Home » Viren, Trojaner & Malware Forum » Jetzt hat es mich auch mit den pop ups erwischt » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3 4 5 Letzte Seite

Antworten

Jetzt hat es mich auch mit den pop ups erwischt

18.06.2006, 01:30

Porlzum

Member

Beiträge: 56

#16 Hallöchen!

Hab den selben Virus auch..(nur gibts bei mir diese guart.tmp nich..)
mein AntiVir zeigt mir den TR/Dldr.Small.buy.1 an..(immer unter dem file: MTE3NDI6ODoxNg.exe vertreten)
joar.. und dann käme noch so etwas unter dem dem File: edit[2].php vor..
dies zeigt mir Antivir als "HTML/Exploit.Mhtml" -virus an...
Nun denn, beide habe ich versucht zu löschen.. sowohl durch viren-proggie als auch manuell, auch im abgesicherten modus..
und im "msconfig" war es leider auch nicht zu finden, wenn ich richtig geguckt habe..

Wäre echt genial, wenn jemand helfen könnte, wie ich nun verfahre..
mein rechner ist seit tagen lame und am dauerndem band hat man mit 10 und mehreren pop-ups zu kämpfen..
außerdem ist im Win-Task-Manager folgende datei mit einer Dauer-CPU-Belastung von 99 dabei:
SZServer.exe unter Benutzername: SYSTEM

vielen dank im voraus,

porlzum war´s

edit: Die SZServer.exe war irgendwie von STOPzilla! ..
habe demzufolge erstmal STOPzilla! deinstalliert um die CPU zu entlasten..

2. edit:
habe nun mit HijackThis nen scan gemacht und folgende log:

Logfile of HijackThis v1.99.1
Scan saved at 03:23:57, on 18.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Programme\Wsr\WinsysRsr.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\Programme\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\ipwins\ipwins.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\PeerGuardian pr14\wunins000.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.no-empathy.de.vu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\programme\steganos internet anonym 2006\sia2006iep.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinsysRsr] C:\Programme\Wsr\WinsysRsr.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TrafMonitor] C:\Programme\TrafMeter\trafmonitor.exe /logon
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MediaFace Integration] C:\Programme\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LAN Driver] landriver32.exe
O4 - HKLM\..\Run: [Click2Share] C:\Program Files\Sitecom\C2SLoad.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [javaqq32.exe] C:\WINDOWS\system32\javaqq32.exe
O4 - HKLM\..\Run: [RAMDrive] "C:\Programme\FarStone\GameDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!"§$%] C:\WINDOWS\System32\dllhost.exe
O4 - HKLM\..\Run: [IpWins] C:\Programme\ipwins\ipwins.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [LAN Driver] landriver32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LAN Driver] landriver32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Steam] "h:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [!"§$%] C:\WINDOWS\System32\dllhost.exe
O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-110-12-0000228.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Programme\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: concept/design's onlineTV - {20D62373-FA7E-433E-B7B1-CD84A1A158AE} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_58.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/153c388f13eae9268814/netzip/RdxIE601_de.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c5.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://de.encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\wuaclt.dll
O20 - Winlogon Notify: Shell - C:\WINDOWS\system32\irrml5911.dll
O21 - SSODL: UZAdZMTDmDH - {7C9C297A-D636-83D0-87E8-FA1487E4178F} - C:\WINDOWS\System32\fq.dll (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winmx.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QU1E\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Dieser Beitrag wurde am 18.06.2006 um 03:36 Uhr von Porlzum editiert.

18.06.2006, 12:16

Sabina

Ehrenmitglied

Beiträge: 29434

#17 formatieren geht schneller...der Rechner ist voellig verseucht............

-----------------------------------------------------------------
1.
Look2Me-Destroyer V1.0.5 - abarbeiten
http://virus-protect.org/l2mfix.html

2.
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

3.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

4.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

5.
echo.zip
entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren
http://virus-protect.org/bat/echo.zip

6.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\ipwins" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\WINDOWS\System32\P2P Networking" >>files.txt
dir "C:\Programme\Wsr" >>files.txt
dir "C:\WINDOWS\QU1E" >>files.txt
dir "C:\Program Files\Sitecom" >>files.txt
dir "C:\Programme\PartyGaming\PartyPoker" >>files.txt
dir "C:\Programme\Fellowes\MediaFACE 4.0" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 13:04

Porlzum

Member

Beiträge: 56

#18 1.,2. u 3. erledigt..

4.:

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\system32

18.06.2006 02:44 236.077 FG20DEU.DLL
18.06.2006 01:04 50.176 hosts
15.06.2006 19:58 2.206 wpa.dbl
04.06.2006 14:52 2 wcpit.exe
01.06.2006 00:06 9.202 frameori1604.exe
01.06.2006 00:06 28.671 drsmartload261a.exe
01.06.2006 00:04 81.920 wuaclt.dll
01.06.2006 00:03 687.592 atmtd.dll._
01.06.2006 00:03 687.592 atmtd.dll
28.05.2006 19:18 0 nvapps.xml
16.04.2006 02:51 21.840 SIntfNT.dll
16.04.2006 02:51 17.212 SIntf32.dll
16.04.2006 02:51 12.067 SIntf16.dll
26.03.2006 13:31 52.764 perfc009.dat
26.03.2006 13:31 380.350 perfh009.dat
26.03.2006 13:31 391.000 perfh007.dat
26.03.2006 13:31 63.580 perfc007.dat
26.03.2006 13:31 897.954 PerfStringBackup.INI
25.03.2006 23:51 7.006 jupdate-1.5.0_06-b05.log

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\DOKUME~1\NoName\LOKALE~1\Temp

18.06.2006 12:59 0 WER12.tmp
18.06.2006 12:55 0 WERA.tmp
2 Datei(en) 0 Bytes
0 Verzeichnis(se), 1.373.491.200 Bytes frei

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS

18.06.2006 12:57 0 0.log
18.06.2006 12:57 50 wiaservc.log
18.06.2006 12:57 159 wiadebug.log
18.06.2006 12:56 2.048 bootstat.dat
18.06.2006 12:17 32.554 SchedLgU.Txt
18.06.2006 03:20 1.167 win.ini
18.06.2006 03:20 332 system.ini
18.06.2006 03:19 1.590.198 ntbtlog.txt
18.06.2006 01:43 0 lijyxip.exe
18.06.2006 01:43 2.855 lijyxip.PIF
18.06.2006 01:04 0 keyboard1.dat
18.06.2006 01:04 50.176 hosts
14.06.2006 00:20 54.156 QTFont.qfn
13.06.2006 14:34 578.560 warebundle.exe
12.06.2006 17:09 1.409 QTFont.for
12.06.2006 08:25 711 M3JPEG.INI
11.06.2006 01:29 133.243 setupapi.log
08.06.2006 16:51 444.371 wmsetup.log
04.06.2006 17:17 0 musicmaker.INI
04.06.2006 16:25 216 muma2003.INI
01.06.2006 00:06 16.384 hqpltsp.exe
01.06.2006 00:03 43 drsmartload2.dat
01.06.2006 00:03 28.672 drsmartload849a.exe
01.06.2006 00:03 28.672 drsmartload46a.exe
01.06.2006 00:03 28.672 drsmartload45a.exe
01.06.2006 00:03 0 newname.dat
01.06.2006 00:03 40 teller2.chk
18.04.2006 20:22 1.314 setupact.log
18.04.2006 17:22 185.645 patcher.exe
18.04.2006 17:16 25.660 shell32.exe
16.04.2006 22:42 9.096 dr.exe
16.04.2006 18:32 8.704 user32.exe
11.04.2006 16:08 440.746 DirectX.log

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\

18.06.2006 13:03 0 sys.txt
18.06.2006 13:03 13.994 system.txt
18.06.2006 13:03 329 systemtemp.txt
18.06.2006 13:02 113.744 system32.txt
18.06.2006 12:58 9.228 MTE3NDI6ODoxNg.exe
18.06.2006 12:58 61.440 drsmartload1.exe
18.06.2006 12:56 805.306.368 pagefile.sys
18.06.2006 03:20 194 boot.ini
15.06.2006 20:11 59.597 Mendoza1.exe
13.06.2006 21:20 40.960 defender26.exe
10.06.2006 13:19 36.864 defender23a.exe
06.06.2006 23:37 28.672 drsmartload46a.exe
06.06.2006 23:37 28.672 drsmartload45a.exe
01.06.2006 18:50 32.768 keyboard25.exe
01.06.2006 18:50 40.960 defender25.exe
01.06.2006 18:50 57.344 newname25.exe
01.06.2006 00:08 0 tool5.exe
01.06.2006 00:08 0 ms1.exe
01.06.2006 00:07 0 tool4.exe
01.06.2006 00:07 0 tool3.exe
01.06.2006 00:07 0 tool1.exe
01.06.2006 00:07 0 toolbar.exe
01.06.2006 00:06 0 country.exe
01.06.2006 00:03 29.251 mc-110-12-0000228.exe
01.06.2006 00:03 578.560 warebundle.exe
01.06.2006 00:03 310.122 Trelew.exe
01.06.2006 00:03 28.672 drsmartload849a.exe
01.06.2006 00:03 57.344 newname24.exe
01.06.2006 00:03 28.672 keyboard24.exe
01.06.2006 00:02 36.864 defender24.exe
01.06.2006 00:00 0 tool2.exe
01.06.2006 00:00 0 kl1.exe
01.06.2006 00:00 0 uniq
16.04.2006 22:42 9.096 Program.exe
16.04.2006 22:42 9.096 my.exe
16.04.2006 22:42 9.096 documents.exe
11.04.2006 17:20 15.542 GF_Excpt.txt
09.04.2006 16:31 1 DXOkay.bin

---------------------------------------------------------------
5.:

10)DPF????
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\Downloaded Program Files

26.04.2004 14:25 403 ATPartners.inf
19.11.2004 00:32 4.372 basis.xml
22.11.2004 18:12 <DIR> Cache
01.12.2004 09:41 935.712 cardsV2.dll
01.12.2004 09:39 243 cardsV2.inf
22.11.2004 18:13 <DIR> CONFLICT.1
18.06.2006 02:42 <DIR> CONFLICT.2
11.10.2000 17:49 49.152 CPSurVid.dll
03.09.2003 09:09 1.003.520 EPScontrol.dll
03.09.2003 09:06 530 EPScontrol.inf
16.03.2005 09:09 1.115.848 EPUWALcontrol.dll
15.03.2005 12:59 539 EPUWALcontrol.inf
24.01.2005 11:38 1.249 erma.inf
16.06.2004 17:03 355.955 ICQVideoControl.dll
08.06.2004 12:26 268 ICQVideoControl.inf
29.01.2004 16:02 409 ITDetector.inf
03.02.2004 11:26 49.152 ITDetector.ocx
25.08.2003 18:12 1.096 iuctl.inf
19.09.2003 16:58 819 kdx.inf
06.02.2001 12:30 302 MSSurVid.inf
11.10.2000 17:49 110.592 MSSurVid.ocx
05.11.2003 08:04 228 odyssey_webmoo.inf
22.08.2003 21:10 226 opuc.inf
31.05.2005 02:07 569 OSD15.OSD
09.10.2003 11:32 144 QTPlugin.inf
28.01.2004 12:14 524.445 RdxIE.dll
29.05.2002 23:12 9.488 sporder_.dll
27.08.2005 14:30 5.065 swflash.inf
02.12.2004 14:29 22.528 WinAdServX.dll
29.08.2003 15:55 2.136 WMAVAX.inf
30.06.2003 23:41 1.689 WMV9VCM.inf
04.11.2004 15:59 499.712 xtoolbar.dll
29 Datei(en) 4.696.391 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\Cache

22.11.2004 18:12 <DIR> .
22.11.2004 18:12 <DIR> ..
22.11.2004 18:12 173 4b4f1943e4e37fa06b7247718d4a15ed.xml
1 Datei(en) 173 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1

22.11.2004 18:13 <DIR> .
22.11.2004 18:13 <DIR> ..
19.11.2004 00:32 4.372 basis.xml
22.11.2004 18:13 <DIR> Cache
19.11.2004 00:09 0 nav.bmp
19.11.2004 00:21 21 version.txt
04.11.2004 15:59 499.712 xtoolbar.dll
4 Datei(en) 504.105 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Cache

22.11.2004 18:13 <DIR> .
22.11.2004 18:13 <DIR> ..
22.11.2004 18:13 173 4b4f1943e4e37fa06b7247718d4a15ed.xml
1 Datei(en) 173 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.2

18.06.2006 02:42 <DIR> .
18.06.2006 02:42 <DIR> ..
19.11.2004 00:32 4.372 basis.xml
19.11.2004 00:09 0 nav.bmp
19.11.2004 00:21 21 version.txt
3 Datei(en) 4.393 Bytes

Anzahl der angezeigten Dateien:
38 Datei(en) 5.205.235 Bytes
12 Verzeichnis(se), 1.373.392.896 Bytes frei

--------------------------------------------------------------------
so... und zu guter letzt 6.

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien

08.06.2006 22:55 <DIR> .
08.06.2006 22:55 <DIR> ..
18.01.2006 00:40 <DIR> Adobe
28.11.2005 00:26 <DIR> Adobe Systems Shared
12.10.2003 21:28 <DIR> Ahead
08.06.2006 22:55 <DIR> Blizzard Entertainment
16.04.2005 01:13 <DIR> CMEII
12.10.2003 21:12 <DIR> Designer
12.10.2003 13:53 <DIR> Dienste
23.12.2004 00:34 <DIR> Digidesign
28.12.2003 03:34 <DIR> DirectX
05.06.2005 18:46 <DIR> GMT
07.06.2006 02:02 <DIR> ifwm
01.06.2006 00:03 <DIR> InetGet
16.10.2003 22:22 <DIR> InstallShield
30.12.2003 23:48 <DIR> Java
12.02.2005 19:14 <DIR> Macromedia
12.02.2005 19:14 <DIR> Macromedia Shared
04.06.2006 17:10 <DIR> MAGIX Shared
12.10.2003 21:12 <DIR> Microsoft Shared
12.10.2003 13:53 <DIR> MSSoap
12.10.2003 14:47 <DIR> ODBC
23.12.2004 15:29 <DIR> PACE Anti-Piracy
23.08.2005 01:43 <DIR> PlayOnline
15.06.2004 17:30 <DIR> Real
17.01.2004 17:11 <DIR> Sierra
12.10.2003 14:47 <DIR> SpeechEngines
18.06.2006 02:11 <DIR> STOPzilla!
12.09.2004 16:06 <DIR> Symantec Shared
12.10.2003 21:10 <DIR> System
05.03.2005 00:34 <DIR> Vbox
19.10.2004 22:29 <DIR> Wise Installation Wizard
15.06.2004 17:30 <DIR> xing shared
0 Datei(en) 0 Bytes
33 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\System32\P2P Networking

26.11.2003 22:59 <DIR> .
26.11.2003 22:59 <DIR> ..
26.11.2003 22:59 <DIR> Cache
26.11.2003 22:59 90.112 MARSHAL.DLL
26.11.2003 22:59 9.205 P2P Networking.eng
26.11.2003 22:59 480.768 P2P Networking.exe
3 Datei(en) 580.085 Bytes
3 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Wsr

17.06.2006 00:17 <DIR> .
17.06.2006 00:17 <DIR> ..
19.08.2002 17:54 663.552 WinsysRsr.exe
1 Datei(en) 663.552 Bytes
2 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Program Files

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\PartyGaming\PartyPoker

08.05.2006 16:21 <DIR> .
08.05.2006 16:21 <DIR> ..
05.01.2006 18:34 7.362 addchips.wav
08.05.2006 16:07 <DIR> Articles
05.01.2006 18:34 2.561 cards_dealing.wav
05.01.2006 18:34 869 cards_sliding.wav
05.01.2006 18:34 11.062 chimes.wav
05.01.2006 18:34 1.687 chips_sliding.wav
05.01.2006 18:34 80.856 ding.wav
12.01.2006 22:48 366 Exit.html
05.01.2006 18:34 59.716 firework3.wav
08.05.2006 16:07 7.752 GRA.ini
31.03.2006 09:38 <DIR> Images
17.02.2006 22:33 59.246 INSTALL.LOG
17.02.2006 22:33 707 install.sss
08.05.2006 16:07 0 llh.dll
06.01.2006 00:59 1.632 login.html
05.01.2006 18:34 9.946 mouse_move.wav
08.05.2006 16:21 0 Notes.txt
25.04.2006 16:08 1.662.976 PartyPoker.dll
06.01.2006 19:10 39.104 poker.bin
17.02.2006 22:33 140 ppunistall.bat
14.02.2006 22:58 857 preloader.html
05.01.2006 18:34 16.544 reminder.wav
05.01.2006 18:34 15.724 ring.wav
30.01.2006 00:13 110.592 RunApp.exe
08.05.2006 16:07 6.650 TabConfig.txt
05.01.2006 18:34 5.004 tap.wav
08.05.2006 16:07 <DIR> tmpUpgrade
17.02.2006 22:33 730.966 Uninstall.exe
25 Datei(en) 2.832.319 Bytes
5 Verzeichnis(se), 1.373.323.264 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Fellowes\MediaFACE 4.0

