Frage zur WinFixerThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
27.02.2006, 04:31
Member
Beiträge: 80 |
||
 
|
|
|
|
27.02.2006, 12:27
Ehrenmitglied
 Beiträge: 29434 |
#2
lana..
ich schau es mir mal an  Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.02.2006, 14:41
Member
Themenstarter Beiträge: 80 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 14:39:24, on 27.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Sony\VAIO Event Service\VESMgr.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe C:\Programme\Apoint\Apoint.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\igfxpers.exe C:\Programme\Sony\VAIO Power Management\SPMgr.exe C:\Programme\Sony\ISB Utility\ISBMgr.exe C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\TCMMOU~1\MouseDrv.exe C:\Programme\Apoint\Apntex.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\ArcorOnline\Arcor.exe C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programme\eMule\emule.exe C:\WINDOWS\explorer.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\WinRAR\WinRAR.exe C:\Dokumente und Einstellungen\Svetlana\Eigene Dateien\HijackThis.exe C:\Programme\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [TCMMouse ] C:\PROGRA~1\TCMMOU~1\MouseDrv.exe O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Programme\Sony\Prepare your VAIO\PYVAlert.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Übertragen mit Image Converter 2 - C:\Programme\Sony\Image Converter 2\menu.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{20E75DD5-06E8-4D7E-AA55-7C750FED87C1}: NameServer = 195.50.140.114 195.50.140.252 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: MSCSPTISRV - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (file missing) O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (file missing) O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Programme\Sony\VAIO Entertainment\VzTaskScheduler.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe Soo-o-o.. Hab ich... Jetzt kann ich nur noch beten!. Danke Sabina!. Dieser Beitrag wurde am 27.02.2006 um 14:51 Uhr von lana.. editiert.
|
|
|
|
|
|
|
27.02.2006, 15:09
Ehrenmitglied
Beiträge: 29434 |
#4
lana..
Gehe in die Registry Start-->Ausfuehren--> regedit bearbeiten--> suchen--> RX Toolbar oder RXToolBar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar <--loeschen HKEY_CURRENT_USER\Software\RX Toolbar<--loeschen ------------------------------------------------------------------------------------- öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing) O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll PC neustarten Start - Einstellungen - Systemsteuerung - Software deinstalliere: "RX Bar" Lade echo.zip --> enpacken--> klicke echo.bat --> der Texteditor wird sich oeffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.02.2006, 23:17
Member
Themenstarter Beiträge: 80 |
#5
Hallo Sabina. Nachdem ich in der Suchleiste RX Toolbar eingegeben habe, hat er was ganz anderes gefunden, und zwar wie folgt>
(Standard) >REG_SZ> (Wert nicht gesetzt) Register Now > REG_DWORD > 0*00000001 (1) ..was soll ich jetzt machen, den das was du gesagt hast steht da nicht. Gruß Dieser Beitrag wurde am 27.02.2006 um 23:22 Uhr von lana.. editiert.
|
|
|
|
|
|
|
28.02.2006, 11:36
Ehrenmitglied
Beiträge: 29434 |
#6
dann lass es erst mal..ist besser so (da du dich mit der Registry nicht auskennst)
Zitat öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.02.2006, 12:12
Member
Themenstarter Beiträge: 80 |
#7
Hallo Sabina!. Hab alles gemacht, wie du es gesagt hast, nur als ich RXBar deinstallieren wollte, war er nicht in d. Software zufinden.
