagent.ini c:\programme\webhancer\programs\whinstaller.exe c:\programme\webhancer\programs\whsurvey.ini c:\programme\whinstall\license.txt c:\programme\whinstall\readme.txt c:\programme\whinstall\webhdll.dll c:\programme\whinstall\whagent.exe c:\programme\whinstall\whagent.ini c:\programme\whinstall\whiehlpr.dll c:\programme\whinstall\whsurvey.exe Looking-For.Home Search Assistant Hijacker more information... Details: Home Search Assistant is an Internet Explorer browser helper object (BHO) that changes the user's home page and modifes search results. It also spawns pop-ups on the desktop. Status: Deleted Infected files detected c:\dokumente und einstellungen\noname\favoriten\sites about\ab scissor.url c:\dokumente und einstellungen\noname\favoriten\sites about\broadband comparison.url c:\dokumente und einstellungen\noname\favoriten\sites about\credit counseling.url c:\dokumente und einstellungen\noname\favoriten\sites about\credit report.url c:\dokumente und einstellungen\noname\favoriten\sites about\crm software.url c:\dokumente und einstellungen\noname\favoriten\sites about\debt credit card.url c:\dokumente und einstellungen\noname\favoriten\sites about\escorts.url c:\dokumente und einstellungen\noname\favoriten\sites about\fha.url c:\dokumente und einstellungen\noname\favoriten\sites about\health insurance.url c:\dokumente und einstellungen\noname\favoriten\sites about\help desk software.url c:\dokumente und einstellungen\noname\favoriten\sites about\insurance home.url c:\dokumente und einstellungen\noname\favoriten\sites about\loan for debt consolidation.url c:\dokumente und einstellungen\noname\favoriten\sites about\loan for people with bad credit.url c:\dokumente und einstellungen\noname\favoriten\sites about\marketing email.url c:\dokumente und einstellungen\noname\favoriten\sites about\mortgage insurance.url c:\dokumente und einstellungen\noname\favoriten\sites about\mortgage life insurance.url c:\dokumente und einstellungen\noname\favoriten\sites about\nevada corporations.url c:\dokumente und einstellungen\noname\favoriten\sites about\online betting site.url c:\dokumente und einstellungen\noname\favoriten\sites about\online gambling casino.url c:\dokumente und einstellungen\noname\favoriten\sites about\online instant loan.url c:\dokumente und einstellungen\noname\favoriten\sites about\order phentermine.url c:\dokumente und einstellungen\noname\favoriten\sites about\payroll advance.url c:\dokumente und einstellungen\noname\favoriten\sites about\personal loans online.url c:\dokumente und einstellungen\noname\favoriten\sites about\personal loans with bad credit.url c:\dokumente und einstellungen\noname\favoriten\sites about\prescription drugs rx online.url c:\dokumente und einstellungen\noname\favoriten\sites about\refinancing my mortgage.url c:\dokumente und einstellungen\noname\favoriten\sites about\tahoe vacation rental.url c:\dokumente und einstellungen\noname\favoriten\sites about\unsecured bad credit loans.url c:\dokumente und einstellungen\noname\favoriten\sites about\videos.url c:\dokumente und einstellungen\noname\favoriten\sites about\what is hydrocodone.url Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I ObjectName LocalSystem SBSoft Hijacker more information... Status: Deleted Infected files detected c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\dating.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\dating1.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\desk.ini c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\finance.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\gambling.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\home.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\hot.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\kliksrch.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\mortgages.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\pharmaci.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\pharmacy.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\poker.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\privacy1.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\realest.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\search.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\sport.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\spyware.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\switch.ico c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\toolbar.ini c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\travel1.ico AntiLeech Plugin Adware (General) more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Deleted Infected files detected c:\programme\anti-leech\alie\al2np.dll c:\programme\anti-leech\alie\alhlp.exe c:\programme\anti-leech\alie\alie.dll c:\programme\anti-leech\alie\alie.inf c:\programme\anti-leech\alie\iesetup2.exe c:\programme\anti-leech\alie_1.0.1.9\al2np.dll c:\programme\anti-leech\alie_1.0.1.9\alhlp.exe c:\programme\anti-leech\alie_1.0.1.9\alie.dll c:\programme\anti-leech\alie_1.0.1.9\alie.inf c:\programme\anti-leech\alie_1.0.1.9\iesetup2.exe G:\Gesaugtes\ALPlugin-IEsetup.exe Infected registry entries detected HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in HKEY_CLASSES_ROOT\AntiLeech.ALIE HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1 HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.9\alie.dll HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1 HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7} HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.1.9\iesetup2.exe uninstall YourSiteBar Toolbar more information... Details: YourSiteBar from IST, the makers of numerous spyware threats, is an affiliate based marketing toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar installTitle YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar serverpath http://cache.ysbweb.com/ysb/xml/1005274/ HKEY_LOCAL_MACHINE\Software\YourSiteBar urlAfterInstall http://www.ysbweb.com/install/welcome.html HKEY_LOCAL_MACHINE\Software\YourSiteBar gUpdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar TBRowMode 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar UpdateBegin 0 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar DisplayName YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar UninstallString regsvr32 /u /s "C:\Programme\YourSiteBar\ysb.dll" HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar Publisher Integrated Seach Technologies HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HelpLink http://www.ysbweb.com HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} IYsbObj HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} IContextItem HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44} HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\0\win32 C:\Programme\YourSiteBar\ysb.dll HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\HELPDIR C:\Programme\YourSiteBar\ HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0 Ysb 1.0 Type Library HKEY_CLASSES_ROOT\Ysb.YsbObj HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar SlowInfoCache HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar Changed 0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never SurfAccuracy Adware (General) more information... Details: SurfAccuracy is an adware application that displays advertisements on the desktop and records keystrokes that are entered into certain search engines. Status: Deleted Infected files detected c:\programme\surfaccuracy\license.lnk c:\programme\surfaccuracy\sacc.cfg c:\programme\surfaccuracy\sacc.exe c:\programme\surfaccuracy\saccu.exe Infected registry entries detected HKEY_LOCAL_MACHINE\Software\SAcc HKEY_LOCAL_MACHINE\Software\SAcc accid 104 HKEY_LOCAL_MACHINE\Software\SAcc subaccid 1005274 HKEY_LOCAL_MACHINE\Software\SAcc Version 1178 HKEY_LOCAL_MACHINE\Software\SAcc InstallDate 1149113189 HKEY_LOCAL_MACHINE\Software\SAcc srecovery !ZpHc /Iw<"BCd؈F1 U}L9 HKEY_LOCAL_MACHINE\Software\SAcc CfgReloadAttempts 1 HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1150584558 HKEY_LOCAL_MACHINE\Software\SAcc SAData uid:cce5e59231363a54f8b37ee12096e750-cnt:49-t:1150541142;1150542075;-c:1525054;ce:1150627542|c:1518362;ce:1150628475|-mc:91081;mce:1150627542|- HKEY_LOCAL_MACHINE\Software\SAcc Counter 49 HKEY_LOCAL_MACHINE\Software\SAcc NextInvoke 1150542992 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString C:\Programme\SurfAccuracy\SAccU.exe HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc HelpLink http://www.surfaccuracy.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc Publisher Surf Accuracy Inc HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UrlInfoAbout http://www.surfaccuracy.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc NoRepair 1 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc Changed 0 PartyPoker Potentially Unwanted Program more information... Details: PartyPoker is an online gambling application that requires the user to download its software in order to play. Status: Deleted Infected files detected c:\programme\partygaming\partypoker\llh.dll c:\programme\partygaming\partypoker\notes.txt c:\programme\partygaming\partypoker\uninstall.exe c:\programme\partygaming\partypoker\articles\1.html c:\programme\partygaming\partypoker\articles\103.atc c:\programme\partygaming\partypoker\articles\105.atc c:\programme\partygaming\partypoker\articles\107.atc c:\programme\partygaming\partypoker\articles\109.atc c:\programme\partygaming\partypoker\articles\117.atc c:\programme\partygaming\partypoker\articles\139.atc c:\programme\partygaming\partypoker\articles\147.atc c:\programme\partygaming\partypoker\articles\157.atc c:\programme\partygaming\partypoker\articles\193.atc c:\programme\partygaming\partypoker\articles\201.atc c:\programme\partygaming\partypoker\articles\203.atc c:\programme\partygaming\partypoker\articles\205.atc c:\programme\partygaming\partypoker\articles\225.atc c:\programme\partygaming\partypoker\articles\235.atc c:\programme\partygaming\partypoker\articles\257.atc c:\programme\partygaming\partypoker\articles\283.atc c:\programme\partygaming\partypoker\articles\285.atc c:\programme\partygaming\partypoker\articles\29.atc c:\programme\partygaming\partypoker\articles\3.html c:\programme\partygaming\partypoker\articles\387.atc c:\programme\partygaming\partypoker\articles\409.atc c:\programme\partygaming\partypoker\articles\67.atc c:\programme\partygaming\partypoker\articles\77.atc c:\programme\partygaming\partypoker\articles\79.atc c:\programme\partygaming\partypoker\articles\89.atc c:\programme\partygaming\partypoker\articles\91.atc c:\programme\partygaming\partypoker\articles\97.atc c:\programme\partygaming\partypoker\articles\99.atc c:\programme\partygaming\partypoker\tmpupgrade\install.log c:\programme\partygaming\partypoker\tmpupgrade\upgradepp90-94man.exe c:\programme\partygaming\partypoker\tmpupgrade\upgradepp91-92man.exe c:\programme\partygaming\partycasino\images\.