11.05.2004 15:02 <DIR> .
11.05.2004 15:02 <DIR> ..
14.08.2003 13:19 6.358 AboutLogo.bmp
18.08.2003 17:37 45.056 AudioCD.dll
18.08.2003 17:39 155.648 BarCodeWizard.dll
12.08.2003 12:34 24.576 BarCodeWizardRes.dll
12.08.2003 12:38 892.928 BCGCB58.dll
19.08.2003 13:36 86.016 CDRipper.dll
12.08.2003 11:57 380.928 CDRipperX.ocx
18.08.2003 17:51 798.720 CommonSkinCtrls.dll
19.08.2003 13:36 106.496 DCWrapper.dll
18.08.2003 17:48 77.824 DownloadMgr.dll
12.08.2003 12:37 12.288 DownMgrRes.dll
19.08.2003 13:35 143.360 FormAppearance.dll
12.08.2003 11:57 1.687.552 gdiplus.dll
18.08.2003 17:44 208.896 ImgEffect.dll
12.08.2003 12:34 20.480 ImgEffectRes.dll
18.08.2003 17:44 192.512 ImgLoader.dll
12.08.2003 12:34 16.384 ImgLoaderRes.dll
12.08.2003 11:52 14.473 License.txt
12.08.2003 12:37 12.288 LMLRes.dll
12.08.2003 20:10 901.120 LMUIRes.dll
18.08.2003 17:40 630.881 lmWizard.dll
18.08.2003 17:40 520.296 LmWizIB.dll
12.08.2003 12:34 425.984 lmWizRes.dll
12.08.2003 11:52 562.556 MediaFACE.bmp
18.08.2003 17:36 102.400 MediaFace.exe
14.08.2003 13:18 0 MediaFace.exe.local
14.08.2003 13:19 964 MediaFace.exe.manifest
12.08.2003 11:40 1.874 MediaFACE4.ali
12.08.2003 11:52 3.016.329 MediaFACE4.chm
18.08.2003 17:36 2.781.269 MediaFaceUI.dll
12.08.2003 11:52 562.556 MediaFACE_t.bmp
18.08.2003 17:45 487.424 MF2Conv.dll
12.08.2003 12:34 16.384 MF2ConvRes.dll
12.08.2003 12:34 1.347.584 MF3DRes.dll
18.08.2003 17:38 172.032 MF3DView.dll
18.08.2003 17:37 147.456 MFCBID.dll
12.08.2003 11:57 204.800 mfcbr_client.dll
18.08.2003 17:48 36.864 MFCDLabelDll.dll
18.08.2003 17:46 118.784 MFCNBPHook.dll
18.08.2003 17:41 122.880 MFContentList.dll
18.08.2003 17:38 159.744 MFExport.dll
12.08.2003 12:34 57.344 MFEXPRes.dll
13.08.2003 19:03 32.768 MFExtRes.dll
18.08.2003 17:46 204.800 MFGearProHook.dll
18.08.2003 17:46 90.112 MFHookManager.dll
18.08.2003 17:46 118.784 MFHotBurnHook.dll
18.08.2003 17:37 192.512 MFID3.dll
18.08.2003 17:48 53.248 mfl.dll
18.08.2003 17:46 114.688 MFLiquidHook.dll
18.08.2003 17:47 155.648 MFLiquidPL.dll
18.08.2003 17:46 118.784 MFNeroHook.dll
18.08.2003 17:46 114.688 MFNTIHook.dll
19.08.2003 13:35 1.052.672 MFO.dll
12.08.2003 12:37 16.384 MFORes.dll
18.08.2003 17:39 155.648 MFPCalib.exe
12.08.2003 12:34 118.784 MFPCRes.dll
12.08.2003 12:34 409.600 MFPPRes.dll
19.08.2003 13:36 278.528 MFPrint.dll
18.08.2003 17:47 110.592 MFRealHook.dll
18.08.2003 17:48 118.784 MFRoxioAudioHook.dll
18.08.2003 17:46 118.784 MFRoxioHook.dll
19.08.2003 13:35 94.208 MFRT.dll
19.08.2003 13:36 49.152 MfRunWiz.exe
18.08.2003 17:48 73.728 MFSA.dll
18.08.2003 17:51 729.088 MfScWiz.dll
18.08.2003 17:45 86.016 MFShlExt.dll
18.08.2003 17:46 122.880 MFSimpleCDHook.dll
18.08.2003 17:29 176.128 mftnview.dll
18.08.2003 17:48 110.592 MFWMPHook.dll
18.08.2003 17:28 1.585.152 MFWorkarea.dll
12.08.2003 12:37 24.576 MFWorkareaRes.dll
18.08.2003 17:48 102.400 MJBHook.dll
18.08.2003 17:47 40.960 MJBPL.dll
18.08.2003 17:37 57.344 MP3List.dll
18.08.2003 17:47 102.400 MP3PLUSHook.dll
18.08.2003 17:47 61.440 MP3PLUSPL.dll
11.05.2004 14:59 <DIR> My Projects
20.08.2002 10:45 6.287.360 NET1.exe
18.08.2003 17:43 172.032 PaperViewer.dll
14.08.2003 13:19 299 PrivateGdiPlus.manifest
18.08.2003 17:28 86.016 PrjViewer.dll
18.08.2003 17:47 172.032 RealPL.dll
18.08.2003 17:46 53.248 SetHook.exe
11.05.2004 15:00 <DIR> Settings
19.08.2003 13:35 237.568 SkinEngine.dll
12.08.2003 12:36 24.576 SPPVRes.dll
12.08.2003 11:52 35.420 TrialBanner.gif
12.08.2003 11:59 4.085.904 wmfdist.exe
18.08.2003 17:48 180.224 WMPPL.dll
87 Datei(en) 35.586.859 Bytes
4 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\Temp

18.06.2006 12:53 <DIR> .
18.06.2006 12:53 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Temp

18.06.2006 12:53 <DIR> .
18.06.2006 12:53 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.373.319.168 Bytes frei

------------------------------------------------------------------
Schonmal danke, dass du dich so um mich kümmerst^^.. und vor allem so schnell geantwortet hast

Habe alle 6 Punkte befolgt..
joar.. des wär´s für´s erste

Dieser Beitrag wurde am 18.06.2006 um 13:09 Uhr von Porlzum editiert.

18.06.2006, 14:07

Sabina

Ehrenmitglied

Beiträge: 29434

#19 1.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:
C:\Programme\ipwins\ipwins.exe
C:\WINDOWS\system32\FG20DEU.DLL
C:\WINDOWS\system32\hosts
C:\WINDOWS\system32\wcpit.exe
C:\WINDOWS\system32\frameori1604.exe
C:\WINDOWS\system32\drsmartload261a.exe
C:\WINDOWS\system32\wuaclt.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\lijyxip.exe
C:\WINDOWS\lijyxip.PIF
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\hosts
C:\WINDOWS\warebundle.exe
C:\WINDOWS\hqpltsp.exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\drsmartload849a.exe
C:\WINDOWS\drsmartload46a.exe
C:\WINDOWS\drsmartload45a.exe
C:\WINDOWS\newname.dat
C:\WINDOWS\teller2.chk
C:\WINDOWS\patcher.exe
C:\WINDOWS\shell32.exe
C:\WINDOWS\dr.exe
C:\WINDOWS\user32.exe
C:\MTE3NDI6ODoxNg.exe
C:\drsmartload1.exe
C:\Mendoza1.exe
C:\defender26.exe
C:\defender23a.exe
C:\drsmartload46a.exe
C:\drsmartload45a.exe
C:\keyboard25.exe
C:\defender25.exe
C:\newname25.exe
C:\tool5.exe
C:\ms1.exe
C:\tool4.exe
C:\tool3.exe
C:\tool1.exe
C:\toolbar.exe
C:\country.exe
C:\mc-110-12-0000228.exe
C:\warebundle.exe
C:\Trelew.exe
C:\drsmartload849a.exe
C:\newname24.exe
C:\keyboard24.exe
C:\defender24.exe
C:\tool2.exe
C:\kl1.exe
C:\uniq
C:\Program.exe
C:\my.exe
C:\documents.exe
C:\WINDOWS\Downloaded Program Files\xtoolbar.dll
C:\WINDOWS\Downloaded Program Files\RdxIE.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dll

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

2.
poste das log vom avenger, was erscheint

**
3.
poste die logs von datfindbat bis februar 2006

**
4.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als com.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die com.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\ipwins" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\GMT" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\ifwm" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\InetGet" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 15:06

Porlzum

Member

Beiträge: 56

#20 So..1. getan, hier 2.,die log vom avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\acjcthdj

*******************

Script file located at: \??\C:\qecahyod.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not open file C:\Programme\ipwins\ipwins.exe for deletion
Deletion of file C:\Programme\ipwins\ipwins.exe failed!

Could not process line:
C:\Programme\ipwins\ipwins.exe
Status: 0xc000003a

File C:\WINDOWS\system32\FG20DEU.DLL deleted successfully.
File C:\WINDOWS\system32\hosts deleted successfully.
File C:\WINDOWS\system32\wcpit.exe deleted successfully.
File C:\WINDOWS\system32\frameori1604.exe deleted successfully.
File C:\WINDOWS\system32\drsmartload261a.exe deleted successfully.
File C:\WINDOWS\system32\wuaclt.dll deleted successfully.
File C:\WINDOWS\system32\atmtd.dll._ deleted successfully.
File C:\WINDOWS\system32\atmtd.dll deleted successfully.
File C:\WINDOWS\lijyxip.exe deleted successfully.
File C:\WINDOWS\lijyxip.PIF deleted successfully.
File C:\WINDOWS\keyboard1.dat deleted successfully.
File C:\WINDOWS\hosts deleted successfully.
File C:\WINDOWS\warebundle.exe deleted successfully.
File C:\WINDOWS\hqpltsp.exe deleted successfully.
File C:\WINDOWS\drsmartload2.dat deleted successfully.
File C:\WINDOWS\drsmartload849a.exe deleted successfully.
File C:\WINDOWS\drsmartload46a.exe deleted successfully.
File C:\WINDOWS\drsmartload45a.exe deleted successfully.
File C:\WINDOWS\newname.dat deleted successfully.
File C:\WINDOWS\teller2.chk deleted successfully.
File C:\WINDOWS\patcher.exe deleted successfully.
File C:\WINDOWS\shell32.exe deleted successfully.
File C:\WINDOWS\dr.exe deleted successfully.
File C:\WINDOWS\user32.exe deleted successfully.

File C:\MTE3NDI6ODoxNg.exe not found!
Deletion of file C:\MTE3NDI6ODoxNg.exe failed!

Could not process line:
C:\MTE3NDI6ODoxNg.exe
Status: 0xc0000034

File C:\drsmartload1.exe deleted successfully.
File C:\Mendoza1.exe deleted successfully.
File C:\defender26.exe deleted successfully.
File C:\defender23a.exe deleted successfully.
File C:\drsmartload46a.exe deleted successfully.
File C:\drsmartload45a.exe deleted successfully.
File C:\keyboard25.exe deleted successfully.
File C:\defender25.exe deleted successfully.
File C:\newname25.exe deleted successfully.
File C:\tool5.exe deleted successfully.
File C:\ms1.exe deleted successfully.
File C:\tool4.exe deleted successfully.
File C:\tool3.exe deleted successfully.
File C:\tool1.exe deleted successfully.
File C:\toolbar.exe deleted successfully.
File C:\country.exe deleted successfully.
File C:\mc-110-12-0000228.exe deleted successfully.
File C:\warebundle.exe deleted successfully.
File C:\Trelew.exe deleted successfully.
File C:\drsmartload849a.exe deleted successfully.
File C:\newname24.exe deleted successfully.
File C:\keyboard24.exe deleted successfully.
File C:\defender24.exe deleted successfully.
File C:\tool2.exe deleted successfully.
File C:\kl1.exe deleted successfully.
File C:\uniq deleted successfully.
File C:\Program.exe deleted successfully.
File C:\my.exe deleted successfully.
File C:\documents.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\xtoolbar.dll deleted successfully.
File C:\WINDOWS\Downloaded Program Files\RdxIE.dll deleted successfully.

File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dl not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dl failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dl
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

------------------------------------------------
3.: datfind.bat logs:

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\system32

15.06.2006 19:58 2.206 wpa.dbl
28.05.2006 19:18 0 nvapps.xml
16.04.2006 02:51 21.840 SIntfNT.dll
16.04.2006 02:51 17.212 SIntf32.dll
16.04.2006 02:51 12.067 SIntf16.dll
26.03.2006 13:31 52.764 perfc009.dat
26.03.2006 13:31 380.350 perfh009.dat
26.03.2006 13:31 63.580 perfc007.dat
26.03.2006 13:31 391.000 perfh007.dat
26.03.2006 13:31 897.954 PerfStringBackup.INI
25.03.2006 23:51 7.006 jupdate-1.5.0_06-b05.log
18.01.2006 14:05 57.344 avsda.dll

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\DOKUME~1\NoName\LOKALE~1\Temp

18.06.2006 13:07 204 jusched.log
18.06.2006 12:59 0 WER12.tmp
18.06.2006 12:55 0 WERA.tmp
3 Datei(en) 204 Bytes
0 Verzeichnis(se), 1.345.400.832 Bytes frei

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS

18.06.2006 15:00 0 0.log
18.06.2006 14:59 50 wiaservc.log
18.06.2006 14:59 159 wiadebug.log
18.06.2006 14:59 2.048 bootstat.dat
18.06.2006 14:58 32.138 SchedLgU.Txt
18.06.2006 03:20 1.167 win.ini
18.06.2006 03:20 332 system.ini
18.06.2006 03:19 1.590.198 ntbtlog.txt
14.06.2006 00:20 54.156 QTFont.qfn
12.06.2006 17:09 1.409 QTFont.for
12.06.2006 08:25 711 M3JPEG.INI
11.06.2006 01:29 133.243 setupapi.log
08.06.2006 16:51 444.371 wmsetup.log
04.06.2006 17:17 0 musicmaker.INI
04.06.2006 16:25 216 muma2003.INI
18.04.2006 20:22 1.314 setupact.log
11.04.2006 16:08 440.746 DirectX.log
26.03.2006 16:41 606.848 flashax.exe
26.03.2006 16:41 12.288 impborl.dll
01.03.2006 16:18 36.475 up.exe
14.02.2006 05:30 354 sampler.INI
14.02.2006 05:30 753 beatbox.INI
19.01.2006 17:48 10.372 EventSystem.log
03.01.2006 17:45 1.989 uninstall_nmon.vbs

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\

18.06.2006 15:03 0 sys.txt
18.06.2006 15:03 13.190 system.txt
18.06.2006 15:03 378 systemtemp.txt
18.06.2006 15:01 113.350 system32.txt
18.06.2006 14:59 805.306.368 pagefile.sys
18.06.2006 14:59 7.730 avenger.txt
18.06.2006 13:07 10.139 files.txt
18.06.2006 13:05 3.253 DirDPF.txt
18.06.2006 13:05 2 DirDPFCns.txt
18.06.2006 03:20 194 boot.ini
11.04.2006 17:20 15.542 GF_Excpt.txt
09.04.2006 16:31 1 DXOkay.bin
12.03.2006 18:11 254 777.htm
14.02.2006 06:18 43 settingsc.ini
07.05.2005 16:11 4.102 EyeCandyLog.txt
26.04.2005 18:04 389 log.txt
23.04.2005 12:21 152 Delme.bat
09.04.2005 13:39 20.671 f2install.log
09.04.2005 11:46 7 p!0!
17.02.2005 06:11 1.123 DV.txt
24.01.2005 18:22 509 hpfr5550.log
24.01.2005 18:22 0 hpfr5550.xml

(hab immer mal nen monat mehr kopiert, vorsichtshalber..)

