Spyware Infection |
||
---|---|---|
#0
| ||
05.03.2006, 15:04
Member
Beiträge: 22 |
||
|
||
05.03.2006, 16:33
Ehrenmitglied
Beiträge: 29434 |
#2
Thaniel
1. stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. deinstalliere: MessengerPlus! 3 3. dann poste bitte noch mal die 4 Textdateien von datfindbat..bis oktober 2005 4. Lade echo.zip --> enpacken--> klicke echo.bat --> der Texteditor wird sich oeffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip 5. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Network Monitor in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.03.2006, 17:17
Member
Themenstarter Beiträge: 22 |
#3
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D Verzeichnis von C:\WINDOWS\system32 08.02.2006 06:23 4.513.120 MRT.exe 04.02.2006 20:40 1.158 wpa.dbl 18.01.2006 13:05 57.344 avsda.dll 04.01.2006 04:35 68.096 webclnt.dll 29.12.2005 03:54 280.064 gdi32.dll 16.12.2005 15:46 7.006 jupdate-1.5.0_06-b05.log 14.12.2005 09:24 118.784 sirenacm.dll 10.12.2005 17:16 4.081 paytime.exe 08.12.2005 13:56 65.536 QuickTimeVR.qtx 08.12.2005 13:56 49.152 QuickTime.qts 06.12.2005 06:02 5.533.696 wmp.dll 02.12.2005 14:17 0 v2o537em.html 02.12.2005 14:17 3.469 l23oteav.ini 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 00:58 1.022.464 browseui.dll 24.11.2005 00:58 3.013.632 mshtml.dll 10.11.2005 17:48 381.632 FNTCACHE.DAT 10.11.2005 13:03 127.078 javaws.exe 10.11.2005 13:03 49.265 jpicpl32.cpl 10.11.2005 11:27 49.250 javaw.exe 10.11.2005 11:27 49.248 java.exe 05.11.2005 04:16 606.208 urlmon.dll 05.11.2005 04:16 1.056.256 danim.dll 30.10.2005 21:23 2.576 PerfStringBackup.TMP 29.10.2005 06:52 307.200 atiiiexx.dll 29.10.2005 06:13 258.048 ATIDEMGR.dll 29.10.2005 05:32 6.684.672 atioglx1.dll 29.10.2005 04:27 4.866.048 atioglxx.dll 29.10.2005 04:12 247.296 ati2dvag.dll 29.10.2005 04:08 110.592 atipdlxx.dll 29.10.2005 04:07 77.824 Oemdspif.dll 29.10.2005 04:07 26.112 Ati2mdxx.exe 29.10.2005 04:07 40.960 ati2edxx.dll 29.10.2005 04:07 47.616 ati2evxx.dll 29.10.2005 04:06 389.120 ati2evxx.exe 29.10.2005 04:06 53.248 ATIDDC.DLL 29.10.2005 03:58 2.491.808 ati3duag.dll 29.10.2005 03:52 603.040 ativvaxx.dll 29.10.2005 03:40 151.552 atikvmag.dll 29.10.2005 03:21 17.408 atitvo32.dll 29.10.2005 03:16 237.568 ati2cqag.dll 28.10.2005 21:05 520.192 ati2sgag.exe 21.10.2005 04:40 664.064 wininet.dll 21.10.2005 04:40 474.112 shlwapi.dll 21.10.2005 04:40 530.944 mstime.dll 21.10.2005 04:40 39.424 pngfilt.dll 21.10.2005 04:40 448.512 mshtmled.dll 21.10.2005 04:40 146.432 msrating.dll 21.10.2005 04:40 96.768 inseng.dll 21.10.2005 04:40 152.064 cdfview.dll 21.10.2005 04:40 251.392 iepeers.dll 21.10.2005 04:40 205.312 dxtrans.dll 21.10.2005 04:40 55.808 extmgr.dll 20.10.2005 23:25 1.094.144 esent.dll 17.10.2005 22:20 118.272 t2embed.dll 17.10.2005 22:20 80.896 fontsub.dll 17.10.2005 15:15 110.293 atiicdxx.dat 13.10.2005 00:11 15.584 spmsg.dll 06.10.2005 04:08 1.839.616 win32k.sys 23.09.2005 04:06 8.491.520 shell32.dll 14.09.2005 20:17 53.248 pxhpinst.exe 10.09.2005 02:54 2.067.968 cdosys.dll 07.09.2005 19:28 35.184 b6j198q7.dat 07.09.2005 19:28 188.144 ajdfcutb.dat 07.09.2005 19:28 4.240 cpok6im2.dat 04.09.2005 20:53 0 t6c9iao0.html 01.09.2005 02:44 292.352 winsrv.dll 01.09.2005 02:44 19.968 linkinfo.dll 30.08.2005 04:55 1.292.800 quartz.dll 24.08.2005 18:25 6.020 atifglpf.xml 23.08.2005 04:39 124.416 umpnpmgr.dll 22.08.2005 19:31 