........................................................................................................ 10)DPF???? Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: 54A5-8EF0 Verzeichnis von C:\WINDOWS\Downloaded Program Files 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 25.07.2002 17:05 172.032 isusweb.dll 10.11.2005 14:05 876 jinstall-1_5_0_06.inf 03.11.2005 20:24 495 LegitCheckControl.inf 29.05.2003 15:00 160.864 messengerstatsclient.dll 29.05.2003 15:00 77.408 msgrchkr.dll 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf 14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx 29.06.2005 17:17 227 opuc.inf 15.11.2005 05:09 88.576 WebP2PInstaller.dll 11 Datei(en) 835.553 Bytes Anzahl der angezeigten Dateien: 11 Datei(en) 835.553 Bytes 0 Verzeichnis(se), 10.011.582.464 Bytes frei 10)DPF???? Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: 54A5-8EF0 Verzeichnis von C:\WINDOWS\Downloaded Program Files 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 25.07.2002 17:05 172.032 isusweb.dll 10.11.2005 14:05 876 jinstall-1_5_0_06.inf 03.11.2005 20:24 495 LegitCheckControl.inf 29.05.2003 15:00 160.864 messengerstatsclient.dll 29.05.2003 15:00 77.408 msgrchkr.dll 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf 14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx 29.06.2005 17:17 227 opuc.inf 15.11.2005 05:09 88.576 WebP2PInstaller.dll 11 Datei(en) 835.553 Bytes Anzahl der angezeigten Dateien: 11 Datei(en) 835.553 Bytes 0 Verzeichnis(se), 10.011.570.176 Bytes frei 10)DPF???? Datentr„ger in Laufwerk C: ist VAIO Volumeseriennummer: 54A5-8EF0 Verzeichnis von C:\WINDOWS\Downloaded Program Files 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 25.07.2002 17:05 172.032 isusweb.dll 10.11.2005 14:05 876 jinstall-1_5_0_06.inf 03.11.2005 20:24 495 LegitCheckControl.inf 29.05.2003 15:00 160.864 messengerstatsclient.dll 29.05.2003 15:00 77.408 msgrchkr.dll 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf 14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx 29.06.2005 17:17 227 opuc.inf 15.11.2005 05:09 88.576 WebP2PInstaller.dll 11 Datei(en) 835.553 Bytes Anzahl der angezeigten Dateien: 11 Datei(en) 835.553 Bytes 0 Verzeichnis(se), 10.011.570.176 Bytes frei |
|
|
|
|
|
|
28.02.2006, 13:41
Ehrenmitglied
Beiträge: 29434 |
#8
lana..
counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.03.2006, 01:10
Member
Themenstarter Beiträge: 80 |
#9
Hallo,
endlich bin ich drin, sowas habe ich noch nie erlebt, seit heute mittag bin ich am fluchen* .., nachdem ich den pc duchgescannt habe und den ganzen dreck den das programm gefunden hat gelöscht habe (ich machte Augen als ich gesehen habe was alles drin war(ich frag mich echt wozu ich überhaupt den Norton habe.,wenn so viel rein kommt ohne dass er das erkennen tut..  ),also nachdem ich das ganze löschte fuhr ich den pc runter und wieder hoch, aber nichts funktionierte, der pc war total lamm,ich konnte ihn nicht ausschalten nichts...., nichts ging egal wohin ich geklickt habe.., ich musste ihn von der hand abschalten und nachdem er wieder hoch fuhr, funktionierte immer noch nichts, jetzt geht endlich wieder alles langsam... ich habe den antivir programm deaktiviert, danach geht es wieder, aber trotzdem nicht so schnell wie normal. Soll ich das Program _AntiVir_ aus lassen?. Das Programm hab ich jetzt mit dem _CounterSpy_ mit runter geladen(normalerweise habe ich Norton hier, und als ich dieses Programm hatte hang er wie verrückt.. Naja, erstmal hier der ScanReport-Gruß Spyware Scan Details Start Date: 01.03.2006 15:16:07 End Date: 01.03.2006 15:46:41 Total Time: 30 mins 34 secs Detected spyware Altnet P2P Networking Adware more information... Details: P2P Networking is a component that enables other applications to use adware based Peer-to-Peer functionality. Status: Deleted Infected files detected c:\windows\system32\p2p networking\marshal.dll c:\windows\system32\p2p networking\p2p networking.eng c:\windows\system32\p2p networking\p2p networking.exe c:\windows\system32\p2p networking v126.cpl c:\windows\downloaded program files\webp2pinstaller.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\NumMethods 17 HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} JCDE_ISystem HKEY_LOCAL_MACHINE\software\classes\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498} HKEY_LOCAL_MACHINE\software\classes\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}\1.1\0\win32 C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}\1.1\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}\1.1\HELPDIR C:\WINDOWS\Downloaded Program Files\ HKEY_LOCAL_MACHINE\software\classes\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}\1.1 WebP2PInstaller 1.1 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2 %SystemRoot%\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients ASM 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Peer Points Manager 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Altnet TopSearch 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Kazaa Media Desktop 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Bullguard Updater 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1133158346 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 0.0.0.0:0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory 1431655765 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebP2PInstaller.Installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID {1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer WebP2PInstaller.Installer.