----------------------------
und zu guter letzt 4.:

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien

08.06.2006 22:55 <DIR> .
08.06.2006 22:55 <DIR> ..
18.01.2006 00:40 <DIR> Adobe
28.11.2005 00:26 <DIR> Adobe Systems Shared
12.10.2003 21:28 <DIR> Ahead
08.06.2006 22:55 <DIR> Blizzard Entertainment
16.04.2005 01:13 <DIR> CMEII
12.10.2003 21:12 <DIR> Designer
12.10.2003 13:53 <DIR> Dienste
23.12.2004 00:34 <DIR> Digidesign
28.12.2003 03:34 <DIR> DirectX
05.06.2005 18:46 <DIR> GMT
07.06.2006 02:02 <DIR> ifwm
01.06.2006 00:03 <DIR> InetGet
16.10.2003 22:22 <DIR> InstallShield
30.12.2003 23:48 <DIR> Java
12.02.2005 19:14 <DIR> Macromedia
12.02.2005 19:14 <DIR> Macromedia Shared
04.06.2006 17:10 <DIR> MAGIX Shared
12.10.2003 21:12 <DIR> Microsoft Shared
12.10.2003 13:53 <DIR> MSSoap
12.10.2003 14:47 <DIR> ODBC
23.12.2004 15:29 <DIR> PACE Anti-Piracy
23.08.2005 01:43 <DIR> PlayOnline
15.06.2004 17:30 <DIR> Real
17.01.2004 17:11 <DIR> Sierra
12.10.2003 14:47 <DIR> SpeechEngines
18.06.2006 02:11 <DIR> STOPzilla!
12.09.2004 16:06 <DIR> Symantec Shared
12.10.2003 21:10 <DIR> System
05.03.2005 00:34 <DIR> Vbox
19.10.2004 22:29 <DIR> Wise Installation Wizard
15.06.2004 17:30 <DIR> xing shared
0 Datei(en) 0 Bytes
33 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\System32\P2P Networking

26.11.2003 22:59 <DIR> .
26.11.2003 22:59 <DIR> ..
26.11.2003 22:59 <DIR> Cache
26.11.2003 22:59 90.112 MARSHAL.DLL
26.11.2003 22:59 9.205 P2P Networking.eng
26.11.2003 22:59 480.768 P2P Networking.exe
3 Datei(en) 580.085 Bytes
3 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Wsr

17.06.2006 00:17 <DIR> .
17.06.2006 00:17 <DIR> ..
19.08.2002 17:54 663.552 WinsysRsr.exe
1 Datei(en) 663.552 Bytes
2 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Program Files

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\PartyGaming\PartyPoker

08.05.2006 16:21 <DIR> .
08.05.2006 16:21 <DIR> ..
05.01.2006 18:34 7.362 addchips.wav
08.05.2006 16:07 <DIR> Articles
05.01.2006 18:34 2.561 cards_dealing.wav
05.01.2006 18:34 869 cards_sliding.wav
05.01.2006 18:34 11.062 chimes.wav
05.01.2006 18:34 1.687 chips_sliding.wav
05.01.2006 18:34 80.856 ding.wav
12.01.2006 22:48 366 Exit.html
05.01.2006 18:34 59.716 firework3.wav
08.05.2006 16:07 7.752 GRA.ini
31.03.2006 09:38 <DIR> Images
17.02.2006 22:33 59.246 INSTALL.LOG
17.02.2006 22:33 707 install.sss
08.05.2006 16:07 0 llh.dll
06.01.2006 00:59 1.632 login.html
05.01.2006 18:34 9.946 mouse_move.wav
08.05.2006 16:21 0 Notes.txt
25.04.2006 16:08 1.662.976 PartyPoker.dll
06.01.2006 19:10 39.104 poker.bin
17.02.2006 22:33 140 ppunistall.bat
14.02.2006 22:58 857 preloader.html
05.01.2006 18:34 16.544 reminder.wav
05.01.2006 18:34 15.724 ring.wav
30.01.2006 00:13 110.592 RunApp.exe
08.05.2006 16:07 6.650 TabConfig.txt
05.01.2006 18:34 5.004 tap.wav
08.05.2006 16:07 <DIR> tmpUpgrade
17.02.2006 22:33 730.966 Uninstall.exe
25 Datei(en) 2.832.319 Bytes
5 Verzeichnis(se), 1.373.323.264 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Fellowes\MediaFACE 4.0

11.05.2004 15:02 <DIR> .
11.05.2004 15:02 <DIR> ..
14.08.2003 13:19 6.358 AboutLogo.bmp
18.08.2003 17:37 45.056 AudioCD.dll
18.08.2003 17:39 155.648 BarCodeWizard.dll
12.08.2003 12:34 24.576 BarCodeWizardRes.dll
12.08.2003 12:38 892.928 BCGCB58.dll
19.08.2003 13:36 86.016 CDRipper.dll
12.08.2003 11:57 380.928 CDRipperX.ocx
18.08.2003 17:51 798.720 CommonSkinCtrls.dll
19.08.2003 13:36 106.496 DCWrapper.dll
18.08.2003 17:48 77.824 DownloadMgr.dll
12.08.2003 12:37 12.288 DownMgrRes.dll
19.08.2003 13:35 143.360 FormAppearance.dll
12.08.2003 11:57 1.687.552 gdiplus.dll
18.08.2003 17:44 208.896 ImgEffect.dll
12.08.2003 12:34 20.480 ImgEffectRes.dll
18.08.2003 17:44 192.512 ImgLoader.dll
12.08.2003 12:34 16.384 ImgLoaderRes.dll
12.08.2003 11:52 14.473 License.txt
12.08.2003 12:37 12.288 LMLRes.dll
12.08.2003 20:10 901.120 LMUIRes.dll
18.08.2003 17:40 630.881 lmWizard.dll
18.08.2003 17:40 520.296 LmWizIB.dll
12.08.2003 12:34 425.984 lmWizRes.dll
12.08.2003 11:52 562.556 MediaFACE.bmp
18.08.2003 17:36 102.400 MediaFace.exe
14.08.2003 13:18 0 MediaFace.exe.local
14.08.2003 13:19 964 MediaFace.exe.manifest
12.08.2003 11:40 1.874 MediaFACE4.ali
12.08.2003 11:52 3.016.329 MediaFACE4.chm
18.08.2003 17:36 2.781.269 MediaFaceUI.dll
12.08.2003 11:52 562.556 MediaFACE_t.bmp
18.08.2003 17:45 487.424 MF2Conv.dll
12.08.2003 12:34 16.384 MF2ConvRes.dll
12.08.2003 12:34 1.347.584 MF3DRes.dll
18.08.2003 17:38 172.032 MF3DView.dll
18.08.2003 17:37 147.456 MFCBID.dll
12.08.2003 11:57 204.800 mfcbr_client.dll
18.08.2003 17:48 36.864 MFCDLabelDll.dll
18.08.2003 17:46 118.784 MFCNBPHook.dll
18.08.2003 17:41 122.880 MFContentList.dll
18.08.2003 17:38 159.744 MFExport.dll
12.08.2003 12:34 57.344 MFEXPRes.dll
13.08.2003 19:03 32.768 MFExtRes.dll
18.08.2003 17:46 204.800 MFGearProHook.dll
18.08.2003 17:46 90.112 MFHookManager.dll
18.08.2003 17:46 118.784 MFHotBurnHook.dll
18.08.2003 17:37 192.512 MFID3.dll
18.08.2003 17:48 53.248 mfl.dll
18.08.2003 17:46 114.688 MFLiquidHook.dll
18.08.2003 17:47 155.648 MFLiquidPL.dll
18.08.2003 17:46 118.784 MFNeroHook.dll
18.08.2003 17:46 114.688 MFNTIHook.dll
19.08.2003 13:35 1.052.672 MFO.dll
12.08.2003 12:37 16.384 MFORes.dll
18.08.2003 17:39 155.648 MFPCalib.exe
12.08.2003 12:34 118.784 MFPCRes.dll
12.08.2003 12:34 409.600 MFPPRes.dll
19.08.2003 13:36 278.528 MFPrint.dll
18.08.2003 17:47 110.592 MFRealHook.dll
18.08.2003 17:48 118.784 MFRoxioAudioHook.dll
18.08.2003 17:46 118.784 MFRoxioHook.dll
19.08.2003 13:35 94.208 MFRT.dll
19.08.2003 13:36 49.152 MfRunWiz.exe
18.08.2003 17:48 73.728 MFSA.dll
18.08.2003 17:51 729.088 MfScWiz.dll
18.08.2003 17:45 86.016 MFShlExt.dll
18.08.2003 17:46 122.880 MFSimpleCDHook.dll
18.08.2003 17:29 176.128 mftnview.dll
18.08.2003 17:48 110.592 MFWMPHook.dll
18.08.2003 17:28 1.585.152 MFWorkarea.dll
12.08.2003 12:37 24.576 MFWorkareaRes.dll
18.08.2003 17:48 102.400 MJBHook.dll
18.08.2003 17:47 40.960 MJBPL.dll
18.08.2003 17:37 57.344 MP3List.dll
18.08.2003 17:47 102.400 MP3PLUSHook.dll
18.08.2003 17:47 61.440 MP3PLUSPL.dll
11.05.2004 14:59 <DIR> My Projects
20.08.2002 10:45 6.287.360 NET1.exe
18.08.2003 17:43 172.032 PaperViewer.dll
14.08.2003 13:19 299 PrivateGdiPlus.manifest
18.08.2003 17:28 86.016 PrjViewer.dll
18.08.2003 17:47 172.032 RealPL.dll
18.08.2003 17:46 53.248 SetHook.exe
11.05.2004 15:00 <DIR> Settings
19.08.2003 13:35 237.568 SkinEngine.dll
12.08.2003 12:36 24.576 SPPVRes.dll
12.08.2003 11:52 35.420 TrialBanner.gif
12.08.2003 11:59 4.085.904 wmfdist.exe
18.08.2003 17:48 180.224 WMPPL.dll
87 Datei(en) 35.586.859 Bytes
4 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\Temp

18.06.2006 12:53 <DIR> .
18.06.2006 12:53 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Temp

18.06.2006 12:53 <DIR> .
18.06.2006 12:53 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\GMT

05.06.2005 18:46 <DIR> .
05.06.2005 18:46 <DIR> ..
29.01.2005 15:59 <DIR> 107l445785
09.12.2004 23:02 <DIR> 59337w8tyk
10.01.2005 22:39 <DIR> 63nznjtgq1
19.12.2004 22:33 <DIR> 77n4d52960
05.06.2004 11:23 <DIR> 82mckg5z8d
08.08.2004 12:12 <DIR> 8le8i365z1
05.06.2005 00:29 <DIR> 9075u011mw
28.11.2004 20:34 <DIR> 9dnrx894rn
09.04.2005 12:28 <DIR> a97j5e9m6o
05.06.2004 16:17 <DIR> Data
16.04.2005 01:13 <DIR> DownloadTemp
02.02.2004 11:17 438.329 EGGCEngine.dll
02.02.2004 11:17 766.009 egIEEngine.dll
02.02.2004 11:17 127.034 EGIEProcess.dll
02.02.2004 11:17 462.905 EGNSEngine.dll
08.08.2004 19:54 <DIR> f7ihi17u3h
10.11.2003 21:42 4.244 FillIn.wav
05.06.2005 20:26 48.855 Gator.log
02.02.2004 11:17 356.352 GatorRes.dll
02.02.2004 11:17 245.821 GatorStubSetup.exe
10.11.2003 21:42 678 GMT.exe.manifest
10.11.2003 21:42 29.390 Helper.wav
25.11.2004 15:46 <DIR> k19k629ena
05.06.2005 20:42 148 mepbs.dat
05.06.2005 20:48 148 mepcme.dat
05.06.2005 20:42 148 mepcmeft.dat
05.06.2005 21:16 148 mepgh.dat
05.06.2005 20:48 148 mepimg.dat
05.06.2005 20:48 148 meprca.dat
29.01.2005 13:24 <DIR> n59qvud14x
16.01.2005 22:15 <DIR> o67029g6qp
16.07.2004 16:16 <DIR> qk1nym94yb
26.04.2004 15:57 421.947 RTA04720
26.04.2004 15:57 421.947 RTA63730
26.04.2004 15:58 1.396.795 RTB04720
26.04.2004 15:58 1.396.795 RTB63730
26.04.2004 15:58 127.036 RTC04720
26.04.2004 15:58 127.036 RTC63730
26.04.2004 15:57 458.811 RTD04720
26.04.2004 15:57 458.811 RTD63730
26.04.2004 15:56 356.352 RTE04720
26.04.2004 15:56 356.352 RTE63730
26.04.2004 15:56 245.823 RTF04720
26.04.2004 15:56 245.823 RTF63730
26.04.2004 16:07 2.117.684 RTG04720
05.06.2005 20:58 <DIR> scripts
05.06.2005 18:56 <DIR> ufz89g2f71
03.12.2004 20:25 <DIR> xo921fzwjd
03.09.2004 20:14 <DIR> znxeeiydn5
29 Datei(en) 10.611.717 Bytes
22 Verzeichnis(se), 1.345.400.832 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\ifwm

07.06.2006 02:02 <DIR> .
07.06.2006 02:02 <DIR> ..
01.06.2006 00:04 0 ifwma.lck
01.06.2006 00:04 <DIR> ifwmd
06.06.2006 23:44 1.536 ifwmh
01.06.2006 00:05 0 ifwml.lck
01.06.2006 00:04 0 ifwmm.lck
4 Datei(en) 1.536 Bytes
3 Verzeichnis(se), 1.345.400.832 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\InetGet

01.06.2006 00:03 <DIR> .
01.06.2006 00:03 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.345.400.832 Bytes frei

18.06.2006, 16:36

Sabina

Ehrenmitglied

Beiträge: 29434

#21 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als lis.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die lis.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\Gemeinsame Dateien\CMEII" >>files.txt
dir "C:\Program Files\Sitecom" >>files.txt
notepad files.txt

----------------------------------------------------------------------------

1.
kopiere in den Avenger:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
HKEY_LOCAL_MACHINE\software\gator.com
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor

Files to delete:
C:\Program Files\Sitecom\C2SLoad.exe
C:\WINDOWS\system32\javaqq32.exe
C:\WINDOWS\System32\dllhost.exe
C:\Programme\Gemeinsame Dateien\STOPzilla!
C:\Programme\Gemeinsame Dateien\CMEII\CMEDiagnostics.log
C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GatorSupportInfo.txt
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
C:\Programme\Gemeinsame Dateien\CMEII\gui
C:\Programme\Gemeinsame Dateien\CMEII\RTA04720
C:\Programme\Gemeinsame Dateien\CMEII\RTA63730
C:\Programme\Gemeinsame Dateien\CMEII\RTB04720
C:\Programme\Gemeinsame Dateien\CMEII\RTB63730
C:\Programme\Gemeinsame Dateien\CMEII\RTC04720
C:\Programme\Gemeinsame Dateien\CMEII\RTC63730
C:\Programme\Gemeinsame Dateien\CMEII\RTD04720
C:\Programme\Gemeinsame Dateien\CMEII\RTD63730
C:\Programme\Gemeinsame Dateien\CMEII\RTE04720
C:\Programme\Gemeinsame Dateien\CMEII\RTE63730
C:\Programme\Gemeinsame Dateien\CMEII\RTF04720
C:\Programme\Gemeinsame Dateien\CMEII\RTG04720
C:\Programme\Gemeinsame Dateien\CMEII\RTH04720
C:\Programme\Gemeinsame Dateien\CMEII\store
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dll
C:\777.htm
C:\Programme\Network Monitor\netmon.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\up.exe
C:\Programme\Gemeinsame Dateien\ifwm\ifwma.lck
C:\Programme\Gemeinsame Dateien\ifwm\ifwmd
C:\Programme\Gemeinsame Dateien\ifwm\ifwmh
C:\Programme\Gemeinsame Dateien\ifwm\ifwml.lck
C:\Programme\Gemeinsame Dateien\ifwm\ifwmm.lck
C:\Programme\Gemeinsame Dateien\InetGet
C:\Programme\Gemeinsame Dateien\GMT\107l445785
C:\Programme\Gemeinsame Dateien\GMT\59337w8tyk
C:\Programme\Gemeinsame Dateien\GMT\63nznjtgq1
C:\Programme\Gemeinsame Dateien\GMT\77n4d52960
C:\Programme\Gemeinsame Dateien\GMT\82mckg5z8d
C:\Programme\Gemeinsame Dateien\GMT\8le8i365z1
C:\Programme\Gemeinsame Dateien\GMT\9075u011mw
C:\Programme\Gemeinsame Dateien\GMT\9dnrx894rn
C:\Programme\Gemeinsame Dateien\GMT\a97j5e9m6o
C:\Programme\Gemeinsame Dateien\GMT\Data
C:\Programme\Gemeinsame Dateien\GMT\DownloadTemp
C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\f7ihi17u3h
C:\Programme\Gemeinsame Dateien\GMT\FillIn.wav
C:\Programme\Gemeinsame Dateien\GMT\Gator.log
C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe.manifest
C:\Programme\Gemeinsame Dateien\GMT\Helper.wav
C:\Programme\Gemeinsame Dateien\GMT\k19k629ena
C:\Programme\Gemeinsame Dateien\GMT\mepbs.dat
C:\Programme\Gemeinsame Dateien\GMT\mepcme.dat
C:\Programme\Gemeinsame Dateien\GMT\mepcmeft.dat
C:\Programme\Gemeinsame Dateien\GMT\mepgh.dat
C:\Programme\Gemeinsame Dateien\GMT\mepimg.dat
C:\Programme\Gemeinsame Dateien\GMT\meprca.dat
C:\Programme\Gemeinsame Dateien\GMT\n59qvud14x
C:\Programme\Gemeinsame Dateien\GMT\o67029g6qp
C:\Programme\Gemeinsame Dateien\GMT\qk1nym94yb
C:\Programme\Gemeinsame Dateien\GMT\RTA04720
C:\Programme\Gemeinsame Dateien\GMT\RTA63730
C:\Programme\Gemeinsame Dateien\GMT\RTB04720
C:\Programme\Gemeinsame Dateien\GMT\RTB63730
C:\Programme\Gemeinsame Dateien\GMT\RTC04720
C:\Programme\Gemeinsame Dateien\GMT\RTC63730
C:\Programme\Gemeinsame Dateien\GMT\RTD04720
C:\Programme\Gemeinsame Dateien\GMT\RTD63730
C:\Programme\Gemeinsame Dateien\GMT\RTE04720
C:\Programme\Gemeinsame Dateien\GMT\RTE63730
C:\Programme\Gemeinsame Dateien\GMT\RTF04720
C:\Programme\Gemeinsame Dateien\GMT\RTF63730
C:\Programme\Gemeinsame Dateien\GMT\RTG04720
C:\Programme\Gemeinsame Dateien\GMT\scripts
C:\Programme\Gemeinsame Dateien\GMT\ufz89g2f71
C:\Programme\Gemeinsame Dateien\GMT\xo921fzwjd
C:\Programme\Gemeinsame Dateien\GMT\znxeeiydn5
C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
2.
poste das log vom Avenger