197.632 netman.dll 11.08.2005 16:11 65.024 nwwks.dll 26.07.2005 05:39 101.376 txflog.dll 26.07.2005 05:39 37.888 olecnv32.dll 26.07.2005 05:39 397.824 rpcss.dll 26.07.2005 05:39 74.752 olecli32.dll 26.07.2005 05:39 11.776 xolehlp.dll 26.07.2005 05:39 1.285.120 ole32.dll 26.07.2005 05:39 66.560 mtxclu.dll 26.07.2005 05:39 91.136 mtxoci.dll 26.07.2005 05:39 945.152 msdtctm.dll 26.07.2005 05:39 161.280 msdtcuiu.dll 26.07.2005 05:39 425.472 msdtcprx.dll 26.07.2005 05:39 243.200 es.dll 26.07.2005 05:39 540.160 comuid.dll 26.07.2005 05:39 1.267.200 comsvcs.dll 26.07.2005 05:39 498.688 clbcatq.dll 26.07.2005 05:39 60.416 colbact.dll 26.07.2005 05:39 97.792 comrepl.dll 26.07.2005 05:39 625.152 catsrvut.dll 26.07.2005 05:39 225.792 catsrv.dll 26.07.2005 05:39 110.080 clbcatex.dll 19.07.2005 20:11 4.096 crash 19.07.2005 19:32 35 dod1tc5q.ini 19.07.2005 19:32 35 k4cqcejp.ini 16.07.2005 06:09 3.799 jupdate-1.5.0_04-b05.log 10.07.2005 12:34 56 winxp32.sys 09.07.2005 10:22 100 LuResult.txt 08.07.2005 17:28 76.800 remotesp.tsp 08.07.2005 17:28 249.344 tapisrv.dll 01.07.2005 13:58 1.603.808 NpFp415.dll 29.06.2005 02:49 254.976 icm32.dll 29.06.2005 02:49 74.240 mscms.dll 28.06.2005 09:21 22.752 spupdsvc.exe 26.06.2005 17:06 77.824 GkSui20.EXE 15.06.2005 18:49 295.936 kerberos.dll 11.06.2005 00:53 57.856 spoolsv.exe 31.05.2005 10:20 79.432 GEARAspi.dll 27.05.2005 03:04 546.304 hhctrl.ocx 27.05.2005 03:04 41.472 hhsetup.dll 27.05.2005 03:04 137.216 itss.dll 27.05.2005 03:04 155.136 itircl.dll 26.05.2005 15:34 2.297.552 d3dx9_26.dll 26.05.2005 03:16 18.200 wups2.dll 26.05.2005 03:16 41.240 wups.dll 26.05.2005 03:16 173.536 wuweb.dll 26.05.2005 03:16 1.343.768 wuaueng.dll 26.05.2005 03:16 198.424 iuengine.dll 26.05.2005 03:16 75.544 cdm.dll 26.05.2005 03:16 124.696 wuauclt.exe 26.05.2005 03:16 174.872 wuauclt1.exe 26.05.2005 03:16 174.872 wuaucpl.cpl 26.05.2005 03:16 194.840 wuaueng1.dll 26.05.2005 03:16 466.200 wuapi.dll 26.05.2005 03:16 128.280 wucltui.dll 17.05.2005 01:42 17.408 xpsp3res.dll 15.05.2005 23:36 3.069 jupdate-1.5.0_02-b09.log 11.05.2005 03:30 78.336 telnet.exe 04.05.2005 13:45 2.890.240 msi.dll 21.03.2005 14:00 271.360 msihnd.dll 21.03.2005 14:00 78.848 msiexec.exe 21.03.2005 14:00 884.736 msimsg.dll 21.03.2005 14:00 15.360 msisip.dll 20.03.2005 13:39 4.212 zllictbl.dat 18.03.2005 17:19 2.337.488 d3dx9_25.dll 11.03.2005 23:48 56.320 pxinsa64.exe 11.03.2005 23:48 109.568 pxinsi64.exe 11.03.2005 23:48 56.832 pxcpya64.exe 11.03.2005 23:48 108.544 pxcpyi64.exe 11.03.2005 23:28 151.552 pxwma.dll 11.03.2005 23:28 405.504 pxdrv.dll 11.03.2005 23:28 172.032 pxmas.dll 11.03.2005 23:28 339.968 pxwave.dll 11.03.2005 23:28 339.968 px.dll 11.03.2005 23:28 28.672 vxblock.dll 07.03.2005 21:19 2.151.936 kernel1.exe 02.03.2005 19:09 56.832 authz.dll 02.03.2005 19:09 578.560 user32.dll 02.03.2005 19:06 2.017.792 ntkrnlpa.exe 02.03.2005 19:06 2.138.112 ntoskrnl.exe 14.02.2005 02:12 45.056 CSvidcap.dll 27.01.2005 14:39 466.944 capicom.dll 16.12.2004 21:10 383.390 perfh009 16.12.2004 21:10 394.830 perfh007 16.12.2004 21:10 53.744 perfc009 16.12.2004 21:10 64.796 perfc007 16.12.2004 21:10 906.376 PerfStringBackup.INI 08.12.2004 13:49 340.240 FNTCACHE 07.12.2004 20:33 96.768 srvsvc.dll 06.12.2004 22:47 995 oeminfo.ini 06.12.2004 22:47 8.326 oemlogo.rar 30.11.2004 12:28 86.094 ImageDrive.cpl 20.11.2004 19:27 2.368 SVKP.sys 17.11.2004 18:42 356.352 hypertrm.dll 16.11.2004 22:17 68.608 hlink.dll 10.11.2004 16:45 16.832 amcompat.tlb 10.11.2004 16:45 23.392 nscompat.tlb 29.10.2004 09:29 251 spupdwxp.log 28.10.2004 02:23 729.600 lsasrv.dll 19.10.2004 11:18 34.064 lhacm.acm 06.10.2004 15:30 3.207 jupdate-1.4.2_05-b04.log 04.10.2004 02:10 98.304 tsccvid.