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebP2PInstaller.Installer Web P2P Installer HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1133158346 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 0.0.0.0:0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1132027756 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosTop 123 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 472 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID -1137525136 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1133158346 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebP2PInstaller.Installer.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebP2PInstaller.Installer.1\CLSID {1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebP2PInstaller.Installer.1 Web P2P Installer HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1132027756 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosTop 123 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 472 Cydoor Adware more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Deleted Infected files detected c:\windows\system32\adcache\b_329_0_0_106800.htm c:\windows\system32\adcache\b_329_0_0_107400.htm c:\windows\system32\adcache\b_329_1_0_449200.htm c:\windows\system32\adcache\b_329_1_0_449600.htm c:\windows\system32\adcache\b_329_1_0_454300.htm c:\windows\system32\adcache\b_329_2_0_105300.htm c:\windows\system32\adcache\b_329_2_0_106800.htm c:\windows\system32\adcache\b_329_2_0_107400.htm c:\windows\system32\adcache\b_329_3_0_106800.htm c:\windows\system32\adcache\b_329_3_0_107400.htm c:\windows\system32\adcache\b_329_4_0_111600.htm c:\windows\system32\adcache\b_329_4_0_152400.htm c:\windows\system32\adcache\b_329_4_0_155300.htm c:\windows\system32\adcache\b_329_4_0_164100.htm Altnet Browser Plug-in more information... Details: Topsearch is a .dll file that acts as a search engine and runs inside Internet Explorer as a Browser helper Object (BHO). It can supply advertising content to KaZaA users. Status: Deleted Infected files detected c:\windows\temp\altnet\dminfo3.cab c:\windows\temp\altnet\dminstall7.cab c:\windows\temp\altnet\pminstall.cab c:\windows\temp\altnet\setup.cab MapQuest Toolbar Browser Plug-in more information... Details: Although the MapQuest Toolbar is not adware per say, some versions install other adware byproducts such as EUniverse, a known spyware program. Status: Deleted Infected files detected c:\windows\downloaded program files\webp2pinstaller.dll WinFixer Misc more information... Details: WinFixer is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan. Status: Deleted Infected files detected c:\windows\system32\drivers\df_u42.sys Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316} HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib {25BAE2A9-DF54-4927-AF6F-9963146D11D8} HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316} ICheckProduct HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinFixer 2005\uwappchk.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinFixer 2005\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}\1.0 CheckProduct2Lib Web P2P Installer Trojan Downloader more information... Details: ActiveX drive by downloader. Status: Deleted Infected files detected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\InprocServer32 C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ProgID WebP2PInstaller.Installer.1 HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll, 101 HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\TypeLib {F720B40F-3A38-4B22-B30D-DCF095D42498} HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\VersionIndependentProgID WebP2PInstaller.Installer HKEY_CLASSES_ROOT\clsid\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} Web P2P Installer HKEY_CLASSES_ROOT\webp2pinstaller.installer.1 HKEY_CLASSES_ROOT\webp2pinstaller.installer.1\CLSID {1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_CLASSES_ROOT\webp2pinstaller.installer.1 Web P2P Installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\InprocServer32 C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ProgID WebP2PInstaller.Installer.