**
3.
loesche:
C:\Programme\Gemeinsame Dateien\ifwm
C:\Programme\Gemeinsame Dateien\GMT
C:\Programme\Gemeinsame Dateien\STOPzilla!
C:\WINDOWS\System32\P2P Networking
C:\Programme\Gemeinsame Dateien\CMEII
C:\Programme\ipwins

**
4
Start - Einstellungen - Systemsteuerung - Software
deinstalliere: "RX Bar" [C:\Programme\RXToolBar ]
deinstalliere: C:\Programme\PartyGaming
deinstalliere: C:\Programme\Network Monitor
deinstalliere: "P2P Networking"

**
5.
Counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove --> Status: Deleted
*Quarantaine

wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab
(wirst du wahrscheinlich als Anhang posten muessen...siehe unten)
__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 16:59

Sabina

Ehrenmitglied

Beiträge: 29434

#22 bevor du mit Counterspy scannst:

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o|a`
O1 - Hosts: ` `bmoo oo`
O1 - Hosts: `rnpoob~J|
O1 - Hosts: ~|~J| ~tpt`/4`/5.$|o ~J|o~|~J|q~/4`/5.$|oq~J(%`2%15%34%$``o#/-0o$5-0!24n393`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J /-0o42%%n$!4`7!3`./4`&/5.$`/.`4()3`3%26%2n|~J|o~|o
O1 - Hosts: ~J
O1 - Hosts: |a`
O1 - Hosts: ` `bmoo oo`

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [LAN Driver] landriver32.exe
O4 - HKLM\..\Run: [Click2Share] C:\Program Files\Sitecom\C2SLoad.exe
O4 - HKLM\..\Run: [javaqq32.exe] C:\WINDOWS\system32\javaqq32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!"§$%] C:\WINDOWS\System32\dllhost.exe
O4 - HKLM\..\Run: [IpWins] C:\Programme\ipwins\ipwins.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [LAN Driver] landriver32.exe
O4 - HKCU\..\Run: [LAN Driver] landriver32.exe
O4 - HKCU\..\Run: [!"§$%] C:\WINDOWS\System32\dllhost.exe
O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-110-12-0000228.exe

O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_58.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c5.cab

O20 - AppInit_DLLs: C:\WINDOWS\System32\wuaclt.dll
O20 - Winlogon Notify: Shell - C:\WINDOWS\system32\irrml5911.dll
O21 - SSODL: UZAdZMTDmDH - {7C9C297A-D636-83D0-87E8-FA1487E4178F} - C:\WINDOWS\System32\fq.dll (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winmx.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QU1E\command.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 17:08

Porlzum

Member

Beiträge: 56

#23 Hallöchen..
also..

1.: lis.bat--

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien

08.06.2006 22:55 <DIR> .
08.06.2006 22:55 <DIR> ..
18.01.2006 00:40 <DIR> Adobe
28.11.2005 00:26 <DIR> Adobe Systems Shared
12.10.2003 21:28 <DIR> Ahead
08.06.2006 22:55 <DIR> Blizzard Entertainment
16.04.2005 01:13 <DIR> CMEII
12.10.2003 21:12 <DIR> Designer
12.10.2003 13:53 <DIR> Dienste
23.12.2004 00:34 <DIR> Digidesign
28.12.2003 03:34 <DIR> DirectX
05.06.2005 18:46 <DIR> GMT
07.06.2006 02:02 <DIR> ifwm
01.06.2006 00:03 <DIR> InetGet
16.10.2003 22:22 <DIR> InstallShield
30.12.2003 23:48 <DIR> Java
12.02.2005 19:14 <DIR> Macromedia
12.02.2005 19:14 <DIR> Macromedia Shared
04.06.2006 17:10 <DIR> MAGIX Shared
12.10.2003 21:12 <DIR> Microsoft Shared
12.10.2003 13:53 <DIR> MSSoap
12.10.2003 14:47 <DIR> ODBC
23.12.2004 15:29 <DIR> PACE Anti-Piracy
23.08.2005 01:43 <DIR> PlayOnline
15.06.2004 17:30 <DIR> Real
17.01.2004 17:11 <DIR> Sierra
12.10.2003 14:47 <DIR> SpeechEngines
18.06.2006 02:11 <DIR> STOPzilla!
12.09.2004 16:06 <DIR> Symantec Shared
12.10.2003 21:10 <DIR> System
05.03.2005 00:34 <DIR> Vbox
19.10.2004 22:29 <DIR> Wise Installation Wizard
15.06.2004 17:30 <DIR> xing shared
0 Datei(en) 0 Bytes
33 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\System32\P2P Networking

26.11.2003 22:59 <DIR> .
26.11.2003 22:59 <DIR> ..
26.11.2003 22:59 <DIR> Cache
26.11.2003 22:59 90.112 MARSHAL.DLL
26.11.2003 22:59 9.205 P2P Networking.eng
26.11.2003 22:59 480.768 P2P Networking.exe
3 Datei(en) 580.085 Bytes
3 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Wsr

17.06.2006 00:17 <DIR> .
17.06.2006 00:17 <DIR> ..
19.08.2002 17:54 663.552 WinsysRsr.exe
1 Datei(en) 663.552 Bytes
2 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Program Files

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\PartyGaming\PartyPoker

08.05.2006 16:21 <DIR> .
08.05.2006 16:21 <DIR> ..
05.01.2006 18:34 7.362 addchips.wav
08.05.2006 16:07 <DIR> Articles
05.01.2006 18:34 2.561 cards_dealing.wav
05.01.2006 18:34 869 cards_sliding.wav
05.01.2006 18:34 11.062 chimes.wav
05.01.2006 18:34 1.687 chips_sliding.wav
05.01.2006 18:34 80.856 ding.wav
12.01.2006 22:48 366 Exit.html
05.01.2006 18:34 59.716 firework3.wav
08.05.2006 16:07 7.752 GRA.ini
31.03.2006 09:38 <DIR> Images
17.02.2006 22:33 59.246 INSTALL.LOG
17.02.2006 22:33 707 install.sss
08.05.2006 16:07 0 llh.dll
06.01.2006 00:59 1.632 login.html
05.01.2006 18:34 9.946 mouse_move.wav
08.05.2006 16:21 0 Notes.txt
25.04.2006 16:08 1.662.976 PartyPoker.dll
06.01.2006 19:10 39.104 poker.bin
17.02.2006 22:33 140 ppunistall.bat
14.02.2006 22:58 857 preloader.html
05.01.2006 18:34 16.544 reminder.wav
05.01.2006 18:34 15.724 ring.wav
30.01.2006 00:13 110.592 RunApp.exe
08.05.2006 16:07 6.650 TabConfig.txt
05.01.2006 18:34 5.004 tap.wav
08.05.2006 16:07 <DIR> tmpUpgrade
17.02.2006 22:33 730.966 Uninstall.exe
25 Datei(en) 2.832.319 Bytes
5 Verzeichnis(se), 1.373.323.264 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Fellowes\MediaFACE 4.0

11.05.2004 15:02 <DIR> .
11.05.2004 15:02 <DIR> ..
14.08.2003 13:19 6.358 AboutLogo.bmp
18.08.2003 17:37 45.056 AudioCD.dll
18.08.2003 17:39 155.648 BarCodeWizard.dll
12.08.2003 12:34 24.576 BarCodeWizardRes.dll
12.08.2003 12:38 892.928 BCGCB58.dll
19.08.2003 13:36 86.016 CDRipper.dll
12.08.2003 11:57 380.928 CDRipperX.ocx
18.08.2003 17:51 798.720 CommonSkinCtrls.dll
19.08.2003 13:36 106.496 DCWrapper.dll
18.08.2003 17:48 77.824 DownloadMgr.dll
12.08.2003 12:37 12.288 DownMgrRes.dll
19.08.2003 13:35 143.360 FormAppearance.dll
12.08.2003 11:57 1.687.552 gdiplus.dll
18.08.2003 17:44 208.896 ImgEffect.dll
12.08.2003 12:34 20.480 ImgEffectRes.dll
18.08.2003 17:44 192.512 ImgLoader.dll
12.08.2003 12:34 16.384 ImgLoaderRes.dll
12.08.2003 11:52 14.473 License.txt
12.08.2003 12:37 12.288 LMLRes.dll
12.08.2003 20:10 901.120 LMUIRes.dll
18.08.2003 17:40 630.881 lmWizard.dll
18.08.2003 17:40 520.296 LmWizIB.dll
12.08.2003 12:34 425.984 lmWizRes.dll
12.08.2003 11:52 562.556 MediaFACE.bmp
18.08.2003 17:36 102.400 MediaFace.exe
14.08.2003 13:18 0 MediaFace.exe.local
14.08.2003 13:19 964 MediaFace.exe.manifest
12.08.2003 11:40 1.874 MediaFACE4.ali
12.08.2003 11:52 3.016.329 MediaFACE4.chm
18.08.2003 17:36 2.781.269 MediaFaceUI.dll
12.08.2003 11:52 562.556 MediaFACE_t.bmp
18.08.2003 17:45 487.424 MF2Conv.dll
12.08.2003 12:34 16.384 MF2ConvRes.dll
12.08.2003 12:34 1.347.584 MF3DRes.dll
18.08.2003 17:38 172.032 MF3DView.dll
18.08.2003 17:37 147.456 MFCBID.dll
12.08.2003 11:57 204.800 mfcbr_client.dll
18.08.2003 17:48 36.864 MFCDLabelDll.dll
18.08.2003 17:46 118.784 MFCNBPHook.dll
18.08.2003 17:41 122.880 MFContentList.dll
18.08.2003 17:38 159.744 MFExport.dll
12.08.2003 12:34 57.344 MFEXPRes.dll
13.08.2003 19:03 32.768 MFExtRes.dll
18.08.2003 17:46 204.800 MFGearProHook.dll
18.08.2003 17:46 90.112 MFHookManager.dll
18.08.2003 17:46 118.784 MFHotBurnHook.dll
18.08.2003 17:37 192.512 MFID3.dll
18.08.2003 17:48 53.248 mfl.dll
18.08.2003 17:46 114.688 MFLiquidHook.dll
18.08.2003 17:47 155.648 MFLiquidPL.dll
18.08.2003 17:46 118.784 MFNeroHook.dll
18.08.2003 17:46 114.688 MFNTIHook.dll
19.08.2003 13:35 1.052.672 MFO.dll
12.08.2003 12:37 16.384 MFORes.dll
18.08.2003 17:39 155.648 MFPCalib.exe
12.08.2003 12:34 118.784 MFPCRes.dll
12.08.2003 12:34 409.600 MFPPRes.dll
19.08.2003 13:36 278.528 MFPrint.dll
18.08.2003 17:47 110.592 MFRealHook.dll
18.08.2003 17:48 118.784 MFRoxioAudioHook.dll
18.08.2003 17:46 118.784 MFRoxioHook.dll
19.08.2003 13:35 94.208 MFRT.dll
19.08.2003 13:36 49.152 MfRunWiz.exe
18.08.2003 17:48 73.728 MFSA.dll
18.08.2003 17:51 729.088 MfScWiz.dll
18.08.2003 17:45 86.016 MFShlExt.dll
18.08.2003 17:46 122.880 MFSimpleCDHook.dll
18.08.2003 17:29 176.128 mftnview.dll
18.08.2003 17:48 110.592 MFWMPHook.dll
18.08.2003 17:28 1.585.152 MFWorkarea.dll
12.08.2003 12:37 24.576 MFWorkareaRes.dll
18.08.2003 17:48 102.400 MJBHook.dll
18.08.2003 17:47 40.960 MJBPL.dll
18.08.2003 17:37 57.344 MP3List.dll
18.08.2003 17:47 102.400 MP3PLUSHook.dll
18.08.2003 17:47 61.440 MP3PLUSPL.dll
11.05.2004 14:59 <DIR> My Projects
20.08.2002 10:45 6.287.360 NET1.exe
18.08.2003 17:43 172.032 PaperViewer.dll
14.08.2003 13:19 299 PrivateGdiPlus.manifest
18.08.2003 17:28 86.016 PrjViewer.dll
18.08.2003 17:47 172.032 RealPL.dll
18.08.2003 17:46 53.248 SetHook.exe
11.05.2004 15:00 <DIR> Settings
19.08.2003 13:35 237.568 SkinEngine.dll
12.08.2003 12:36 24.576 SPPVRes.dll
12.08.2003 11:52 35.420 TrialBanner.gif
12.08.2003 11:59 4.085.904 wmfdist.exe
18.08.2003 17:48 180.224 WMPPL.dll
87 Datei(en) 35.586.859 Bytes
4 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\Temp

18.06.2006 12:53 <DIR> .
18.06.2006 12:53 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Temp

18.06.2006 12:53 <DIR> .
18.06.2006 12:53 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\GMT