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 758B-B16D Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp 05.03.2006 17:12 16.384 Perflib_Perfdata_950.dat 05.03.2006 17:12 16.384 Perflib_Perfdata_348.dat 05.03.2006 17:11 16.384 Perflib_Perfdata_11c.dat 05.03.2006 17:10 408 jusched.log 05.03.2006 17:06 1.806 MsgPlusUninst.bat 5 Datei(en) 51.366 Bytes 0 Verzeichnis(se), 8.466.014.208 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 758B-B16D Verzeichnis von C:\WINDOWS 05.03.2006 17:12 54.156 QTFont.qfn 05.03.2006 17:10 0 0.log 05.03.2006 17:10 1.197.346 WindowsUpdate.log 05.03.2006 17:09 2.048 bootstat.dat 05.03.2006 17:07 32.462 SchedLgU.Txt 05.03.2006 15:13 572 wincmd.ini 05.03.2006 13:59 1.769 wcx_ftp.ini 04.03.2006 16:39 1.409 QTFont.for 02.03.2006 23:13 215 wiadebug.log 02.03.2006 23:02 50 wiaservc.log 25.02.2006 23:33 1.373 HAFASWIN.INI 25.02.2006 16:47 116 NeroDigital.ini 25.02.2006 16:39 401.550 setupapi.log 24.02.2006 16:08 121 GEARInstall.log 16.02.2006 15:49 29.757 spupdsvc.log 15.02.2006 21:57 1.374 imsins.log 15.02.2006 21:57 70.180 comsetup.log 15.02.2006 21:57 828.139 iis6.log 15.02.2006 21:57 33.212 ocmsn.log 15.02.2006 21:57 34.790 tabletoc.log 15.02.2006 21:57 331.433 tsoc.log 15.02.2006 21:57 147.287 ntdtcsetup.log 15.02.2006 21:57 10.638 KB911927.log 15.02.2006 21:57 28.245 medctroc.Log 15.02.2006 21:57 102.004 ocgen.log 15.02.2006 21:57 122.289 netfxocm.log 15.02.2006 21:57 35.516 msgsocm.log 15.02.2006 21:57 679.532 FaxSetup.log 15.02.2006 21:57 224.782 msmqinst.log 15.02.2006 21:57 28.397 updspapi.log 15.02.2006 21:57 1.374 imsins.BAK 15.02.2006 21:57 6.413 KB911564.log 15.02.2006 21:57 9.214 wmsetup.log 15.02.2006 21:56 6.651 KB911565.log 15.02.2006 21:56 6.637 KB913446.log 13.02.2006 21:09 0 winsysupd81.dat 13.02.2006 21:09 42 drsmartload2.dat 13.02.2006 21:09 0 gimmygames1.dat 13.02.2006 21:08 40 teller2.chk 11.01.2006 21:33 10.037 KB908519.log 06.01.2006 11:05 11.020 KB912919.log 03.01.2006 17:45 1.989 uninstall_nmon.vbs 28.12.2005 19:46 150 AIMPR.INI 22.12.2005 02:28 60 setupact.log 21.12.2005 22:51 32.091 DirectX.log 20.12.2005 17:55 55.113 HAFASINS.LOG 16.12.2005 21:51 10.999 KB910437.log 16.12.2005 21:51 16.791 KB905915.log 10.12.2005 17:17 2.033 hosts 10.12.2005 17:17 1.999 desktop.html 10.12.2005 17:16 3.054 SECURE32.HTML.VIR 10.12.2005 17:16 1.536 kl.exe 10.12.2005 17:16 0 uniq 08.12.2005 00:25 172 CrypTool.INI 08.12.2005 00:25 286.720 iun506.exe 23.11.2005 17:28 1.105 unins000.dat 23.11.2005 17:28 72.748 unins000.exe 10.11.2005 15:20 11.816 KB896424.log 07.11.2005 15:17 1.067 win.ini 04.11.2005 22:09 1.125 winamp.ini 24.10.2005 10:50 640 batchJobList.dat 19.10.2005 10:12 24.326 KB901017.log 19.10.2005 10:12 26.456 KB902400.log 19.10.2005 10:11 16.795 KB896688.log 19.10.2005 10:11 13.906 KB899589.log 19.10.2005 10:10 14.221 KB905414.log 19.10.2005 10:10 13.963 KB900725.log 19.10.2005 10:10 11.339 KB904706.log 19.10.2005 10:10 11.993 KB905749.log 14.10.2005 20:51 218 Clony2.ini 09.10.2005 15:21 107.132 UninstallFirefox.exe 09.10.2005 15:21 8.295 mozver.dat Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 