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll, 101 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\TypeLib {F720B40F-3A38-4B22-B30D-DCF095D42498} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\VersionIndependentProgID WebP2PInstaller.Installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} Web P2P Installer HKEY_CLASSES_ROOT\webp2pinstaller.installer HKEY_CLASSES_ROOT\webp2pinstaller.installer\CLSID {1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_CLASSES_ROOT\webp2pinstaller.installer\CurVer WebP2PInstaller.Installer.1 HKEY_CLASSES_ROOT\webp2pinstaller.installer Web P2P Installer KaZaA P2P more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Deleted Infected files detected C:\WINDOWS\system32\P2P Networking v126.cpl c:\windows\system32\p2p networking\marshal.dll c:\windows\downloaded program files\webp2pinstaller.dll Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\LocalServer32 C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\ProgID JCDE_Stack.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\VersionIndependentProgID JCDE_Stack HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:kzhash 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:topsearch 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type http 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa kt 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Description Download files using Kazaa Media Desktop HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa ShellExecute "C:\Programme\Kazaa\kazaa.exe" /url "%URL" HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeApplication Kazaa HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeTopic URL HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer\curver HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer\curver WebP2PInstaller.Installer.1 HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer\CLSID {1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer\CurVer WebP2PInstaller.Installer.1 HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer Web P2P Installer HKEY_LOCAL_MACHINE\software\classes\jcde_stack HKEY_LOCAL_MACHINE\software\classes\jcde_stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_LOCAL_MACHINE\software\classes\jcde_stack\CurVer JCDE_Stack.1 HKEY_LOCAL_MACHINE\software\classes\jcde_stack P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\software\sharman networks ltd HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\LocalServer32 C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\ProgID JCDE_Stack.1 HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\VersionIndependentProgID JCDE_Stack HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} P2P Stack for Joltid Content Distribution Environment HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer HKEY_LOCAL_MACHINE\software\p2p networking HKEY_LOCAL_MACHINE\software\p2p networking\Clients HKEY_LOCAL_MACHINE\software\p2p networking\Clients ASM 1 HKEY_LOCAL_MACHINE\software\p2p networking\Clients Peer Points Manager 1 HKEY_LOCAL_MACHINE\software\p2p networking\Clients Altnet TopSearch 1 HKEY_LOCAL_MACHINE\software\p2p networking\Clients Kazaa Media Desktop 1 HKEY_LOCAL_MACHINE\software\p2p networking\Clients Bullguard Updater 1 HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\software\p2p networking HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655765 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory 1431655765 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1133158346 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 0.0.0.0:0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1132027756 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI WinPosTop 123 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI WinPosLeft 472 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID -1137525136 IST.ISTbar Browser Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user▓s consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist exe_start 1 Cydoor.TOPicks Adware more information... Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\NumMethods 6 HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} JCDE_IChannel HKEY_LOCAL_MACHINE\software\classes\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a} HKEY_LOCAL_MACHINE\software\classes\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}\TypeLib {F720B40F-3A38-4B22-B30D-DCF095D42498} HKEY_LOCAL_MACHINE\software\classes\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}\TypeLib Version 1.1 HKEY_LOCAL_MACHINE\software\classes\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a} IInstaller HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\NumMethods 3 HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} JCDE_IEventSink_Channel HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\NumMethods 7 HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} JCDE_IMessageHandler HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\NumMethods 24 HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} JCDE_IFile HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\NumMethods 4 HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} JCDE_IEventSink_File RXToolbar Adware more information... Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\RX Toolbar HKEY_CURRENT_USER\Software\RX Toolbar RegisterNow 1 HKEY_LOCAL_MACHINE\Software\Classes\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_LOCAL_MACHINE\Software\Classes\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 C:\PROGRA~1\RXTOOL~1\sfcont.dll HKEY_LOCAL_MACHINE\Software\Classes\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 ThreadingModel both HKEY_LOCAL_MACHINE\Software\Classes\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName sfcont.bin HKEY_LOCAL_MACHINE\Software\Classes\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID RXResult.RXResultFilter.1 HKEY_LOCAL_MACHINE\Software\Classes\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID RXResult.RXResultFilter HKEY_LOCAL_MACHINE\Software\Classes\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} RXResultFilter Class HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultTracker HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultTracker\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultTracker RXResultTracker Class HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultFilter HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultFilter\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultFilter RXResultFilter Class HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultFilter.1 HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultFilter.1\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultFilter.1 RXResultFilter Class HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultTracker.1 HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultTracker.1\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_LOCAL_MACHINE\Software\Classes\RXResult.RXResultTracker.1 RXResultTracker Class IST.SlotchBar Toolbar more information... Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\IST HKEY_CURRENT_USER\Software\IST exe_start 1 IST.XXXToolbar Toolbar more information... Details: Adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\IST HKEY_CURRENT_USER\Software\IST exe_start 1 IST.PowerScan Adware more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist exe_start 1 Adw.Need2Find.Toolbar Toolbar more information... Details: Adw.Need2Find.Toolbar is an IE plugin with its own Search Field. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB} HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB} Need2FindBar Adware more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB} HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB} Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@ad.yieldmanager[2].txt adriver Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@adriver[2].txt PointRoll.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@ads.pointroll[2].txt Advertising.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@advertising[2].txt ATDMT.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@atdmt[2].txt Claria.DashBar Cookie Cookie more information... Details: DashBar cookie is a small text file placed on the user's computer after when visiting the Claria/GAIN DashBar website. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@belnk[2].txt CGI-Bin Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@cgi-bin[1].txt c:\dokumente und einstellungen\svetlana\cookies\svetlana@cgi-bin[2].txt ClickBank Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@clickbank[1].txt DoubleClick Cookie more information... Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@doubleclick[2].txt FastClick.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@fastclick[1].txt c:\dokumente und einstellungen\svetlana\cookies\svetlana@media.fastclick[1].txt Hitbox.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@hitbox[1].txt Hotbar Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@hotbar[2].txt HotLog.ru Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@hotlog[2].txt Mediaplex.com Cookie more information... Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@mediaplex[1].txt SpyLog.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@spylog[2].txt Radar Spy 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@tradedoubler[2].txt Zedo Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\svetlana\cookies\svetlana@zedo[1].txt |
|
|
|
|
|
|
02.03.2006, 12:42
Ehrenmitglied
Beiträge: 29434 |
#10
lana..
du hast dir den PC selbst verseucht...an dem Tag, an dem du P2P und Winfixer geladen hast.  (da trifft den Norton keine Schuld) http://virus-protect.org/artikel/spyware/winfix.html Start-->Ausfuehren --> regdit bearbeiten --> suchen --> DF_U42 / df_u42.sys --> loesche, was du findest) Zitat HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DF_U421. beschraenke dich nur auf ein Antivirus-Tool, sonst wird das System lahm. 2. Scanne bitte noch einmal mit Counterspy, dann deinstalliere das Tool.(poste aber vorher den neuen Scanreport) 3. stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 4. ueberpruefe, ob das geloescht ist: c:\windows\system32\drivers\df_u42.sys 5. TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2006, 00:37
Member
Themenstarter Beiträge: 80 |
#11
Hallo!