05.06.2005 18:46 <DIR> .
05.06.2005 18:46 <DIR> ..
29.01.2005 15:59 <DIR> 107l445785
09.12.2004 23:02 <DIR> 59337w8tyk
10.01.2005 22:39 <DIR> 63nznjtgq1
19.12.2004 22:33 <DIR> 77n4d52960
05.06.2004 11:23 <DIR> 82mckg5z8d
08.08.2004 12:12 <DIR> 8le8i365z1
05.06.2005 00:29 <DIR> 9075u011mw
28.11.2004 20:34 <DIR> 9dnrx894rn
09.04.2005 12:28 <DIR> a97j5e9m6o
05.06.2004 16:17 <DIR> Data
16.04.2005 01:13 <DIR> DownloadTemp
02.02.2004 11:17 438.329 EGGCEngine.dll
02.02.2004 11:17 766.009 egIEEngine.dll
02.02.2004 11:17 127.034 EGIEProcess.dll
02.02.2004 11:17 462.905 EGNSEngine.dll
08.08.2004 19:54 <DIR> f7ihi17u3h
10.11.2003 21:42 4.244 FillIn.wav
05.06.2005 20:26 48.855 Gator.log
02.02.2004 11:17 356.352 GatorRes.dll
02.02.2004 11:17 245.821 GatorStubSetup.exe
10.11.2003 21:42 678 GMT.exe.manifest
10.11.2003 21:42 29.390 Helper.wav
25.11.2004 15:46 <DIR> k19k629ena
05.06.2005 20:42 148 mepbs.dat
05.06.2005 20:48 148 mepcme.dat
05.06.2005 20:42 148 mepcmeft.dat
05.06.2005 21:16 148 mepgh.dat
05.06.2005 20:48 148 mepimg.dat
05.06.2005 20:48 148 meprca.dat
29.01.2005 13:24 <DIR> n59qvud14x
16.01.2005 22:15 <DIR> o67029g6qp
16.07.2004 16:16 <DIR> qk1nym94yb
26.04.2004 15:57 421.947 RTA04720
26.04.2004 15:57 421.947 RTA63730
26.04.2004 15:58 1.396.795 RTB04720
26.04.2004 15:58 1.396.795 RTB63730
26.04.2004 15:58 127.036 RTC04720
26.04.2004 15:58 127.036 RTC63730
26.04.2004 15:57 458.811 RTD04720
26.04.2004 15:57 458.811 RTD63730
26.04.2004 15:56 356.352 RTE04720
26.04.2004 15:56 356.352 RTE63730
26.04.2004 15:56 245.823 RTF04720
26.04.2004 15:56 245.823 RTF63730
26.04.2004 16:07 2.117.684 RTG04720
05.06.2005 20:58 <DIR> scripts
05.06.2005 18:56 <DIR> ufz89g2f71
03.12.2004 20:25 <DIR> xo921fzwjd
03.09.2004 20:14 <DIR> znxeeiydn5
29 Datei(en) 10.611.717 Bytes
22 Verzeichnis(se), 1.345.400.832 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\ifwm

07.06.2006 02:02 <DIR> .
07.06.2006 02:02 <DIR> ..
01.06.2006 00:04 0 ifwma.lck
01.06.2006 00:04 <DIR> ifwmd
06.06.2006 23:44 1.536 ifwmh
01.06.2006 00:05 0 ifwml.lck
01.06.2006 00:04 0 ifwmm.lck
4 Datei(en) 1.536 Bytes
3 Verzeichnis(se), 1.345.400.832 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\InetGet

01.06.2006 00:03 <DIR> .
01.06.2006 00:03 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.345.400.832 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII

16.04.2005 01:13 <DIR> .
16.04.2005 01:13 <DIR> ..
12.03.2005 00:28 1.109 CMEDiagnostics.log
02.02.2004 11:18 90.165 CMEIIAPI.dll
02.02.2004 11:18 335.924 GAppMgr.dll
10.04.2005 12:33 146 GatorSupportInfo.txt
02.02.2004 11:18 135.224 GController.dll
02.02.2004 11:18 249.909 GDwldEng.dll
02.02.2004 11:18 110.642 GIocl.dll
02.02.2004 11:18 90.168 GIoclClient.dll
02.02.2004 11:18 167.989 GMTProxy.dll
02.02.2004 11:18 221.234 GObjs.dll
02.02.2004 11:18 110.643 GStore.dll
02.02.2004 11:18 102.457 GStoreServer.dll
02.02.2004 11:18 434.227 Gtools.dll
27.11.2003 00:30 <DIR> gui
26.04.2004 16:11 90.167 RTA04720
26.04.2004 16:11 90.167 RTA63730
26.04.2004 16:13 90.112 RTB04720
26.04.2004 16:13 90.112 RTB63730
26.04.2004 16:13 442.422 RTC04720
26.04.2004 16:13 442.422 RTC63730
26.04.2004 16:13 237.626 RTD04720
26.04.2004 16:13 237.626 RTD63730
26.04.2004 16:13 249.911 RTE04720
26.04.2004 16:13 249.911 RTE63730
26.04.2004 16:12 110.644 RTF04720
26.04.2004 16:11 90.170 RTG04720
26.04.2004 16:13 167.991 RTH04720
12.03.2005 00:28 <DIR> store
26 Datei(en) 4.639.118 Bytes
4 Verzeichnis(se), 1.344.512.000 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII

16.04.2005 01:13 <DIR> .
16.04.2005 01:13 <DIR> ..
12.03.2005 00:28 1.109 CMEDiagnostics.log
02.02.2004 11:18 90.165 CMEIIAPI.dll
02.02.2004 11:18 335.924 GAppMgr.dll
10.04.2005 12:33 146 GatorSupportInfo.txt
02.02.2004 11:18 135.224 GController.dll
02.02.2004 11:18 249.909 GDwldEng.dll
02.02.2004 11:18 110.642 GIocl.dll
02.02.2004 11:18 90.168 GIoclClient.dll
02.02.2004 11:18 167.989 GMTProxy.dll
02.02.2004 11:18 221.234 GObjs.dll
02.02.2004 11:18 110.643 GStore.dll
02.02.2004 11:18 102.457 GStoreServer.dll
02.02.2004 11:18 434.227 Gtools.dll
27.11.2003 00:30 <DIR> gui
26.04.2004 16:11 90.167 RTA04720
26.04.2004 16:11 90.167 RTA63730
26.04.2004 16:13 90.112 RTB04720
26.04.2004 16:13 90.112 RTB63730
26.04.2004 16:13 442.422 RTC04720
26.04.2004 16:13 442.422 RTC63730
26.04.2004 16:13 237.626 RTD04720
26.04.2004 16:13 237.626 RTD63730
26.04.2004 16:13 249.911 RTE04720
26.04.2004 16:13 249.911 RTE63730
26.04.2004 16:12 110.644 RTF04720
26.04.2004 16:11 90.170 RTG04720
26.04.2004 16:13 167.991 RTH04720
12.03.2005 00:28 <DIR> store
26 Datei(en) 4.639.118 Bytes
4 Verzeichnis(se), 1.344.507.904 Bytes frei

--------------------------

2. -
da gibts n error... hier die errorlog.txt (vor dem neustarten)

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: [KEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E}

..ab dem punkt, wart ich mal auf deine antwort..

Dieser Beitrag wurde am 18.06.2006 um 17:11 Uhr von Porlzum editiert.

18.06.2006, 17:09

Sabina

Ehrenmitglied

Beiträge: 29434

#24 du postest immer das gleiche..ich gebe jeder bat einen anderen namen

warte 10 Minuten, ich baue das noch mit ein
__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 17:15

Sabina

Ehrenmitglied

Beiträge: 29434

#25 so, nun kannst du den avenger anwenden, danach poste dessen log, fixe alle malware mit dem hijacktHis und sanne mit Counterspy (+ ...alle logs posten, von avenger und vom counterspy als anhang)
__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 17:21

Porlzum

Member

Beiträge: 56

#26 also hier nochmal die lis.bat:

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien

08.06.2006 22:55 <DIR> .
08.06.2006 22:55 <DIR> ..
18.01.2006 00:40 <DIR> Adobe
28.11.2005 00:26 <DIR> Adobe Systems Shared
12.10.2003 21:28 <DIR> Ahead
08.06.2006 22:55 <DIR> Blizzard Entertainment
16.04.2005 01:13 <DIR> CMEII
12.10.2003 21:12 <DIR> Designer
12.10.2003 13:53 <DIR> Dienste
23.12.2004 00:34 <DIR> Digidesign
28.12.2003 03:34 <DIR> DirectX
05.06.2005 18:46 <DIR> GMT
07.06.2006 02:02 <DIR> ifwm
01.06.2006 00:03 <DIR> InetGet
16.10.2003 22:22 <DIR> InstallShield
30.12.2003 23:48 <DIR> Java
12.02.2005 19:14 <DIR> Macromedia
12.02.2005 19:14 <DIR> Macromedia Shared
04.06.2006 17:10 <DIR> MAGIX Shared
12.10.2003 21:12 <DIR> Microsoft Shared
12.10.2003 13:53 <DIR> MSSoap
12.10.2003 14:47 <DIR> ODBC
23.12.2004 15:29 <DIR> PACE Anti-Piracy
23.08.2005 01:43 <DIR> PlayOnline
15.06.2004 17:30 <DIR> Real
17.01.2004 17:11 <DIR> Sierra
12.10.2003 14:47 <DIR> SpeechEngines
18.06.2006 02:11 <DIR> STOPzilla!
12.09.2004 16:06 <DIR> Symantec Shared
12.10.2003 21:10 <DIR> System
05.03.2005 00:34 <DIR> Vbox
19.10.2004 22:29 <DIR> Wise Installation Wizard
15.06.2004 17:30 <DIR> xing shared
0 Datei(en) 0 Bytes
33 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\System32\P2P Networking

26.11.2003 22:59 <DIR> .
26.11.2003 22:59 <DIR> ..
26.11.2003 22:59 <DIR> Cache
26.11.2003 22:59 90.112 MARSHAL.DLL
26.11.2003 22:59 9.205 P2P Networking.eng
26.11.2003 22:59 480.768 P2P Networking.exe
3 Datei(en) 580.085 Bytes
3 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Wsr

17.06.2006 00:17 <DIR> .
17.06.2006 00:17 <DIR> ..
19.08.2002 17:54 663.552 WinsysRsr.exe
1 Datei(en) 663.552 Bytes
2 Verzeichnis(se), 1.373.327.360 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Program Files

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\PartyGaming\PartyPoker

08.05.2006 16:21 <DIR> .
08.05.2006 16:21 <DIR> ..
05.01.2006 18:34 7.362 addchips.wav
08.05.2006 16:07 <DIR> Articles
05.01.2006 18:34 2.561 cards_dealing.wav
05.01.2006 18:34 869 cards_sliding.wav
05.01.2006 18:34 11.062 chimes.wav
05.01.2006 18:34 1.687 chips_sliding.wav
05.01.2006 18:34 80.856 ding.wav
12.01.2006 22:48 366 Exit.html
05.01.2006 18:34 59.716 firework3.wav
08.05.2006 16:07 7.752 GRA.ini
31.03.2006 09:38 <DIR> Images
17.02.2006 22:33 59.246 INSTALL.LOG
17.02.2006 22:33 707 install.sss
08.05.2006 16:07 0 llh.dll
06.01.2006 00:59 1.632 login.html
05.01.2006 18:34 9.946 mouse_move.wav
08.05.2006 16:21 0 Notes.txt
25.04.2006 16:08 1.662.976 PartyPoker.dll
06.01.2006 19:10 39.104 poker.bin
17.02.2006 22:33 140 ppunistall.bat
14.02.2006 22:58 857 preloader.html
05.01.2006 18:34 16.544 reminder.wav
05.01.2006 18:34 15.724 ring.wav
30.01.2006 00:13 110.592 RunApp.exe
08.05.2006 16:07 6.650 TabConfig.txt
05.01.2006 18:34 5.004 tap.wav
08.05.2006 16:07 <DIR> tmpUpgrade
17.02.2006 22:33 730.966 Uninstall.exe
25 Datei(en) 2.832.319 Bytes
5 Verzeichnis(se), 1.373.323.264 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Fellowes\MediaFACE 4.0

11.05.2004 15:02 <DIR> .
11.05.2004 15:02 <DIR> ..
14.08.2003 13:19 6.358 AboutLogo.bmp
18.08.2003 17:37 45.056 AudioCD.dll
18.08.2003 17:39 155.648 BarCodeWizard.dll
12.08.2003 12:34 24.576 BarCodeWizardRes.dll
12.08.2003 12:38 892.928 BCGCB58.dll
19.08.2003 13:36 86.016 CDRipper.dll
12.08.2003 11:57 380.928 CDRipperX.ocx
18.08.2003 17:51 798.720 CommonSkinCtrls.dll
19.08.2003 13:36 106.496 DCWrapper.dll
18.08.2003 17:48 77.824 DownloadMgr.dll
12.08.2003 12:37 12.288 DownMgrRes.dll
19.08.2003 13:35 143.360 FormAppearance.dll
12.08.2003 11:57 1.687.552 gdiplus.dll
18.08.2003 17:44 208.896 ImgEffect.dll
12.08.2003 12:34 20.480 ImgEffectRes.dll
18.08.2003 17:44 192.512 ImgLoader.dll
12.08.2003 12:34 16.384 ImgLoaderRes.dll
12.08.2003 11:52 14.473 License.txt
12.08.2003 12:37 12.288 LMLRes.dll
12.08.2003 20:10 901.120 LMUIRes.dll
18.08.2003 17:40 630.881 lmWizard.dll
18.08.2003 17:40 520.296 LmWizIB.dll
12.08.2003 12:34 425.984 lmWizRes.dll
12.08.2003 11:52 562.556 MediaFACE.bmp
18.08.2003 17:36 102.400 MediaFace.exe
14.08.2003 13:18 0 MediaFace.exe.local
14.08.2003 13:19 964 MediaFace.exe.manifest
12.08.2003 11:40 1.874 MediaFACE4.ali
12.08.2003 11:52 3.016.329 MediaFACE4.chm
18.08.2003 17:36 2.781.269 MediaFaceUI.dll
12.08.2003 11:52 562.556 MediaFACE_t.bmp
18.08.2003 17:45 487.424 MF2Conv.dll
12.08.2003 12:34 16.384 MF2ConvRes.dll
12.08.2003 12:34 1.347.584 MF3DRes.dll
18.08.2003 17:38 172.032 MF3DView.dll
18.08.2003 17:37 147.456 MFCBID.dll
12.08.2003 11:57 204.800 mfcbr_client.dll
18.08.2003 17:48 36.864 MFCDLabelDll.dll
18.08.2003 17:46 118.784 MFCNBPHook.dll
18.08.2003 17:41 122.880 MFContentList.dll
18.08.2003 17:38 159.744 MFExport.dll
12.08.2003 12:34 57.344 MFEXPRes.dll
13.08.2003 19:03 32.768 MFExtRes.dll
18.08.2003 17:46 204.800 MFGearProHook.dll
18.08.2003 17:46 90.112 MFHookManager.dll
18.08.2003 17:46 118.784 MFHotBurnHook.dll
18.08.2003 17:37 192.512 MFID3.dll
18.08.2003 17:48 53.248 mfl.dll
18.08.2003 17:46 114.688 MFLiquidHook.dll
18.08.2003 17:47 155.648 MFLiquidPL.dll
18.08.2003 17:46 118.784 MFNeroHook.dll
18.08.2003 17:46 114.688 MFNTIHook.dll
19.08.2003 13:35 1.052.672 MFO.dll
12.08.2003 12:37 16.384 MFORes.dll
18.08.2003 17:39 155.648 MFPCalib.exe
12.08.2003 12:34 118.784 MFPCRes.dll
12.08.2003 12:34 409.600 MFPPRes.dll
19.08.2003 13:36 278.528 MFPrint.dll
18.08.2003 17:47 110.592 MFRealHook.dll
18.08.2003 17:48 118.784 MFRoxioAudioHook.dll
18.08.2003 17:46 118.784 MFRoxioHook.dll
19.08.2003 13:35 94.208 MFRT.dll
19.08.2003 13:36 49.152 MfRunWiz.exe
18.08.2003 17:48 73.728 MFSA.dll
18.08.2003 17:51 729.088 MfScWiz.dll
18.08.2003 17:45 86.016 MFShlExt.dll
18.08.2003 17:46 122.880 MFSimpleCDHook.dll
18.08.2003 17:29 176.128 mftnview.dll
18.08.2003 17:48 110.592 MFWMPHook.dll
18.08.2003 17:28 1.585.152 MFWorkarea.dll
12.08.2003 12:37 24.576 MFWorkareaRes.dll
18.08.2003 17:48 102.400 MJBHook.dll
18.08.2003 17:47 40.960 MJBPL.dll
18.08.2003 17:37 57.344 MP3List.dll
18.08.2003 17:47 102.400 MP3PLUSHook.dll
18.08.2003 17:47 61.440 MP3PLUSPL.dll
11.05.2004 14:59 <DIR> My Projects
20.08.2002 10:45 6.287.360 NET1.exe
18.08.2003 17:43 172.032 PaperViewer.dll
14.08.2003 13:19 299 PrivateGdiPlus.manifest
18.08.2003 17:28 86.016 PrjViewer.dll
18.08.2003 17:47 172.032 RealPL.dll
18.08.2003 17:46 53.248 SetHook.exe
11.05.2004 15:00 <DIR> Settings
19.08.2003 13:35 237.568 SkinEngine.dll
12.08.2003 12:36 24.576 SPPVRes.dll
12.08.2003 11:52 35.420 TrialBanner.gif
12.08.2003 11:59 4.085.904 wmfdist.exe
18.08.2003 17:48 180.224 WMPPL.dll
87 Datei(en) 35.586.859 Bytes
4 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\WINDOWS\Temp