758B-B16D Verzeichnis von C:\ 05.03.2006 17:14 0 sys.txt 05.03.2006 17:14 15.136 system.txt 05.03.2006 17:14 536 systemtemp.txt 05.03.2006 17:13 124.068 system32.txt 05.03.2006 17:09 1.073.270.784 hiberfil.sys 05.03.2006 17:09 1.598.029.824 pagefile.sys 05.03.2006 13:59 152 2005-06-08_pk_nadal_de_dsl.wvx 28.02.2006 19:54 1.369 anfrage.html 21.02.2006 22:30 2.204 phpbestell.txt 01.02.2006 23:32 2.983 insider.txt 01.02.2006 22:12 4.670 loginerror.php 31.01.2006 19:35 545 anfrage2.html 09.01.2006 19:05 289 pw.php 09.01.2006 18:52 45 falsch.php 09.01.2006 18:52 45 falsch.html 09.01.2006 17:29 241 php.html 09.01.2006 17:13 154 passwordabfrage.php 24.12.2005 00:30 317 index.html 19.12.2005 17:46 188 Delme.bat 10.11.2005 19:31 41.080 pacman.swf 11.09.2005 14:26 6.852 ips.txt 04.09.2005 17:32 1.196.753 20050409_174041_Administrator.nbi 04.09.2005 13:42 46 hWaitEventRetryInstall 05.06.2005 17:11 4.262 ASPI.LOG 27.05.2005 10:03 451 .bash_history 10.03.2005 19:24 194 boot.ini 09.03.2005 18:25 3.397 adp_inst.log 02.03.2005 19:28 71.324 TREEINFO.WC 20.02.2005 06:48 40 Auth.prof 18.02.2005 21:31 12.913 index.php 21.12.2004 17:41 32.970 ISO1.nri 17.11.2004 16:24 15.016 tmp.txt 11.11.2004 19:51 155 Blank.cue 28.10.2004 21:22 47.564 ntdetect.com 28.10.2004 21:22 251.184 ntldr So das sind nochmal die neuen Textdateien Hier noch 4. und 5. 4. : 10)DPF???? Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 758B-B16D Verzeichnis von C:\WINDOWS\Downloaded Program Files 15.12.2004 21:24 <DIR> CONFLICT.19 03.01.2005 13:52 23.552 DeskAdX.dll 25.07.2002 17:13 24.576 dwusplay.dll 25.07.2002 17:13 196.608 dwusplay.exe 26.10.2003 15:25 133.712 EARTPX.dll 26.10.2003 15:13 321 EARTPX.inf 13.08.2004 18:10 894.544 EPUWALcontrol.dll 13.08.2004 18:02 539 EPUWALcontrol.inf 08.09.2004 22:38 1.271 erma.inf 26.07.2004 19:37 325 heartbeat.inf 26.07.2004 19:36 101.464 hrtbeat.ocx 16.06.2004 15:03 355.955 ICQVideoControl.dll 08.06.2004 10:26 268 ICQVideoControl.inf 11.11.2005 13:11 1.210.104 ICSScan.dll 11.11.2005 09:02 470 ICSScanner.inf 25.07.2002 17:05 172.032 isusweb.dll 25.08.2003 17:12 1.096 iuctl.inf 29.05.2003 15:00 160.864 messengerstatsclient.dll 06.04.2004 18:03 172.072 MessengerStatsPAClient.dll 22.08.2003 09:49 220 MetaStream3.inf 20.05.2004 12:36 237.568 MISBH.dll 09.05.2004 09:03 194 MISBH.INF 30.06.2005 14:19 227 MsnMessengerSetupDownloader.inf 13.08.2005 23:26 113.664 MsnMessengerSetupDownloader.ocx 02.06.2005 21:32 1.586.984 NpFp412.dll 02.06.2005 20:53 681.760 NpFv412.dll 26.09.2005 14:59 682.200 NpFv415.dll 05.11.2003 06:04 228 odyssey_webmoo.inf 08.12.2003 12:58 3.759 swflash.inf 01.11.2004 10:10 221 webdlg32.inf 26.01.2004 17:42 856 yinst.inf 26.01.2004 17:40 133.120 yinsthelper.dll 17.08.2004 13:58 227 ysbactivex.inf 31.01.2005 22:26 117.800 ZIntro.ocx 26.07.2004 19:36 134.747 zsetup.exe 34 Datei(en) 7.143.548 Bytes Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.19 15.12.2004 21:24 <DIR> . 15.12.2004 21:24 <DIR> .. 