#version.txt.1.17.2.14 c:\programme\partygaming\partycasino\images\games\cardgames\c95.gif c:\programme\partygaming\partycasino\images\games\cardgames\rr.bmp c:\programme\partygaming\partycasino\images\loading.gif c:\programme\partygaming\partycasino\images\system_but_bingo.jpg c:\programme\partygaming\partycasino\images\system_but_gammon.jpg c:\programme\partygaming\partycasino\images\thumbs.db c:\programme\partygaming\partycasino\images\version.jar Infected registry entries detected HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InstallState 0 HKEY_CURRENT_USER\Software\PartyGaming\Partypoker AppPath c:\programme\partygaming\PartyGaming.exe HKEY_CURRENT_USER\Software\PartyGaming\Partypoker id HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InitialPort HKEY_CURRENT_USER\Software\PartyGaming\Partypoker useCount HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHEnableLog HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHLogDays HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHLogSize HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InitialIP HKEY_CURRENT_USER\Software\PartyGaming\Partypoker ScreenName HKEY_CURRENT_USER\Software\PartyGaming\Partypoker TableType HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableSounds HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCardAnimations HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCongratulations HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCallOuts HKEY_CURRENT_USER\Software\PartyGaming\Partypoker DisableMouseHelp HKEY_CURRENT_USER\Software\PartyGaming\Partypoker FourColourDeck HKEY_CURRENT_USER\Software\PartyGaming\Partypoker DisableCharacters HKEY_CURRENT_USER\Software\PartyGaming\Partypoker MuckLosingHand HKEY_CURRENT_USER\Software\PartyGaming\Partypoker ShowMyCity HKEY_CURRENT_USER\Software\PartyGaming\Partypoker ST HKEY_CURRENT_USER\Software\PartyGaming\Partypoker STR HKEY_CURRENT_USER\Software\PartyGaming\Partypoker SearchHiding HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 0 HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeFileDate HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UserName HKEY_CURRENT_USER\Software\PartyGaming\Partypoker Password HKEY_CURRENT_USER\Software\PartyGaming\Partypoker Remember HKEY_CURRENT_USER\Software\PartyGaming\Partypoker BlackjackSounds HKEY_CURRENT_USER\Software\PartyGaming\Partypoker BlackjackVoice HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 1 HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 2 HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 3 HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 4 HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 5 HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 6 HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeFile HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeInstalled FullContext.EQAdvice Adware (General) more information... Details: FullContext.EQAdvice is an advertising program that displays ads and allows the installation of other adware. Status: Deleted Infected files detected c:\programme\windows\winupdate.exe c:\programme\windows\winupdate.fld C:\Programme\NetMeeting\nac.exe C:\Programme\NetMeeting\nmasnt.exe Yazzle.SnowBallWars Misc (General) more information... Details: Yazzle.SnowBallWars is an ad supported desktop game. Status: Deleted Infected files detected c:\programme\snowball wars\license.txt c:\programme\snowball wars\uninstaller.exe c:\programme\snowball wars\ FavoriteMan Browser Plug-in more information... Details: FavoriteMan is an Internet Explorer Browser Helper Object (BHO) that intermittently connects to its controlling servers which may direct it to download and install other programs and add entries to the IE Favorites menu or background Desktop. Status: Deleted Infected files detected c:\windows\system32\im64.dll ATGames Adware (General) more information... Details: Since At-Games.com has very limited desirable features, and includes a remote installer and updater, we highly recommend this software be removed from your machine. Status: Deleted Infected files detected c:\windows\downloaded program files\atpartners.inf c:\windows\system32\splwbr.dll IncrediFind Adware (General) more information... Details: IncrediFind is an Internet Explorer browser helper object that changes your Internet Explorer error page to sirsearch.com and displays popup advertising. Status: Deleted Infected files detected c:\windows\system32\drivers\etc\hosts.bho Twain Tech Adware (General) more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a users browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Deleted Infected files detected c:\windows\inf\alchem.inf c:\windows\smdat32a.sys eZula.WebOffer Adware (General) more information... Status: Deleted Infected files detected c:\windows\woinstall.exe Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\TypeLib {BAF13496-8F72-47A1-9CEE-09238EFC75F0} HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} IAtlBrCon HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}\1.0\0\win32 C:\PROGRA~1\WEBOFF~1\apev.exe HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}\1.0\HELPDIR C:\PROGRA~1\WEBOFF~1\ HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}\1.0 AtlBrowser 1.0 Type Library WindUpdates Browser Plug-in more information... Details: WindUpdates is an adware application that installs as a browser plug-in and displays advertising on the desktop. Status: Deleted Infected files detected c:\windows\system32\ide21201.vxd ABetterInternet.Transponder.Ceres Adware (General) more information... Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet. Status: Deleted Infected files detected c:\windows\abiuninst.htm SearchNugget.DNSCatcher Browser Plug-in more information... Details: SearchNugget.DNSCatcher is a browser helper object (BHO) for Internet Explorer that redirect search results. Status: Deleted Infected files detected c:\programme\dns\affid.dat c:\programme\dns\cwebpage.dll c:\programme\dns\x.bmp c:\programme\dns\catcher.dll c:\programme\dns\uid.dat c:\programme\dns\urls.dat C:\Programme\Gemeinsame Dateien\services.exe Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C} HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}\TypeLib {FFF24F28-3AE2-46CD-AEBE-2F625133A1CA} HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C} _IIEWebCatcherEvents HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878} HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\TypeLib {FFF24F28-3AE2-46CD-AEBE-2F625133A1CA} HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878} IIEWebCatcher HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA} HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\0\win32 C:\Programme\DNS\Catcher.dll HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\HELPDIR C:\Programme\DNS\ HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0 IECatcher 1.0 Type Library HKEY_CURRENT_USER\Software\DNS HKEY_CURRENT_USER\Software\DNS UID {7C9C2979-07CD-1031-1007-030723030031} HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\InprocServer32 C:\Programme\DNS\Catcher.dll HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\ProgID IECatcher.IEWebCatcher.1 HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\TypeLib {FFF24F28-3AE2-46CD-AEBE-2F625133A1CA} HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\VersionIndependentProgID IECatcher.IEWebCatcher HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} IEWebCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} Internet Explorer Web Content Catcher HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher\CLSID {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher\CurVer IECatcher.IEWebCatcher.1 HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher IEWebCatcher Class HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher.1 HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher.1\CLSID {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher.1 IEWebCatcher Class HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\Programmable HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\0\win32 C:\Programme\DNS\Catcher.dll UnspecifiedTrojans.01 Trojan more information... Status: Deleted Infected files detected c:\windows\netdx.dat WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected files detected c:\programme\save\acm.dll c:\programme\save\saveuninst.exe c:\programme\save\save.htm Infected registry entries detected HKEY_CLASSES_ROOT\ACM.ACMFactory HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1 HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} CWS.SearchAssistant Adware (General) more information... Status: Deleted Infected files detected c:\dokumente und einstellungen\noname\favoriten\sites about\ab scissor.url c:\dokumente und einstellungen\noname\favoriten\sites about\broadband comparison.url c:\dokumente und einstellungen\noname\favoriten\sites about\credit counseling.url c:\dokumente und einstellungen\noname\favoriten\sites about\credit report.url c:\dokumente und einstellungen\noname\favoriten\sites about\crm software.url c:\dokumente und einstellungen\noname\favoriten\sites about\debt credit card.url c:\dokumente und einstellungen\noname\favoriten\sites about\escorts.url c:\dokumente und einstellungen\noname\favoriten\sites about\fha.url c:\dokumente und einstellungen\noname\favoriten\sites about\help desk software.url c:\dokumente und einstellungen\noname\favoriten\sites about\insurance home.url c:\dokumente und einstellungen\noname\favoriten\sites about\loan for debt consolidation.url c:\dokumente und einstellungen\noname\favoriten\sites about\loan for people with bad credit.url c:\dokumente und einstellungen\noname\favoriten\sites about\marketing email.url c:\dokumente und einstellungen\noname\favoriten\sites about\mortgage insurance.url c:\dokumente und einstellungen\noname\favoriten\sites about\mortgage life insurance.url c:\dokumente und einstellungen\noname\favoriten\sites about\nevada corporations.url c:\dokumente und einstellungen\noname\favoriten\sites about\online betting site.url c:\dokumente und einstellungen\noname\favoriten\sites about\online gambling casino.url c:\dokumente und einstellungen\noname\favoriten\sites about\online instant