Leider hat es länger gedauert, aber ich konnte mit ihm nichts machen, Jetzt hab ich das AntiVir ganz entfernt. AlsOo, die Suche nach DF_U42 / df_u42.sys hat keine Ergebnisse gezeigt, gar nichts.., weiter unten folgt der ScanReport von CounterSpy., c:\windows\system32\drivers\df_u42.sys> hab ich kontrolliert- ist nicht da(gelöscht), und bei dem Schritt 3 und 5 funktionierten die links nicht, ich habe die schon kopiert und in die adressleiste eingefügt, aber es kommt immer die meldung> die Seite kann nicht angezeigt werden``... wie soll ich jetzt vorgehen? ...übrigens Kazaa habe ich schon mal versucht zuentfernen, aber es ging immer nicht, war da ein virus drin ?.. Danke für die Hilfe und für deine Zeit!. ScanReport:.> Spyware Scan Details Start Date: 03.03.2006 19:47:52 End Date: 03.03.2006 20:36:21 Total Time: 48 mins 29 secs Detected spyware KaZaA P2P more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 |
|
|
|
|
|
|
04.03.2006, 15:26
Ehrenmitglied
Beiträge: 29434 |
#12
lana..
meine Seite war gestern down, aber nun funktioniert wieder alles 1. loesche. C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll 2. gehe in die Registry: start-->Ausfuehren --> regedit bearbeiten--> suchen--> p2p networking --> loesche alles, was du findest. 3. AdAware --> scanne und poste den scanbericht http://virus-protect.org/adaware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.03.2006, 18:50
Member
Themenstarter Beiträge: 80 |
#13
Also..>
Schritt 1- WebP2PInstaller.dll, unter C:\WINDOWS\Downloaded Program Files, ist nicht zufinden Schritt 2- habe insgesamt 4 mal > bearbeiten--> suchen--> p2p networking durchgegangen, und jedes mal hat er was gefunden, alles gelöscht! Schritt 3- ScanLog folgt unten, hab den *versehentlich* 2 mal durchlaufen lassen, nach 1 mal hat er insgesamt 4 st. gefunden, hab ich entfernt. Sabina sag mal bitte, wie gross ist der Schaden den er auf dem pc angerichtet hat?. ScanLog Ad-Aware Ad-Aware SE Build 1.06r1 Logfile Created on:Samstag, 4. März 2006 18:25:45 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R94 28.02.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:02:12.125 Objects scanned:83541 Objects identified:0 Objects ignored:0 New critical objects:0 |
|
|
|
|
|
|
04.03.2006, 18:58
Ehrenmitglied
Beiträge: 29434 |
#14
lana..
es muesste wieder alles in Ordnung sein. Der Winfixer an sich ist kein Virus, aber er zerstoert das System und erpresst die Leute, die ihn geladen haben mit PopUps... soll heissen...sie muessen das "Tool" kaufen, um Ruhe zu haben ... http://board.protecus.de/t20352.htm http://virus-protect.org/artikel/spyware/winfix.html wahrscheinlich ist er ueber P2P auf dein System gekommen. Deinstalliere Counterspy..(ist nicht free) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.03.2006, 02:25
Member
Themenstarter Beiträge: 80 |
#15
....was bin ich froh!!..
__Vielen Dank nochmal an dich Sabina, für deine Zeit und Mühe!!. So schnell wie hier wurde mir noch nie geholfen, dieses Forum ist nur weiter zu empfehlen!!. Dankeschön!!. |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich habe auf dieses Forum gestossen, als ich WinFixer runtergeladen habe und etwas mehr über ihn erfahren wollte>( google). Als ich hier gelesen hab was das für 'ne sch.... ist, habe ich Winfixer sofort entfernt (und zum glück ging es auch) hoffe ich zumindest. Jedenfalls ist er niergendwo zusehen und schwierigkeiten habe ich auch bis jetzt noch nicht. Das Programm war ca. 2 Stunden auf dem pc und benutz hab ich das auch noch nicht.
Meine Frage ist, wie äußert sich das Verhalten des Comp. wenn der doch infiziert ist, und besteht die Möglichkeit dass ich diesmal schwein gehabt habe und er sich nicht verbreitet hat?.
Ich weiß eure Hilfe zuschätzen, Danke im Voraus!!.