0 Datei(en) 0 Bytes Anzahl der angezeigten Dateien: 34 Datei(en) 7.143.548 Bytes 3 Verzeichnis(se), 8.465.948.672 Bytes frei 5. : REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 05.03.2006 17:22:20 for strings: ; 'network monitor' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control] "ActiveService"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor] ; Contents of value: ; C:\Programme\Network Monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\ 20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\ 63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor] ; Contents of value: ; C:\Programme\Network Monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\ 20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\ 63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control] "ActiveService"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor] ; Contents of value: ; C:\Programme\Network Monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\ 20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\ 63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum] ; End Of The Log... MfG Thaniel Dieser Beitrag wurde am 05.03.2006 um 17:26 Uhr von Thaniel editiert.
|
|
|
||
05.03.2006, 18:24
Ehrenmitglied
Beiträge: 29434 |
#4
Thaniel
Versteckte- und Systemdateien sichtbar machen http://virus-protect.org/invisible.html ---------------------------------------------------------------------------------------------------- Start>> Ausfuehren>> Type in Services.msc und Click OK! "Eigenschaften" >> Click "Stop">> Starttyp "deaktiviert" --> Network Monitor ---------------------------------------------------------------------------------------------------- Start -- Ausführen -- regedit (reinschreiben) bearbeiten --> suchen --> Network Monitor Sollte man Probleme haben, die Einträge zu löschen, Legacy_ .....kann nicht gelöscht werden. Fehler beim Löschen des Schlüssels, dann gehe mit Rechtsklick im Kontextmenü auf: "Berechtigungen" Setze das Häkchen bei "Vollzugriff zulassen" Übernehmen, OK Danach sollte(n) sich der(die) betreffenden Schlüssel löschen lassen. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor ------------------------------------------------------------------------------------------------------------- KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ....... C:\WINDOWS\System32\v2o537em.html C:\WINDOWS\System32\l23oteav.ini C:\WINDOWS\system32\IVIresi{eM6.dll C:\WINDOWS\System32\Q1130875.dll C:\WINDOWS\System32\paytime.exe C:\WINDOWS\System32\dlulsgz.exe C:\WINDOWS\system32\l23oteav.exe C:\WINDOWS\System32\b6j198q7.dat C:\WINDOWS\System32\ajdfcutb.dat C:\WINDOWS\System32\cpok6im2.dat C:\WINDOWS\System32\t6c9iao0.html C:\WINDOWS\System32\crash C:\WINDOWS\System32\dod1tc5q.ini C:\WINDOWS\System32\k4cqcejp.ini C:\WINDOWS\hosts c:\secure32.html C:\WINDOWS\desktop.html C:\WINDOWS\SECURE32.HTML.VIR C:\WINDOWS\kl.exe C:\WINDOWS\uniq C:\WINDOWS\winsysupd81.dat C:\WINDOWS\drsmartload2.dat C:\WINDOWS\gimmygames1.dat C:\WINDOWS\teller2.chk C:\Programme\Network Monitor\netmon.exe C:\WINDOWS\system32\drivers\netpt.sys C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MsgPlusUninst.bat C:\WINDOWS\uninstall_nmon.vbs PC neustarten--> in den abgesicherten Modus ...F8 druecken, wenn der PC hochfaehrt deinstallieren: Desktop Sidebar loeschen C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE~1\toollist.exe C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR~1\dogaxis.exe C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE.... C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR.... C:\Programme\Desktop Sidebar\sbhelp.dll C:\Programme\Desktop Sidebar C:\Program Files\DeskAd Service\DeskAdServ.exe C:\Program Files\AdTools Service\AdTools.exe C:\Program Files\AdTools Service C:\Programme\MessengerPlus! 