loan.url c:\dokumente und einstellungen\noname\favoriten\sites about\order phentermine.url c:\dokumente und einstellungen\noname\favoriten\sites about\payroll advance.url c:\dokumente und einstellungen\noname\favoriten\sites about\personal loans online.url c:\dokumente und einstellungen\noname\favoriten\sites about\personal loans with bad credit.url c:\dokumente und einstellungen\noname\favoriten\sites about\prescription drugs rx online.url c:\dokumente und einstellungen\noname\favoriten\sites about\refinancing my mortgage.url c:\dokumente und einstellungen\noname\favoriten\sites about\tahoe vacation rental.url c:\dokumente und einstellungen\noname\favoriten\sites about\unsecured bad credit loans.url c:\dokumente und einstellungen\noname\favoriten\sites about\videos.url c:\dokumente und einstellungen\noname\favoriten\sites about\what is hydrocodone.url TargetSaver Trojan Downloader more information... Details: TargetSaver is a process run at Windows startup, which opens pop-ups. Status: Deleted Infected files detected c:\windows\system32\tsuninst.exe Freeprod Toolbar Toolbar more information... Details: Freeprod is an adware application that installs a Internet Explorer Toolbar and may hijack search results. Status: Deleted Infected files detected c:\programme\windows\winupdate.fld C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\nse2.tmp\nsProcess.dll C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\nsmC.tmp\nsProcess.dll C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\nso2.tmp\nsProcess.dll Trojan.Delf Trojan Downloader more information... Details: A Trojan Downloader that is also known to be bundled with/or downlaod additional adware programs that spawn popups, or hijack browser settings. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\NoName\Eigene Dateien\Temp\svchost.exe RBot.steam Trojan more information... Status: Deleted Infected files detected C:\Games\russn16\Russn16\platform\steam_dev.exe Admilli Service Potentially Dangerous Tool more information... Status: Deleted Infected files detected C:\Program Files\Admilli Service\AdmilliComm.dll C:\Program Files\Admilli Service\AdmilliKeep.exe Desk Ad Service Adware (General) more information... Details: A WindUpdates variant responsible for downloading adware programs. Status: Deleted Infected files detected C:\Program Files\DeskAd Service\DeskAdKeep.exe Ultra Remote Control v2.6.8 Commercial Remote Control Tool more information... Details: User can connects to the remote computer over the network and, having the remote computer's desktop on the screen of their own PC, launches programs, can changes computer settings by using their own keyboard and mouse. Status: Deleted Infected files detected C:\Programme\BPFTP Server\bpftpserver-service.exe NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Deleted Infected files detected C:\WINDOWS\NDNuninstall6_30.exe Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Deleted Infected files detected C:\WINDOWS\system32\P2P Networking v124.cpl Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\LocalServer32 C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\ProgID JCDE_Stack.1 HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\VersionIndependentProgID JCDE_Stack HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} P2P Stack for Joltid Content Distribution Environment HKEY_CLASSES_ROOT\JCDE_Stack HKEY_CLASSES_ROOT\JCDE_Stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\JCDE_Stack\CurVer JCDE_Stack.1 HKEY_CLASSES_ROOT\JCDE_Stack P2P Stack for Joltid Content Distribution Environment HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\NumMethods 17 HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} JCDE_ISystem HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 43474 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 13 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 13 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1150040596 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ..... . .... .. ... .. . HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 217.68.181.115:1093 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 43474 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 13 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 13 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10001 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 43474 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 13 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 13 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1150040596 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ..... . .... .. ... .. . HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 217.68.181.115:1093 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1150585543 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID -1817930536 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1150627099 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent DLStats HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1150040596 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ..... . .... .. ... .. . HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1150585543 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344 HKEY_CURRENT_USER\software\p2p networking HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10001 Image HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 43474 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 13 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 13 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1150040596 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History ..... . .... .. ... .. . HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 217.68.181.115:1093 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 604800 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1150585543 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID -1817930536 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1150627099 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent DLStats HKEY_CLASSES_ROOT\JCDE_Stack.1 HKEY_CLASSES_ROOT\JCDE_Stack.1\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\JCDE_Stack.1 P2P Stack for Joltid Content Distribution Environment AvenueMedia.InternetOptimizer Browser Plug-in more information... Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj BHObj Class HKEY_CURRENT_USER\software\policies\avenue media HKEY_CURRENT_USER\software\avenue media HKEY_LOCAL_MACHINE\software\policies\avenue media HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt eZula.TopText Adware (General) more information... Details: eZula TopText is a browser hijacker that will alter all pages viewed in Internet Explorer by adding extra links to words and phrases targeted by advertisers. These links are unauthorized by the users of the sites being viewed and not part of the orig Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\drs.n HKEY_CLASSES_ROOT\drs.n uID Blazefind Browser Plug-in more information... Details: Blazefind installs itself as a Browser Helper Object in Internet Explorer and redirects search queries that you use in search engine as well as hijacks your Internet Explorer settings. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA installFolder C:\Program Files\WindowsSA\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA installFolderBAND C:\Windows\System32\ MediaTickets CDT Adware (General) more information... Details: MediaTickets CDT is an adware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx eBates.Moe MoneyMaker Adware (General) more information... Details: Ebates MoneyMaker is an adware program that displays a number of popup adverts. Ebates MoneyMaker tries to disable programs that might interfere with its operation without your consent. This includes popup blockers. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavings0.xml HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavings0.xml Web Savings from Ebates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavings0.xml DisplayName Web Savings from Ebates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavings0.xml UninstallString javaw -cp "C:\Programme\WebSavingsfromEbates\System\Code" Main lp: "C:\Programme\WebSavingsfromEbates" ls: deletefeature ld: feature=ebateswebsav KeenValue PerfectNav Hijacker more information... Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\perfectnav HKEY_LOCAL_MACHINE\software\perfectnav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003 HKEY_LOCAL_MACHINE\software\perfectnav UID 20F1DA28-B7EA-4149-A2E0-5DA196467424 HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003 IST.PowerScan Adware (General) more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest Cydoor.TOPicks Adware (General) more information... Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\NumMethods 6 HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} JCDE_IChannel HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\NumMethods 3 HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} JCDE_IEventSink_Channel HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\NumMethods 7 HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} JCDE_IMessageHandler HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\NumMethods 24 HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} JCDE_IFile HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\NumMethods 4 HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} JCDE_IEventSink_File IST.SlotchBar Toolbar more information... Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0 Windows SyncroAd Trojan more information... Details: Windows SyncroAd downloads files from the Internet and then saves them to the users computer. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Windows SyncroAd HKEY_LOCAL_MACHINE\SOFTWARE\Windows SyncroAd param dbfd91f95ed167ff712ff79354266803bd4598ad8c2133:6534303263376363636434633865663335393461363261383963383438306366:Internet Explorer:6.0 SP1Q828750Q330994(onlineTV):winxp: Windows AdTools Adware (General) more information... Details: Windows AdTools is an ad delivery software which provides targeted advertising offers. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdTools HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdTools UninstallString C:\Program Files\Windows AdTools\WinAdTools.exe /Remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdTools DisplayName Windows AdTools SearchRelevancy Adware (General) more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\searchrelevancy HKEY_LOCAL_MACHINE\software\searchrelevancy\Update TimeStamp 1105395792 HKEY_LOCAL_MACHINE\software\searchrelevancy ID 8F5B7A9F ABetterInternet.Aurora Adware (General) more information... Details: ABetterInternet.Aurora is an adware program that spawns pop-ups on the desktop based on the user's browsing. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon Driver DrPMon.dll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ObjectName LocalSystem HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc DisplayName System Startup Service HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Start 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Type 16 HKEY_CURRENT_USER\Software\aurora AUS3t5atusOfSInst axed HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1 HKEY_CURRENT_USER\Software\aurora AUT3h5rshSysSInf 2000 HKEY_CURRENT_USER\Software\aurora AUT3h5rshSBath 10000 HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSLstest 0 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSCab 0 HKEY_CURRENT_USER\Software\aurora AUT3h5rshSMots 100 HKEY_CURRENT_USER\Software\aurora AUT3h5rshSCheckSIn 45 HKEY_CURRENT_USER\software\aurora auc3u5rrentsmode HKEY_CURRENT_USER\software\aurora aue3v5nt HKEY_CURRENT_USER\software\aurora aui3d5ofsinst HKEY_CURRENT_USER\software\aurora aui3g5nores HKEY_CURRENT_USER\software\aurora aui3n5progscab HKEY_CURRENT_USER\software\aurora aui3n5progsex HKEY_CURRENT_USER\software\aurora aus3t5atusofsinst HKEY_CURRENT_USER\software\aurora aus3t5icky1s HKEY_CURRENT_USER\software\aurora aus3t5icky2s HKEY_CURRENT_USER\software\aurora aus3t5icky3s HKEY_CURRENT_USER\software\aurora aut3h5rshsmots HKEY_CURRENT_USER\software\aurora aut3h5rshsyssinf HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon Driver DrPMon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Contact admin@mypctuneup.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 HelpLink http://www.mypctuneup.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Publisher ABI Network-A Division of Direct Revenue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 URLInfoAbout http://www.abetterinternet.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 DisplayName The ABI Network- A Division of Direct Revenue HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60 HKEY_CURRENT_USER\Software\aurora HKEY_CURRENT_USER\Software\aurora AUI3d5OfSDist 172|1|0|0|THIN-172-1-X-X.EXE HKEY_CURRENT_USER\Software\aurora AUI3d5OfSInst {40BAC266-A837-41CC-B8C5-EC279B3CB924} HKEY_CURRENT_USER\Software\aurora AUC3n5trMsgSDisp 15 HKEY_CURRENT_USER\Software\aurora AUs3t5icky1S lflshdt%3D1117878023%26capdatedy%3D0618%26lstlogdt%3D20050618%26capdate%3D1819%26capcntdy%3D3%260%3D%26cntp%3Dcable%26capcnt%3D0%26 HKEY_CURRENT_USER\Software\aurora AUs3t5icky2S 0%3D%26fstcidt%3D1117878023739%26 HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 1-1119091723-10767:352416:9129:172261:11051:172800:9370:7110:10781:299588:10825:45957:6612:8711:9083:85918:10813:93285:10766:352817:9233:2845:10812:89006-53068:175557:50471:352817:50545:89006:50472:352416:50 HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 1-6472:5:165.159-8990:2:168.362-6457:115:169.297-6468:4:166.386-6466:14:169.295-19234:2:165.349-8083:2:161.225-8080:27:166.391-6542:4:165.313-775:3:168.378-23499:7:168.375-6467:1:157.246-7985:10:163.423-1931 HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 1 HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 1119091723|0|0|0|0|1119091241|0|1119012433|0| HKEY_CURRENT_USER\Software\aurora AUD3s5tSSEnd ͐̐ݾܜ HKEY_CURRENT_USER\Software\aurora AU3N5a7tionSCode DE HKEY_CURRENT_USER\Software\aurora AUP3D5om ̑ HKEY_CURRENT_USER\Software\aurora AUT3h5rshSCheckSIn 45 HKEY_CURRENT_USER\Software\aurora AUT3h5rshSMots 100 HKEY_CURRENT_USER\Software\aurora AUM3o5deSSync 9 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSCab 0 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0 HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSLstest 0 HKEY_CURRENT_USER\Software\aurora AUB3D5om ܙ HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0 HKEY_CURRENT_USER\Software\aurora AUT3h5rshSBath 10000 HKEY_CURRENT_USER\Software\aurora AUT3h5rshSysSInf 2000 HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60 HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1 HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 1 HKEY_CURRENT_USER\Software\aurora AUI3g5noreS ܙԌܙܙܙ HKEY_CURRENT_USER\Software\aurora AUS3t5atusOfSInst axed HKEY_CURRENT_USER\Software\aurora AUL3a5stMotsSDay 18 HKEY_CURRENT_USER\Software\aurora AUL3a5stSSChckin 47692 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 UninstallString C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\abiuninst.htm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 DisplayName The ABI Network- A Division of Direct Revenue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 URLInfoAbout http://www.abetterinternet.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Publisher ABI Network-A Division of Direct Revenue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 HelpLink http://www.mypctuneup.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Contact admin@mypctuneup.com HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Dieser Beitrag wurde am 18.06.2006 um 23:27 Uhr von Porlzum editiert.