18.06.2006 12:53 <DIR> .
18.06.2006 12:53 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Temp

18.06.2006 12:53 <DIR> .
18.06.2006 12:53 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.373.319.168 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\GMT

05.06.2005 18:46 <DIR> .
05.06.2005 18:46 <DIR> ..
29.01.2005 15:59 <DIR> 107l445785
09.12.2004 23:02 <DIR> 59337w8tyk
10.01.2005 22:39 <DIR> 63nznjtgq1
19.12.2004 22:33 <DIR> 77n4d52960
05.06.2004 11:23 <DIR> 82mckg5z8d
08.08.2004 12:12 <DIR> 8le8i365z1
05.06.2005 00:29 <DIR> 9075u011mw
28.11.2004 20:34 <DIR> 9dnrx894rn
09.04.2005 12:28 <DIR> a97j5e9m6o
05.06.2004 16:17 <DIR> Data
16.04.2005 01:13 <DIR> DownloadTemp
02.02.2004 11:17 438.329 EGGCEngine.dll
02.02.2004 11:17 766.009 egIEEngine.dll
02.02.2004 11:17 127.034 EGIEProcess.dll
02.02.2004 11:17 462.905 EGNSEngine.dll
08.08.2004 19:54 <DIR> f7ihi17u3h
10.11.2003 21:42 4.244 FillIn.wav
05.06.2005 20:26 48.855 Gator.log
02.02.2004 11:17 356.352 GatorRes.dll
02.02.2004 11:17 245.821 GatorStubSetup.exe
10.11.2003 21:42 678 GMT.exe.manifest
10.11.2003 21:42 29.390 Helper.wav
25.11.2004 15:46 <DIR> k19k629ena
05.06.2005 20:42 148 mepbs.dat
05.06.2005 20:48 148 mepcme.dat
05.06.2005 20:42 148 mepcmeft.dat
05.06.2005 21:16 148 mepgh.dat
05.06.2005 20:48 148 mepimg.dat
05.06.2005 20:48 148 meprca.dat
29.01.2005 13:24 <DIR> n59qvud14x
16.01.2005 22:15 <DIR> o67029g6qp
16.07.2004 16:16 <DIR> qk1nym94yb
26.04.2004 15:57 421.947 RTA04720
26.04.2004 15:57 421.947 RTA63730
26.04.2004 15:58 1.396.795 RTB04720
26.04.2004 15:58 1.396.795 RTB63730
26.04.2004 15:58 127.036 RTC04720
26.04.2004 15:58 127.036 RTC63730
26.04.2004 15:57 458.811 RTD04720
26.04.2004 15:57 458.811 RTD63730
26.04.2004 15:56 356.352 RTE04720
26.04.2004 15:56 356.352 RTE63730
26.04.2004 15:56 245.823 RTF04720
26.04.2004 15:56 245.823 RTF63730
26.04.2004 16:07 2.117.684 RTG04720
05.06.2005 20:58 <DIR> scripts
05.06.2005 18:56 <DIR> ufz89g2f71
03.12.2004 20:25 <DIR> xo921fzwjd
03.09.2004 20:14 <DIR> znxeeiydn5
29 Datei(en) 10.611.717 Bytes
22 Verzeichnis(se), 1.345.400.832 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\ifwm

07.06.2006 02:02 <DIR> .
07.06.2006 02:02 <DIR> ..
01.06.2006 00:04 0 ifwma.lck
01.06.2006 00:04 <DIR> ifwmd
06.06.2006 23:44 1.536 ifwmh
01.06.2006 00:05 0 ifwml.lck
01.06.2006 00:04 0 ifwmm.lck
4 Datei(en) 1.536 Bytes
3 Verzeichnis(se), 1.345.400.832 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\InetGet

01.06.2006 00:03 <DIR> .
01.06.2006 00:03 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 1.345.400.832 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII

16.04.2005 01:13 <DIR> .
16.04.2005 01:13 <DIR> ..
12.03.2005 00:28 1.109 CMEDiagnostics.log
02.02.2004 11:18 90.165 CMEIIAPI.dll
02.02.2004 11:18 335.924 GAppMgr.dll
10.04.2005 12:33 146 GatorSupportInfo.txt
02.02.2004 11:18 135.224 GController.dll
02.02.2004 11:18 249.909 GDwldEng.dll
02.02.2004 11:18 110.642 GIocl.dll
02.02.2004 11:18 90.168 GIoclClient.dll
02.02.2004 11:18 167.989 GMTProxy.dll
02.02.2004 11:18 221.234 GObjs.dll
02.02.2004 11:18 110.643 GStore.dll
02.02.2004 11:18 102.457 GStoreServer.dll
02.02.2004 11:18 434.227 Gtools.dll
27.11.2003 00:30 <DIR> gui
26.04.2004 16:11 90.167 RTA04720
26.04.2004 16:11 90.167 RTA63730
26.04.2004 16:13 90.112 RTB04720
26.04.2004 16:13 90.112 RTB63730
26.04.2004 16:13 442.422 RTC04720
26.04.2004 16:13 442.422 RTC63730
26.04.2004 16:13 237.626 RTD04720
26.04.2004 16:13 237.626 RTD63730
26.04.2004 16:13 249.911 RTE04720
26.04.2004 16:13 249.911 RTE63730
26.04.2004 16:12 110.644 RTF04720
26.04.2004 16:11 90.170 RTG04720
26.04.2004 16:13 167.991 RTH04720
12.03.2005 00:28 <DIR> store
26 Datei(en) 4.639.118 Bytes
4 Verzeichnis(se), 1.344.512.000 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII

16.04.2005 01:13 <DIR> .
16.04.2005 01:13 <DIR> ..
12.03.2005 00:28 1.109 CMEDiagnostics.log
02.02.2004 11:18 90.165 CMEIIAPI.dll
02.02.2004 11:18 335.924 GAppMgr.dll
10.04.2005 12:33 146 GatorSupportInfo.txt
02.02.2004 11:18 135.224 GController.dll
02.02.2004 11:18 249.909 GDwldEng.dll
02.02.2004 11:18 110.642 GIocl.dll
02.02.2004 11:18 90.168 GIoclClient.dll
02.02.2004 11:18 167.989 GMTProxy.dll
02.02.2004 11:18 221.234 GObjs.dll
02.02.2004 11:18 110.643 GStore.dll
02.02.2004 11:18 102.457 GStoreServer.dll
02.02.2004 11:18 434.227 Gtools.dll
27.11.2003 00:30 <DIR> gui
26.04.2004 16:11 90.167 RTA04720
26.04.2004 16:11 90.167 RTA63730
26.04.2004 16:13 90.112 RTB04720
26.04.2004 16:13 90.112 RTB63730
26.04.2004 16:13 442.422 RTC04720
26.04.2004 16:13 442.422 RTC63730
26.04.2004 16:13 237.626 RTD04720
26.04.2004 16:13 237.626 RTD63730
26.04.2004 16:13 249.911 RTE04720
26.04.2004 16:13 249.911 RTE63730
26.04.2004 16:12 110.644 RTF04720
26.04.2004 16:11 90.170 RTG04720
26.04.2004 16:13 167.991 RTH04720
12.03.2005 00:28 <DIR> store
26 Datei(en) 4.639.118 Bytes
4 Verzeichnis(se), 1.344.507.904 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII

16.04.2005 01:13 <DIR> .
16.04.2005 01:13 <DIR> ..
12.03.2005 00:28 1.109 CMEDiagnostics.log
02.02.2004 11:18 90.165 CMEIIAPI.dll
02.02.2004 11:18 335.924 GAppMgr.dll
10.04.2005 12:33 146 GatorSupportInfo.txt
02.02.2004 11:18 135.224 GController.dll
02.02.2004 11:18 249.909 GDwldEng.dll
02.02.2004 11:18 110.642 GIocl.dll
02.02.2004 11:18 90.168 GIoclClient.dll
02.02.2004 11:18 167.989 GMTProxy.dll
02.02.2004 11:18 221.234 GObjs.dll
02.02.2004 11:18 110.643 GStore.dll
02.02.2004 11:18 102.457 GStoreServer.dll
02.02.2004 11:18 434.227 Gtools.dll
27.11.2003 00:30 <DIR> gui
26.04.2004 16:11 90.167 RTA04720
26.04.2004 16:11 90.167 RTA63730
26.04.2004 16:13 90.112 RTB04720
26.04.2004 16:13 90.112 RTB63730
26.04.2004 16:13 442.422 RTC04720
26.04.2004 16:13 442.422 RTC63730
26.04.2004 16:13 237.626 RTD04720
26.04.2004 16:13 237.626 RTD63730
26.04.2004 16:13 249.911 RTE04720
26.04.2004 16:13 249.911 RTE63730
26.04.2004 16:12 110.644 RTF04720
26.04.2004 16:11 90.170 RTG04720
26.04.2004 16:13 167.991 RTH04720
12.03.2005 00:28 <DIR> store
26 Datei(en) 4.639.118 Bytes
4 Verzeichnis(se), 1.345.490.944 Bytes frei
Datentr„ger in Laufwerk C: ist WinXP
Volumeseriennummer: 7C9C-2979

Verzeichnis von C:\Program Files

---------------------------------
avenger hat error-meldungen angezeigt..habe aber trotzdem fortgesetzt:
hier die log-

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\clldjmrq

*******************

Script file located at: \??\C:\WINDOWS\peabohgx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor
Status: 0xc0000034

Could not open file C:\Program Files\Sitecom\C2SLoad.exe for deletion
Deletion of file C:\Program Files\Sitecom\C2SLoad.exe failed!

Could not process line:
C:\Program Files\Sitecom\C2SLoad.exe
Status: 0xc000003a

File C:\WINDOWS\system32\javaqq32.exe not found!
Deletion of file C:\WINDOWS\system32\javaqq32.exe failed!

Could not process line:
C:\WINDOWS\system32\javaqq32.exe
Status: 0xc0000034

File C:\WINDOWS\System32\dllhost.exe deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\STOPzilla! is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\STOPzilla! failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\STOPzilla!
Status: 0xc00000ba

File C:\Programme\Gemeinsame Dateien\CMEII\CMEDiagnostics.log deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GatorSupportInfo.txt deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\CMEII\gui is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\CMEII\gui failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\CMEII\gui
Status: 0xc00000ba

File C:\Programme\Gemeinsame Dateien\CMEII\RTA04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTA63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTB04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTB63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTC04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTC63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTD04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTD63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTE04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTE63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTF04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTG04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\CMEII\RTH04720 deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\CMEII\store is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\CMEII\store failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\CMEII\store
Status: 0xc00000ba

File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\xtoolbar.dll deleted successfully.
File C:\777.htm deleted successfully.

Could not open file C:\Programme\Network Monitor\netmon.exe for deletion
Deletion of file C:\Programme\Network Monitor\netmon.exe failed!

Could not process line:
C:\Programme\Network Monitor\netmon.exe
Status: 0xc000003a

File C:\WINDOWS\uninstall_nmon.vbs deleted successfully.
File C:\WINDOWS\up.exe deleted successfully.
File C:\Programme\Gemeinsame Dateien\ifwm\ifwma.lck deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\ifwm\ifwmd is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\ifwm\ifwmd failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\ifwm\ifwmd
Status: 0xc00000ba

File C:\Programme\Gemeinsame Dateien\ifwm\ifwmh deleted successfully.
File C:\Programme\Gemeinsame Dateien\ifwm\ifwml.lck deleted successfully.
File C:\Programme\Gemeinsame Dateien\ifwm\ifwmm.lck deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\InetGet is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\InetGet failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\InetGet
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\107l445785 is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\107l445785 failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\107l445785
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\59337w8tyk is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\59337w8tyk failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\59337w8tyk
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\63nznjtgq1 is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\63nznjtgq1 failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\63nznjtgq1
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\77n4d52960 is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\77n4d52960 failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\77n4d52960
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\82mckg5z8d is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\82mckg5z8d failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\82mckg5z8d
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\8le8i365z1 is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\8le8i365z1 failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\8le8i365z1
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\9075u011mw is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\9075u011mw failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\9075u011mw
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\9dnrx894rn is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\9dnrx894rn failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\9dnrx894rn
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\a97j5e9m6o is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\a97j5e9m6o failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\a97j5e9m6o
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\Data is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\Data failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\Data
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\DownloadTemp is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\DownloadTemp failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\DownloadTemp
Status: 0xc00000ba

File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\GMT\f7ihi17u3h is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\f7ihi17u3h failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\f7ihi17u3h
Status: 0xc00000ba

File C:\Programme\Gemeinsame Dateien\GMT\FillIn.wav deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\Gator.log deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe.manifest deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\Helper.wav deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\GMT\k19k629ena is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\k19k629ena failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\k19k629ena
Status: 0xc00000ba

File C:\Programme\Gemeinsame Dateien\GMT\mepbs.dat deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\mepcme.dat deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\mepcmeft.dat deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\mepgh.dat deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\mepimg.dat deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\meprca.dat deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\GMT\n59qvud14x is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\n59qvud14x failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\n59qvud14x
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\o67029g6qp is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\o67029g6qp failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\o67029g6qp
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\qk1nym94yb is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\qk1nym94yb failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\qk1nym94yb
Status: 0xc00000ba

File C:\Programme\Gemeinsame Dateien\GMT\RTA04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTA63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTB04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTB63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTC04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTC63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTD04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTD63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTE04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTE63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTF04720 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTF63730 deleted successfully.
File C:\Programme\Gemeinsame Dateien\GMT\RTG04720 deleted successfully.

Error: C:\Programme\Gemeinsame Dateien\GMT\scripts is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\scripts failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\scripts
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\ufz89g2f71 is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\ufz89g2f71 failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\ufz89g2f71
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\xo921fzwjd is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\xo921fzwjd failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\xo921fzwjd
Status: 0xc00000ba

Error: C:\Programme\Gemeinsame Dateien\GMT\znxeeiydn5 is a folder, not a file!
Deletion of file C:\Programme\Gemeinsame Dateien\GMT\znxeeiydn5 failed!

Could not process line:
C:\Programme\Gemeinsame Dateien\GMT\znxeeiydn5
Status: 0xc00000ba

File C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL deleted successfully.
File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng deleted successfully.
File C:\WINDOWS\System32\P2P Networking\P2P Networking.exe deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\gator.com not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\gator.com failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

-----------------------
so..
bei 3. und 4. hat alles geklappt außer:

ipwins .. war nicht da..
diese "RX Bar"
und Network Monitor war auch nicht zufinden..

-----------------------------
jetz hijack..

Dieser Beitrag wurde am 18.06.2006 um 17:39 Uhr von Porlzum editiert.

18.06.2006, 17:36

Sabina

Ehrenmitglied

Beiträge: 29434

#27 1.
fixe alle mit Hijackthis, was ich geschrieben hatte. + PC neustarten

2.
Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html

3.
loesche:..am besten im abgesicherten Modus !

C:\Programme\Gemeinsame Dateien\ifwm
C:\Programme\Gemeinsame Dateien\GMT
C:\Programme\Gemeinsame Dateien\STOPzilla!
C:\Programme\Gemeinsame Dateien\InetGet
C:\Programme\Gemeinsame Dateien\CMEII
C:\WINDOWS\System32\P2P Networking
C:\Programme\ipwins
C:\Program Files\Sitecom

deinstalliere/loesche:

C:\Programme\PartyGaming

**
4.
Counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove --> Status: Deleted
*Quarantaine

wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab
(wirst du wahrscheinlich als Anhang posten muessen...siehe unten)
__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 17:40

Porlzum

Member

Beiträge: 56

#28 okay..
es waren einige, z.B. die ganzen O1er überhaupt nicht da..
habe demzufolge alle, die da waren, die du aufgelistet hast gelöscht..
nun reboot und counterspy..
ergebnisse folgen..

SOO...