3 C:\Programme\Network Monitor\netmon.exe C:\Programme\Network Monitor öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otzofdwxjijkexycdfchxvjk.net/LcBVhruWnLyfYPwSKQWdC9zVCwDg4Gn5rsM4adb2DL49jzZlEG7cu6PPZ5lwev29.html O2 - BHO: IEHelper - {34c57e67-a8ae-41d9-b1c0-0b71a5d432df} - C:\WINDOWS\System32\Q1130875.dll (file missing) O2 - BHO: CommandBar.CtrlMHook - {3f1ab67e-12aa-352e-b4e0-a5f1810b60dd} - mscoree.dll (file missing) O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll O2 - BHO: (no name) - {4E058772-5DD7-9F89-E456-128B7C0C3623} - C:\DOKUME~1\ADMINI~1\ANWEND~1\SENDWE~1\toollist.exe O2 - BHO: (no name) - {5136717B-6F8B-46F7-BC10-936577C54B46} - C:\WINDOWS\system32\IVIresi{eM6.dll (file missing) O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file) O4 - HKLM\..\Run: [xkjloaagun] C:\WINDOWS\System32\dlulsgz.exe O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe O4 - HKLM\..\Run: [l23oteav] C:\WINDOWS\system32\l23oteav.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [ENC ACTIVE] C:\DOKUME~1\ADMINI~1\ANWEND~1\OBJWAR~1\dogaxis.exe O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/gerpep_nopop.exe O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) PC neustarten Hoster.zip -> anwenden http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: Zitat dir %Windir%\tasks /a h > files.txt- Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text ----------------------------------------------------------------------------- Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html ** __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.03.2006, 19:27
Member
Themenstarter Beiträge: 22 |
#5
Ich habe ein paar Probleme bei der durchführung...bis hierhin ging alles gut...
Zitat loeschenDie ersten beiden Absätze ließen sich nicht löschen, da ich angeblich keine Berechtigung dafür habe. zu den darauffolgenden: der Pfad C:\Programme\Desktop Sidebar existiert nicht, jedoch der Pfad C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\Desktop Sidebar Sind diese jeweils die selben? |
|
|
||
05.03.2006, 19:35
Ehrenmitglied
Beiträge: 29434 |
#6
1.
du musst die Reinigung im abgesicherten Modus machen 2. C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\Desktop Sidebar--> loeschen 3. wie du die Eintraege in der Registry loescht, steht ganz genau erklaert da..... Zitat Sollte man Probleme haben, die Einträge zu löschen, __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.03.2006, 19:55
Member
Themenstarter Beiträge: 22 |
#7
Also zu 3. das hab ich gemacht, die Desktop Sidebar auch...
Ich glaube ich weiß jetzt wo mein Problem liegt, ich komme nicht in den abgesicherten Modus(hört sich ziemlich blöd an), habe ein bios von hp...dort ist der Taste F8 nichts zugewiesen... von dort aus kann ich nur ins Bios oder ein Medium auswählen von dem ich booten will. MfG Thaniel |
|
|
||
05.03.2006, 21:15
Ehrenmitglied
Beiträge: 29434 |
||
|
||
05.03.2006, 22:13
Member
Themenstarter Beiträge: 22 |
#9
im Normal Modus kann ich wie gesagt, die Dateien:
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE~1\toollist.exe C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR~1\dogaxis.exe nicht löschen...ich habe mal im Anhang die fehlermeldung, vieleicht hilft die weiter... Anhang: fehler.jpg
|
|
|
||
06.03.2006, 10:56
Ehrenmitglied
Beiträge: 29434 |
#10
scanne mit panda und poste den scanbericht...dann sehen wir weiter...