|
|
|
||
18.06.2006, 23:22
Ehrenmitglied
Beiträge: 29434 |
#29
nun poste den rest.... (du solltest doch das log als Anhang posten ! )
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.06.2006, 23:26
Member
Beiträge: 56 |
#30
hh?
hab das log doch schon gepostet.. halt nur nich als anhang.. (is stink normal in meinem hervorigem post..) |
|
|
||
Hab den selben Virus auch..(nur gibts bei mir diese guart.tmp nich..)
mein AntiVir zeigt mir den TR/Dldr.Small.buy.1 an..(immer unter dem file: MTE3NDI6ODoxNg.exe vertreten)
joar.. und dann kme noch so etwas unter dem dem File: edit[2].php vor..
dies zeigt mir Antivir als "HTML/Exploit.Mhtml" -virus an...
Nun denn, beide habe ich versucht zu lschen.. sowohl durch viren-proggie als auch manuell, auch im abgesicherten modus..
und im "msconfig" war es leider auch nicht zu finden, wenn ich richtig geguckt habe..
Wre echt genial, wenn jemand helfen knnte, wie ich nun verfahre..
mein rechner ist seit tagen lame und am dauerndem band hat man mit 10 und mehreren pop-ups zu kmpfen..
auerdem ist im Win-Task-Manager folgende datei mit einer Dauer-CPU-Belastung von 99 dabei:
SZServer.exe unter Benutzername: SYSTEM
vielen dank im voraus,
porlzum wars
edit: Die SZServer.exe war irgendwie von STOPzilla! ..
habe demzufolge erstmal STOPzilla! deinstalliert um die CPU zu entlasten..
2. edit:
habe nun mit HijackThis nen scan gemacht und folgende log:
Logfile of HijackThis v1.99.1
Scan saved at 03:23:57, on 18.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\Wsr\WinsysRsr.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\Programme\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\ipwins\ipwins.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\PeerGuardian pr14\wunins000.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\Temporres Verzeichnis 1 fr hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.no-empathy.de.vu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\programme\steganos internet anonym 2006\sia2006iep.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinsysRsr] C:\Programme\Wsr\WinsysRsr.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TrafMonitor] C:\Programme\TrafMeter\trafmonitor.exe /logon
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MediaFace Integration] C:\Programme\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LAN Driver] landriver32.exe
O4 - HKLM\..\Run: [Click2Share] C:\Program Files\Sitecom\C2SLoad.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [javaqq32.exe] C:\WINDOWS\system32\javaqq32.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Programme\FarStone\GameDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!"$%] C:\WINDOWS\System32\dllhost.exe
O4 - HKLM\..\Run: [IpWins] C:\Programme\ipwins\ipwins.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [LAN Driver] landriver32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LAN Driver] landriver32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] "h:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [!"$%] C:\WINDOWS\System32\dllhost.exe
O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-110-12-0000228.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Programme\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: concept/design's onlineTV - {20D62373-FA7E-433E-B7B1-CD84A1A158AE} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_58.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/153c388f13eae9268814/netzip/RdxIE601_de.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c5.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://de.encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\wuaclt.dll
O20 - Winlogon Notify: Shell - C:\WINDOWS\system32\irrml5911.dll
O21 - SSODL: UZAdZMTDmDH - {7C9C297A-D636-83D0-87E8-FA1487E4178F} - C:\WINDOWS\System32\fq.dll (file missing)
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\winmx.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QU1E\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)