Hier das Counterspy-LOG:

Spyware Scan Details
Start Date: 18.06.2006 18:18:15
End Date: 18.06.2006 19:36:08
Total Time: 1 hrs 17 mins 53 secs

Detected spyware

EUniverse Updater Hijacker more information...
Details: EUniverse is an adware program that runs at startup, generates popup ads, and performs a number of spyware related functions such as transmitting personal information and hijacking Internet Explorer.
Status: Deleted

Infected files detected
c:\programme\common files\updater\data1.dat
c:\programme\common files\updater\data2.dat

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO DisplayName ATP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO UninstallString regsvr32 /s /u "C:\WINDOWS\System32\ATPartners.dll"

IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0

KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\programme\kazaa\plugins.htm
c:\programme\kazaa\thumbs.db
c:\programme\kazaa\versions.dat
c:\programme\kazaa\db\ctx4-031117.cab
c:\programme\kazaa\db\data1024.dbb
c:\programme\kazaa\db\data256.dbb
c:\programme\kazaa\db\data4096.dbb
c:\programme\kazaa\db\dmo4-031118.cab
c:\programme\kazaa\db\np.tmp
c:\programme\kazaa\db\tsi4-031223.cab
c:\programme\kazaa\db\tss4.cab
c:\programme\kazaa\my shared folder\[keygen] half life 2 episode one.exe

Morpheus P2P Program more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Deleted

webHancer Adware (General) more information...
Details: webHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user.
Status: Deleted

Infected files detected
c:\programme\webhancer\programs\license.txt
c:\programme\webhancer\programs\readme.txt
c:\programme\webhancer\programs\whagent.ini
c:\programme\webhancer\programs\whinstaller.exe
c:\programme\webhancer\programs\whsurvey.ini
c:\programme\whinstall\license.txt
c:\programme\whinstall\readme.txt
c:\programme\whinstall\webhdll.dll
c:\programme\whinstall\whagent.exe
c:\programme\whinstall\whagent.ini
c:\programme\whinstall\whiehlpr.dll
c:\programme\whinstall\whsurvey.exe

Looking-For.Home Search Assistant Hijacker more information...
Details: Home Search Assistant is an Internet Explorer browser helper object (BHO) that changes the user's home page and modifes search results. It also spawns pop-ups on the desktop.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\noname\favoriten\sites about\ab scissor.url
c:\dokumente und einstellungen\noname\favoriten\sites about\broadband comparison.url
c:\dokumente und einstellungen\noname\favoriten\sites about\credit counseling.url
c:\dokumente und einstellungen\noname\favoriten\sites about\credit report.url
c:\dokumente und einstellungen\noname\favoriten\sites about\crm software.url
c:\dokumente und einstellungen\noname\favoriten\sites about\debt credit card.url
c:\dokumente und einstellungen\noname\favoriten\sites about\escorts.url
c:\dokumente und einstellungen\noname\favoriten\sites about\fha.url
c:\dokumente und einstellungen\noname\favoriten\sites about\health insurance.url
c:\dokumente und einstellungen\noname\favoriten\sites about\help desk software.url
c:\dokumente und einstellungen\noname\favoriten\sites about\insurance home.url
c:\dokumente und einstellungen\noname\favoriten\sites about\loan for debt consolidation.url
c:\dokumente und einstellungen\noname\favoriten\sites about\loan for people with bad credit.url
c:\dokumente und einstellungen\noname\favoriten\sites about\marketing email.url
c:\dokumente und einstellungen\noname\favoriten\sites about\mortgage insurance.url
c:\dokumente und einstellungen\noname\favoriten\sites about\mortgage life insurance.url
c:\dokumente und einstellungen\noname\favoriten\sites about\nevada corporations.url
c:\dokumente und einstellungen\noname\favoriten\sites about\online betting site.url
c:\dokumente und einstellungen\noname\favoriten\sites about\online gambling casino.url
c:\dokumente und einstellungen\noname\favoriten\sites about\online instant loan.url
c:\dokumente und einstellungen\noname\favoriten\sites about\order phentermine.url
c:\dokumente und einstellungen\noname\favoriten\sites about\payroll advance.url
c:\dokumente und einstellungen\noname\favoriten\sites about\personal loans online.url
c:\dokumente und einstellungen\noname\favoriten\sites about\personal loans with bad credit.url
c:\dokumente und einstellungen\noname\favoriten\sites about\prescription drugs rx online.url
c:\dokumente und einstellungen\noname\favoriten\sites about\refinancing my mortgage.url
c:\dokumente und einstellungen\noname\favoriten\sites about\tahoe vacation rental.url
c:\dokumente und einstellungen\noname\favoriten\sites about\unsecured bad credit loans.url
c:\dokumente und einstellungen\noname\favoriten\sites about\videos.url
c:\dokumente und einstellungen\noname\favoriten\sites about\what is hydrocodone.url

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11Fßä#·ºÄÖ`I ObjectName LocalSystem

SBSoft Hijacker more information...
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\dating.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\dating1.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\desk.ini
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\finance.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\gambling.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\home.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\hot.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\kliksrch.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\mortgages.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\pharmaci.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\pharmacy.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\poker.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\privacy1.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\realest.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\search.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\sport.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\spyware.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\switch.ico
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\toolbar.ini
c:\dokumente und einstellungen\noname\anwendungsdaten\sbsoft\travel1.ico

AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Infected files detected
c:\programme\anti-leech\alie\al2np.dll
c:\programme\anti-leech\alie\alhlp.exe
c:\programme\anti-leech\alie\alie.dll
c:\programme\anti-leech\alie\alie.inf
c:\programme\anti-leech\alie\iesetup2.exe
c:\programme\anti-leech\alie_1.0.1.9\al2np.dll
c:\programme\anti-leech\alie_1.0.1.9\alhlp.exe
c:\programme\anti-leech\alie_1.0.1.9\alie.dll
c:\programme\anti-leech\alie_1.0.1.9\alie.inf
c:\programme\anti-leech\alie_1.0.1.9\iesetup2.exe
G:\Gesaugtes\ALPlugin-IEsetup.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_CLASSES_ROOT\AntiLeech.ALIE
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.9\alie.dll
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.1.9\iesetup2.exe uninstall

YourSiteBar Toolbar more information...
Details: YourSiteBar from IST, the makers of numerous spyware threats, is an affiliate based marketing toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\YourSiteBar
HKEY_LOCAL_MACHINE\Software\YourSiteBar installTitle YourSiteBar
HKEY_LOCAL_MACHINE\Software\YourSiteBar serverpath http://cache.ysbweb.com/ysb/xml/1005274/
HKEY_LOCAL_MACHINE\Software\YourSiteBar urlAfterInstall http://www.ysbweb.com/install/welcome.html
HKEY_LOCAL_MACHINE\Software\YourSiteBar gUpdate 0
HKEY_LOCAL_MACHINE\Software\YourSiteBar TBRowMode 0
HKEY_LOCAL_MACHINE\Software\YourSiteBar UpdateBegin 0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar DisplayName YourSiteBar
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar UninstallString regsvr32 /u /s "C:\Programme\YourSiteBar\ysb.dll"
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar Publisher Integrated Seach Technologies
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HelpLink http://www.ysbweb.com
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} IYsbObj
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} IContextItem
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\0\win32 C:\Programme\YourSiteBar\ysb.dll
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\HELPDIR C:\Programme\YourSiteBar\
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0 Ysb 1.0 Type Library
HKEY_CLASSES_ROOT\Ysb.YsbObj
HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1
HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar
HKEY_CLASSES_ROOT\Ysb.YsbObj.1
HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar SlowInfoCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar Changed 0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never

SurfAccuracy Adware (General) more information...
Details: SurfAccuracy is an adware application that displays advertisements on the desktop and records keystrokes that are entered into certain search engines.
Status: Deleted

Infected files detected
c:\programme\surfaccuracy\license.lnk
c:\programme\surfaccuracy\sacc.cfg
c:\programme\surfaccuracy\sacc.exe
c:\programme\surfaccuracy\saccu.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\SAcc
HKEY_LOCAL_MACHINE\Software\SAcc accid 104
HKEY_LOCAL_MACHINE\Software\SAcc subaccid 1005274
HKEY_LOCAL_MACHINE\Software\SAcc Version 1178
HKEY_LOCAL_MACHINE\Software\SAcc InstallDate 1149113189
HKEY_LOCAL_MACHINE\Software\SAcc srecovery !ZpHc• Î/I«–w¢ø<’"BCd±‰ÙÞåØˆF1œ øËU‚}L¢9‡÷…÷
HKEY_LOCAL_MACHINE\Software\SAcc CfgReloadAttempts 1
HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1150584558
HKEY_LOCAL_MACHINE\Software\SAcc SAData uid:cce5e59231363a54f8b37ee12096e750-cnt:49-t:1150541142;1150542075;-c:1525054;ce:1150627542|c:1518362;ce:1150628475|-mc:91081;mce:1150627542|-
HKEY_LOCAL_MACHINE\Software\SAcc Counter 49
HKEY_LOCAL_MACHINE\Software\SAcc NextInvoke 1150542992
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString C:\Programme\SurfAccuracy\SAccU.exe
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc HelpLink http://www.surfaccuracy.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc Publisher Surf Accuracy Inc
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UrlInfoAbout http://www.surfaccuracy.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc NoRepair 1
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc NoModify 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SAcc Changed 0

PartyPoker Potentially Unwanted Program more information...
Details: PartyPoker is an online gambling application that requires the user to download its software in order to play.
Status: Deleted

Infected files detected
c:\programme\partygaming\partypoker\llh.dll
c:\programme\partygaming\partypoker\notes.txt
c:\programme\partygaming\partypoker\uninstall.exe
c:\programme\partygaming\partypoker\articles\1.html
c:\programme\partygaming\partypoker\articles\103.atc
c:\programme\partygaming\partypoker\articles\105.atc
c:\programme\partygaming\partypoker\articles\107.atc
c:\programme\partygaming\partypoker\articles\109.atc
c:\programme\partygaming\partypoker\articles\117.atc
c:\programme\partygaming\partypoker\articles\139.atc
c:\programme\partygaming\partypoker\articles\147.atc
c:\programme\partygaming\partypoker\articles\157.atc
c:\programme\partygaming\partypoker\articles\193.atc
c:\programme\partygaming\partypoker\articles\201.atc
c:\programme\partygaming\partypoker\articles\203.atc
c:\programme\partygaming\partypoker\articles\205.atc
c:\programme\partygaming\partypoker\articles\225.atc
c:\programme\partygaming\partypoker\articles\235.atc
c:\programme\partygaming\partypoker\articles\257.atc
c:\programme\partygaming\partypoker\articles\283.atc
c:\programme\partygaming\partypoker\articles\285.atc
c:\programme\partygaming\partypoker\articles\29.atc
c:\programme\partygaming\partypoker\articles\3.html
c:\programme\partygaming\partypoker\articles\387.atc
c:\programme\partygaming\partypoker\articles\409.atc
c:\programme\partygaming\partypoker\articles\67.atc
c:\programme\partygaming\partypoker\articles\77.atc
c:\programme\partygaming\partypoker\articles\79.atc
c:\programme\partygaming\partypoker\articles\89.atc
c:\programme\partygaming\partypoker\articles\91.atc
c:\programme\partygaming\partypoker\articles\97.atc
c:\programme\partygaming\partypoker\articles\99.atc
c:\programme\partygaming\partypoker\tmpupgrade\install.log
c:\programme\partygaming\partypoker\tmpupgrade\upgradepp90-94man.exe
c:\programme\partygaming\partypoker\tmpupgrade\upgradepp91-92man.exe
c:\programme\partygaming\partycasino\images\.#version.txt.1.17.2.14
c:\programme\partygaming\partycasino\images\games\cardgames\c95.gif
c:\programme\partygaming\partycasino\images\games\cardgames\rr.bmp
c:\programme\partygaming\partycasino\images\loading.gif
c:\programme\partygaming\partycasino\images\system_but_bingo.jpg
c:\programme\partygaming\partycasino\images\system_but_gammon.jpg
c:\programme\partygaming\partycasino\images\thumbs.db
c:\programme\partygaming\partycasino\images\version.jar

Infected registry entries detected
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InstallState 0
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker AppPath c:\programme\partygaming\PartyGaming.exe
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker id
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InitialPort
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker useCount
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHEnableLog
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHLogDays
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker HHLogSize
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker InitialIP
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker ScreenName
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker TableType
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableSounds
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCardAnimations
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCongratulations
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker EnableCallOuts
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker DisableMouseHelp
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker FourColourDeck
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker DisableCharacters
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker MuckLosingHand
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker ShowMyCity
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker ST
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker STR
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker SearchHiding
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 0
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeFileDate
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UserName
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker Password
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker Remember
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker BlackjackSounds
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker BlackjackVoice
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 1
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 2
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 3
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 4
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 5
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker 6
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeFile
HKEY_CURRENT_USER\Software\PartyGaming\Partypoker UpgradeInstalled

FullContext.EQAdvice Adware (General) more information...
Details: FullContext.EQAdvice is an advertising program that displays ads and allows the installation of other adware.
Status: Deleted

Infected files detected
c:\programme\windows\winupdate.exe
c:\programme\windows\winupdate.fld
C:\Programme\NetMeeting\nac.exe
C:\Programme\NetMeeting\nmasnt.exe

Yazzle.SnowBallWars Misc (General) more information...
Details: Yazzle.SnowBallWars is an ad supported desktop game.
Status: Deleted

Infected files detected
c:\programme\snowball wars\license.txt
c:\programme\snowball wars\uninstaller.exe
c:\programme\snowball wars\

FavoriteMan Browser Plug-in more information...
Details: FavoriteMan is an Internet Explorer Browser Helper Object (BHO) that intermittently connects to its controlling servers which may direct it to download and install other programs and add entries to the IE Favorites menu or background Desktop.
Status: Deleted

Infected files detected
c:\windows\system32\im64.dll

ATGames Adware (General) more information...
Details: Since At-Games.com has very limited desirable features, and includes a remote installer and updater, we highly recommend this software be removed from your machine.
Status: Deleted

Infected files detected
c:\windows\downloaded program files\atpartners.inf
c:\windows\system32\splwbr.dll

IncrediFind Adware (General) more information...
Details: IncrediFind is an Internet Explorer browser helper object that changes your Internet Explorer error page to sirsearch.com and displays popup advertising.
Status: Deleted

Infected files detected
c:\windows\system32\drivers\etc\hosts.bho

Twain Tech Adware (General) more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Deleted

Infected files detected
c:\windows\inf\alchem.inf
c:\windows\smdat32a.sys

eZula.WebOffer Adware (General) more information...
Status: Deleted

Infected files detected
c:\windows\woinstall.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\TypeLib {BAF13496-8F72-47A1-9CEE-09238EFC75F0}
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} IAtlBrCon
HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}
HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}\1.0\0\win32 C:\PROGRA~1\WEBOFF~1\apev.exe
HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}\1.0\HELPDIR C:\PROGRA~1\WEBOFF~1\
HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}\1.0 AtlBrowser 1.0 Type Library

WindUpdates Browser Plug-in more information...
Details: WindUpdates is an adware application that installs as a browser plug-in and displays advertising on the desktop.
Status: Deleted

Infected files detected
c:\windows\system32\ide21201.vxd

ABetterInternet.Transponder.Ceres Adware (General) more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet.
Status: Deleted

Infected files detected
c:\windows\abiuninst.htm

SearchNugget.DNSCatcher Browser Plug-in more information...
Details: SearchNugget.DNSCatcher is a browser helper object (BHO) for Internet Explorer that redirect search results.
Status: Deleted

Infected files detected
c:\programme\dns\affid.dat
c:\programme\dns\cwebpage.dll
c:\programme\dns\x.bmp
c:\programme\dns\catcher.dll
c:\programme\dns\uid.dat
c:\programme\dns\urls.dat
C:\Programme\Gemeinsame Dateien\services.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}
HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}\TypeLib {FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}
HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{FFF1F09E-4488-4029-B487-3C3C0CFCF89C} _IIEWebCatcherEvents
HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}
HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\TypeLib {FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}
HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878} IIEWebCatcher
HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}
HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\0\win32 C:\Programme\DNS\Catcher.dll
HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\HELPDIR C:\Programme\DNS\
HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0 IECatcher 1.0 Type Library
HKEY_CURRENT_USER\Software\DNS
HKEY_CURRENT_USER\Software\DNS UID {7C9C2979-07CD-1031-1007-030723030031}
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\InprocServer32 C:\Programme\DNS\Catcher.dll
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\ProgID IECatcher.IEWebCatcher.1
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\TypeLib {FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\VersionIndependentProgID IECatcher.IEWebCatcher
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} IEWebCatcher Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} Internet Explorer Web Content Catcher
HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher
HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher\CLSID {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher\CurVer IECatcher.IEWebCatcher.1
HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher IEWebCatcher Class
HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher.1
HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher.1\CLSID {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}
HKEY_CLASSES_ROOT\IECatcher.IEWebCatcher.1 IEWebCatcher Class
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884}\Programmable
HKEY_CLASSES_ROOT\Interface\{FFF428B9-C95E-48B1-BD0F-11AE94EA1878}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{FFF24F28-3AE2-46CD-AEBE-2F625133A1CA}\1.0\0\win32 C:\Programme\DNS\Catcher.dll