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.03.2006, 14:58
Member
Themenstarter Beiträge: 22 |
#11
Ja, dabei habe ich wieder ein Problem, normalerweise benutzte ich FIrefox zum surfen...jedoch ist dieser nicht für den Scan verwendbar, also habe ich den Internet Explorer benutzt. Dieser spielt total verückt, und zeigt den Button zum scannen nicht als Link an, bzw. wenn man auf diesen Klickt passiert gar nix...der Popupblocker ist auch deaktiviert. Wenn es weiterhilft, kann ich die files.txt und den Scanreport aus Counterspy posten.
MfG Thaniel |
|
|
||
06.03.2006, 15:17
Ehrenmitglied
Beiträge: 29434 |
||
|
||
06.03.2006, 15:31
Member
Themenstarter Beiträge: 22 |
#13
Spyware Scan Details
Start Date: 05.03.2006 22:44:44 End Date: 06.03.2006 00:08:49 Total Time: 1 hrs 24 mins 5 secs Detected spyware Claria.GAIN Adware more information... Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time. Status: Deleted Infected files detected c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\about gain publishing.lnk c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\gain publishing web site.url BearShare P2P more information... Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs. Status: Deleted Infected files detected c:\programme\bearshare\bearshare.dat c:\programme\bearshare\bearshare.exe c:\programme\bearshare\bsidle.dll c:\programme\bearshare\freepeers.ini c:\programme\bearshare\history.txt c:\programme\bearshare\install.log c:\programme\bearshare\runmsc.dll c:\programme\bearshare\unwise.exe c:\programme\bearshare\webstats.bat c:\programme\bearshare\webstats.exe c:\programme\bearshare\webstats.ini c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\connect.txt c:\programme\bearshare\db\gnucache.dat c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\db\hbcache.dat c:\programme\bearshare\db\hostiles-chat.txt c:\programme\bearshare\db\hostiles.txt c:\programme\bearshare\db\library.2.db c:\programme\bearshare\db\library.2.db.lastgoodload.bak c:\programme\bearshare\db\library.dat c:\programme\bearshare\db\library.db c:\programme\bearshare\db\library.db.lastgoodload.bak c:\programme\bearshare\db\searches.ini c:\programme\bearshare\db\searchtemplates.ini c:\programme\bearshare\logs\console.txt c:\programme\bearshare\logs\hosts-state.txt c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt c:\programme\bearshare\logs\streams.txt c:\programme\bearshare\sounds\notify.wav c:\programme\bearshare\temp\tmp044 - original deutschmacher - lebenslang gruen weiss.dat c:\programme\bearshare\temp\tmp044 - original deutschmacher - lebenslang gruen weiss.dat.bak c:\programme\bearshare\temp\tmp044 - original deutschmacher - lebenslang gruen weiss.mp3 c:\programme\bearshare\temp\tmpbeatsteaks.smacksmach.ace c:\programme\bearshare\temp\tmpbeatsteaks.smacksmach.dat c:\programme\bearshare\temp\tmpbeatsteaks.smacksmach.dat.bak c:\programme\bearshare\temp\tmpbeyonce - naughty girl (speedbreaker remix) {only at euroadrenaline.com}.dat c:\programme\bearshare\temp\tmpbeyonce - naughty girl (speedbreaker remix) {only at euroadrenaline.com}.dat.bak c:\programme\bearshare\temp\tmpbeyonce - naughty girl (speedbreaker remix) {only at euroadrenaline.com}.mp3 c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.dat c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.dat.bak c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.exe c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.tiger c:\programme\bearshare\temp\tmpde höhner - 1 fc köln hymne.dat c:\programme\bearshare\temp\tmpde höhner - 1 fc köln hymne.dat.bak c:\programme\bearshare\temp\tmpde höhner - 1 fc köln hymne.mp3 c:\programme\bearshare\temp\tmpde höhner - 1.fc köln countdown jetzt geht's los (stadionversion).dat c:\programme\bearshare\temp\tmpde höhner - 1.fc köln countdown jetzt geht's los (stadionversion).dat.bak c:\programme\bearshare\temp\tmpde höhner - 1.fc köln countdown jetzt geht's los (stadionversion).mp3 c:\programme\bearshare\temp\tmpde höhner - jetzt gehts los.dat c:\programme\bearshare\temp\tmpde höhner - jetzt gehts los.dat.bak c:\programme\bearshare\temp\tmpde höhner - jetzt gehts los.mp3 c:\programme\bearshare\temp\tmpdie toten hosen vfl bochum anti köln song.dat c:\programme\bearshare\temp\tmpdie toten hosen vfl bochum anti köln song.dat.bak c:\programme\bearshare\temp\tmpdie toten hosen vfl bochum anti köln song.mp3 c:\programme\bearshare\temp\tmpdie ärzte - zum bäcker.dat