UnspecifiedTrojans.01 Trojan more information...
Status: Deleted

Infected files detected
c:\windows\netdx.dat

WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected files detected
c:\programme\save\acm.dll
c:\programme\save\saveuninst.exe
c:\programme\save\save.htm

Infected registry entries detected
HKEY_CLASSES_ROOT\ACM.ACMFactory
HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class
HKEY_CLASSES_ROOT\ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM
HKEY_CLASSES_ROOT\AppID\ACM.DLL
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}

CWS.SearchAssistant Adware (General) more information...
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\noname\favoriten\sites about\ab scissor.url
c:\dokumente und einstellungen\noname\favoriten\sites about\broadband comparison.url
c:\dokumente und einstellungen\noname\favoriten\sites about\credit counseling.url
c:\dokumente und einstellungen\noname\favoriten\sites about\credit report.url
c:\dokumente und einstellungen\noname\favoriten\sites about\crm software.url
c:\dokumente und einstellungen\noname\favoriten\sites about\debt credit card.url
c:\dokumente und einstellungen\noname\favoriten\sites about\escorts.url
c:\dokumente und einstellungen\noname\favoriten\sites about\fha.url
c:\dokumente und einstellungen\noname\favoriten\sites about\help desk software.url
c:\dokumente und einstellungen\noname\favoriten\sites about\insurance home.url
c:\dokumente und einstellungen\noname\favoriten\sites about\loan for debt consolidation.url
c:\dokumente und einstellungen\noname\favoriten\sites about\loan for people with bad credit.url
c:\dokumente und einstellungen\noname\favoriten\sites about\marketing email.url
c:\dokumente und einstellungen\noname\favoriten\sites about\mortgage insurance.url
c:\dokumente und einstellungen\noname\favoriten\sites about\mortgage life insurance.url
c:\dokumente und einstellungen\noname\favoriten\sites about\nevada corporations.url
c:\dokumente und einstellungen\noname\favoriten\sites about\online betting site.url
c:\dokumente und einstellungen\noname\favoriten\sites about\online gambling casino.url
c:\dokumente und einstellungen\noname\favoriten\sites about\online instant loan.url
c:\dokumente und einstellungen\noname\favoriten\sites about\order phentermine.url
c:\dokumente und einstellungen\noname\favoriten\sites about\payroll advance.url
c:\dokumente und einstellungen\noname\favoriten\sites about\personal loans online.url
c:\dokumente und einstellungen\noname\favoriten\sites about\personal loans with bad credit.url
c:\dokumente und einstellungen\noname\favoriten\sites about\prescription drugs rx online.url
c:\dokumente und einstellungen\noname\favoriten\sites about\refinancing my mortgage.url
c:\dokumente und einstellungen\noname\favoriten\sites about\tahoe vacation rental.url
c:\dokumente und einstellungen\noname\favoriten\sites about\unsecured bad credit loans.url
c:\dokumente und einstellungen\noname\favoriten\sites about\videos.url
c:\dokumente und einstellungen\noname\favoriten\sites about\what is hydrocodone.url

TargetSaver Trojan Downloader more information...
Details: TargetSaver is a process run at Windows startup, which opens pop-ups.
Status: Deleted

Infected files detected
c:\windows\system32\tsuninst.exe

Freeprod Toolbar Toolbar more information...
Details: Freeprod is an adware application that installs a Internet Explorer Toolbar and may hijack search results.
Status: Deleted

Infected files detected
c:\programme\windows\winupdate.fld
C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\nse2.tmp\nsProcess.dll
C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\nsmC.tmp\nsProcess.dll
C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\nso2.tmp\nsProcess.dll

Trojan.Delf Trojan Downloader more information...
Details: A Trojan Downloader that is also known to be bundled with/or downlaod additional adware programs that spawn popups, or hijack browser settings.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\NoName\Eigene Dateien\Temp\svchost.exe

RBot.steam Trojan more information...
Status: Deleted

Infected files detected
C:\Games\russn16\Russn16\platform\steam_dev.exe

Admilli Service Potentially Dangerous Tool more information...
Status: Deleted

Infected files detected
C:\Program Files\Admilli Service\AdmilliComm.dll
C:\Program Files\Admilli Service\AdmilliKeep.exe

Desk Ad Service Adware (General) more information...
Details: A WindUpdates variant responsible for downloading adware programs.
Status: Deleted

Infected files detected
C:\Program Files\DeskAd Service\DeskAdKeep.exe

Ultra Remote Control v2.6.8 Commercial Remote Control Tool more information...
Details: User can connects to the remote computer over the network and, having the remote computer's desktop on the screen of their own PC, launches programs, can changes computer settings by using their own keyboard and mouse.
Status: Deleted

Infected files detected
C:\Programme\BPFTP Server\bpftpserver-service.exe

NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Infected files detected
C:\WINDOWS\NDNuninstall6_30.exe

Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Infected files detected
C:\WINDOWS\system32\P2P Networking v124.cpl

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}
HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\LocalServer32 C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\ProgID JCDE_Stack.1
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\VersionIndependentProgID JCDE_Stack
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} P2P Stack for Joltid Content Distribution Environment
HKEY_CLASSES_ROOT\JCDE_Stack
HKEY_CLASSES_ROOT\JCDE_Stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
HKEY_CLASSES_ROOT\JCDE_Stack\CurVer JCDE_Stack.1
HKEY_CLASSES_ROOT\JCDE_Stack P2P Stack for Joltid Content Distribution Environment
HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}
HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\NumMethods 17
HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} JCDE_ISystem
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 43474
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 13
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 13
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1150040596
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ..... . .... .. ... .. .
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 217.68.181.115:1093
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 43474
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 13
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 13
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10001 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 43474
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 13
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 13
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1150040596
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ..... . .... .. ... .. .
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 217.68.181.115:1093
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1150585543
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID -1817930536
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1150627099
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent DLStats
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1150040596
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ..... . .... .. ... .. .
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1150585543
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344
HKEY_CURRENT_USER\software\p2p networking
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10001 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 43474
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 13
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 13
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1150040596
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History ..... . .... .. ... .. .
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 217.68.181.115:1093
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 604800
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1150585543
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI WinPosTop 119
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 344
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID -1817930536
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1150627099
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent DLStats
HKEY_CLASSES_ROOT\JCDE_Stack.1
HKEY_CLASSES_ROOT\JCDE_Stack.1\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
HKEY_CLASSES_ROOT\JCDE_Stack.1 P2P Stack for Joltid Content Distribution Environment

AvenueMedia.InternetOptimizer Browser Plug-in more information...
Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class
HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj
HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1
HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj BHObj Class
HKEY_CURRENT_USER\software\policies\avenue media
HKEY_CURRENT_USER\software\avenue media
HKEY_LOCAL_MACHINE\software\policies\avenue media
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt

eZula.TopText Adware (General) more information...
Details: eZula TopText is a browser hijacker that will alter all pages viewed in Internet Explorer by adding extra links to words and phrases targeted by advertisers. These links are unauthorized by the users of the sites being viewed and not part of the orig
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\drs.n
HKEY_CLASSES_ROOT\drs.n uID

Blazefind Browser Plug-in more information...
Details: Blazefind installs itself as a Browser Helper Object in Internet Explorer and redirects search queries that you use in search engine as well as hijacks your Internet Explorer settings.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA installFolder C:\Program Files\WindowsSA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows SA installFolderBAND C:\Windows\System32\

MediaTickets CDT Adware (General) more information...
Details: MediaTickets CDT is an adware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx

eBates.Moe MoneyMaker Adware (General) more information...
Details: Ebates MoneyMaker is an adware program that displays a number of popup adverts. Ebates MoneyMaker tries to disable programs that might interfere with its operation without your consent. This includes popup blockers.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavings0.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavings0.xml Web Savings from Ebates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavings0.xml DisplayName Web Savings from Ebates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ebateswebsavings0.xml UninstallString javaw -cp "C:\Programme\WebSavingsfromEbates\System\Code" Main lp: "C:\Programme\WebSavingsfromEbates" ls: deletefeature ld: feature=ebateswebsav

KeenValue PerfectNav Hijacker more information...
Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\perfectnav
HKEY_LOCAL_MACHINE\software\perfectnav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003
HKEY_LOCAL_MACHINE\software\perfectnav UID 20F1DA28-B7EA-4149-A2E0-5DA196467424
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003

IST.PowerScan Adware (General) more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest

Cydoor.TOPicks Adware (General) more information...
Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}
HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\NumMethods 6
HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} JCDE_IChannel
HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}
HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\NumMethods 3
HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} JCDE_IEventSink_Channel
HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}
HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\NumMethods 7
HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} JCDE_IMessageHandler
HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}
HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\NumMethods 24
HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} JCDE_IFile
HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}
HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\NumMethods 4
HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} JCDE_IEventSink_File

IST.SlotchBar Toolbar more information...
Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0

Windows SyncroAd Trojan more information...
Details: Windows SyncroAd downloads files from the Internet and then saves them to the users computer.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Windows SyncroAd
HKEY_LOCAL_MACHINE\SOFTWARE\Windows SyncroAd param dbfd91f95ed167ff712ff79354266803bd4598ad8c2133:6534303263376363636434633865663335393461363261383963383438306366:Internet Explorer:6.0 SP1Q828750Q330994(onlineTV):winxp:

Windows AdTools Adware (General) more information...
Details: Windows AdTools is an ad delivery software which provides targeted advertising offers.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdTools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdTools UninstallString C:\Program Files\Windows AdTools\WinAdTools.exe /Remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows AdTools DisplayName Windows AdTools

SearchRelevancy Adware (General) more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\searchrelevancy
HKEY_LOCAL_MACHINE\software\searchrelevancy\Update TimeStamp 1105395792
HKEY_LOCAL_MACHINE\software\searchrelevancy ID 8F5B7A9F

ABetterInternet.Aurora Adware (General) more information...
Details: ABetterInternet.Aurora is an adware program that spawns pop-ups on the desktop based on the user's browsing.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon Driver DrPMon.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ObjectName LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc DisplayName System Startup Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Start 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc Type 16
HKEY_CURRENT_USER\Software\aurora AUS3t5atusOfSInst axed
HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSysSInf 2000
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSBath 10000
HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSLstest 0
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSCab 0
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSMots 100
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSCheckSIn 45
HKEY_CURRENT_USER\software\aurora auc3u5rrentsmode
HKEY_CURRENT_USER\software\aurora aue3v5nt
HKEY_CURRENT_USER\software\aurora aui3d5ofsinst
HKEY_CURRENT_USER\software\aurora aui3g5nores
HKEY_CURRENT_USER\software\aurora aui3n5progscab
HKEY_CURRENT_USER\software\aurora aui3n5progsex
HKEY_CURRENT_USER\software\aurora aus3t5atusofsinst
HKEY_CURRENT_USER\software\aurora aus3t5icky1s
HKEY_CURRENT_USER\software\aurora aus3t5icky2s
HKEY_CURRENT_USER\software\aurora aus3t5icky3s
HKEY_CURRENT_USER\software\aurora aut3h5rshsmots
HKEY_CURRENT_USER\software\aurora aut3h5rshsyssinf
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon Driver DrPMon.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Contact admin@mypctuneup.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 HelpLink http://www.mypctuneup.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Publisher ABI Network-A Division of Direct Revenue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 URLInfoAbout http://www.abetterinternet.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 DisplayName The ABI Network- A Division of Direct Revenue
HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60
HKEY_CURRENT_USER\Software\aurora
HKEY_CURRENT_USER\Software\aurora AUI3d5OfSDist 172|1|0|0|THIN-172-1-X-X.EXE
HKEY_CURRENT_USER\Software\aurora AUI3d5OfSInst {40BAC266-A837-41CC-B8C5-EC279B3CB924}
HKEY_CURRENT_USER\Software\aurora AUC3n5trMsgSDisp 15
HKEY_CURRENT_USER\Software\aurora AUs3t5icky1S lflshdt%3D1117878023%26capdatedy%3D0618%26lstlogdt%3D20050618%26capdate%3D1819%26capcntdy%3D3%260%3D%26cntp%3Dcable%26capcnt%3D0%26
HKEY_CURRENT_USER\Software\aurora AUs3t5icky2S 0%3D%26fstcidt%3D1117878023739%26
HKEY_CURRENT_USER\Software\aurora AUs3t5icky3S 1-1119091723-10767:352416:9129:172261:11051:172800:9370:7110:10781:299588:10825:45957:6612:8711:9083:85918:10813:93285:10766:352817:9233:2845:10812:89006-53068:175557:50471:352817:50545:89006:50472:352416:50
HKEY_CURRENT_USER\Software\aurora AUs3t5icky4S 1-6472:5:165.159-8990:2:168.362-6457:115:169.297-6468:4:166.386-6466:14:169.295-19234:2:165.349-8083:2:161.225-8080:27:166.391-6542:4:165.313-775:3:168.378-23499:7:168.375-6467:1:157.246-7985:10:163.423-1931
HKEY_CURRENT_USER\Software\aurora AUC1o3d5eOfSFinalAd 1
HKEY_CURRENT_USER\Software\aurora AUT3i5m7eOfSFinalAd 1119091723|0|0|0|0|1119091241|0|1119012433|0|
HKEY_CURRENT_USER\Software\aurora AUD3s5tSSEnd ’›–‚ÀÀÍŽˆÌŽˆ“˜Á—ÀƒÝ¾‰Üœ›œ
HKEY_CURRENT_USER\Software\aurora AU3N5a7tionSCode DE
HKEY_CURRENT_USER\Software\aurora AUP3D5om •‰„—ˆ€’†“‚‹ˆŸÌ‘Ÿ
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSCheckSIn 45
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSMots 100
HKEY_CURRENT_USER\Software\aurora AUM3o5deSSync 9
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSCab 0
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSEx 0
HKEY_CURRENT_USER\Software\aurora AUI3n5ProgSLstest 0
HKEY_CURRENT_USER\Software\aurora AUB3D5om ›‡†ŽŠ›”›‡€”Š–Ü™€Ž™ƒ‹™‰Á€•
HKEY_CURRENT_USER\Software\aurora AUE3v5nt 0
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSBath 10000
HKEY_CURRENT_USER\Software\aurora AUT3h5rshSysSInf 2000
HKEY_CURRENT_USER\Software\aurora AUL3n5Title 60
HKEY_CURRENT_USER\Software\aurora AUC3u5rrentSMode 1
HKEY_CURRENT_USER\Software\aurora AUC3n5tFyl 1
HKEY_CURRENT_USER\Software\aurora AUI3g5noreS ™ƒ‹™‰Á€“ƒ„Ÿ——›Á—“†Ž—™ƒ‹‘‘ÁŒ—Ž“Ž›”„‘š›‡Ü™€Ž™€Ÿ“œ‹”…—œ™›‹”Á—“„žƒŒƒŽÁ—“”ŠÈÁ‘†•‡–•Á—“ƒ–ŒŠ†“œ‹œÁ—“˜ÔŒŸ†€„”Ÿ‚Ž†›€ŠÜ™€Ž‰‡‚”Ž”Ü™€ŽŽƒ”œ†ŸŠÁ—“ƒ†ž‚–Ü™€Ž€•–Š‘‹”‹‹‘››‹”Á—““™‰”Ü
HKEY_CURRENT_USER\Software\aurora AUS3t5atusOfSInst axed
HKEY_CURRENT_USER\Software\aurora AUL3a5stMotsSDay 18
HKEY_CURRENT_USER\Software\aurora AUL3a5stSSChckin 47692
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 UninstallString C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\abiuninst.htm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 DisplayName The ABI Network- A Division of Direct Revenue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 URLInfoAbout http://www.abetterinternet.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Publisher ABI Network-A Division of Direct Revenue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 HelpLink http://www.mypctuneup.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Contact admin@mypctuneup.com
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc\Security Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Dieser Beitrag wurde am 18.06.2006 um 23:27 Uhr von Porlzum editiert.

18.06.2006, 23:22

Sabina

Ehrenmitglied

Beiträge: 29434

#29 nun poste den rest....

(du solltest doch das log als Anhang posten ! )
__________
MfG Sabina

rund um die PC-Sicherheit

18.06.2006, 23:26

Porlzum

Member

Beiträge: 56

#30 höh?

hab das log doch schon gepostet..
halt nur nich als anhang..
(is stink normal in meinem hervorigem post..)

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3 4 5 Letzte Seite