c:\programme\bearshare\temp\tmpdie ärzte - zum bäcker.dat.bak c:\programme\bearshare\temp\tmpdie ärzte - zum bäcker.mp3 c:\programme\bearshare\temp\tmpfinal fantasy viii - the extreme.mp3 c:\programme\bearshare\temp\tmpkarneval de höhner - dicke mädchen haben schöne namen.dat c:\programme\bearshare\temp\tmpkarneval de höhner - dicke mädchen haben schöne namen.dat.bak c:\programme\bearshare\temp\tmpkarneval de höhner - dicke mädchen haben schöne namen.mp3 c:\programme\bearshare\temp\tmpkarneval de höhner - dicke mädchen haben schöne namen.tiger c:\programme\bearshare\temp\tmpmadsen - lüg mich an.dat c:\programme\bearshare\temp\tmpmadsen - lüg mich an.dat.bak c:\programme\bearshare\temp\tmpmadsen - lüg mich an.mp3 c:\programme\bearshare\temp\tmpmadsen - wohin.dat c:\programme\bearshare\temp\tmpmadsen - wohin.dat.bak c:\programme\bearshare\temp\tmpmadsen - wohin.mp3 c:\programme\bearshare\temp\tmpthe offspring - original prankster.mp3 c:\programme\bearshare\temp\tmpvolker lechtenbrink - hitch hike baby, kleine rasthauslady.dat c:\programme\bearshare\temp\tmpvolker lechtenbrink - hitch hike baby, kleine rasthauslady.dat.bak c:\programme\bearshare\temp\tmpvolker lechtenbrink - hitch hike baby, kleine rasthauslady.mp3 c:\programme\bearshare\temp\tmpwalls of jericho - why father (hellfest 2000).dat c:\programme\bearshare\temp\tmpwalls of jericho - why father (hellfest 2000).dat.bak c:\programme\bearshare\temp\tmpwalls of jericho - why father (hellfest 2000).mpg Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.1.0.26 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.com/help.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare AntiLeech Plugin Adware more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Deleted Infected files detected c:\programme\anti-leech\alie_1.0.1.6\al2np.dll c:\programme\anti-leech\alie_1.0.1.6\alhlp.exe c:\programme\anti-leech\alie_1.0.1.6\alie.dll c:\programme\anti-leech\alie_1.0.1.6\alie.inf c:\programme\anti-leech\alie_1.0.1.6\iesetup2.exe c:\programme\anti-leech\alnn\al2np.dll c:\programme\anti-leech\alnn\alhlp.exe c:\programme\anti-leech\alnn\npalnn.dll c:\programme\anti-leech\alnn\setup2.exe C:\Dokumente und Einstellungen\Administrator\ALPlugin-1.0.1.6-setup.exe C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera\Opera\ALPlugin-1.0.1.6-setup.exe C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\installdateien\ALPlugin-1.0.1.6-setup.exe C:\Programme\Mozilla Firefox\plugins\al2np.dll C:\Programme\Opera\Plugins\al2np.dll Infected registry entries detected HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0 C:\Programme\Mozilla Firefox\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Opera C:\Programme\Opera\Plugins HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5 C:\Programme\Mozilla Firefox\plugins\ HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\Suffixes HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Path C:\Programme\Anti-Leech\ALNN\npalnn.dll HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Description Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Version 1.0.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Vendor Anti-Leech HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 ProductName Anti-Leech Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u NetPumper Adware Bundler more information... Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar. Status: Deleted Infected files detected c:\dokumente und einstellungen\administrator\anwendungsdaten\netpumper\administrator.ini c:\dokumente und einstellungen\administrator\anwendungsdaten\netpumper\administrator.ini.bak Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free\Firstrun state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free pkid HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free alid n4p3 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free iid {3BCA588F-F338-46FC-AF55-C3F0630F0925} HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo DNMaklAbyRR4Juzvj8U7fxS-WEQ5ZKXervozkQRaRY89HW86c8hSno3aJ1Oc Zds67l5oGRtl67PHp37ifkRuI0XzPr3TT9aDXSOAwcix6ZWyQ1mgVDfjPBDn+DB0vaNdIt4MihR hKRFdauU5RQDgxQDPMkMMnxtAogGWIbls+V4ofeCHa-ukuptD0YMWY-BEFE8NXPCZXGey HKEY_CURRENT_USER\Software\NetPumper HKEY_CURRENT_USER\Software\NetPumper\Administrator Field1 1147259826 HKEY_CURRENT_USER\Software\NetPumper\Administrator Field2 1795181542 HKEY_CURRENT_USER\Software\NetPumper\Administrator Field3 1179495030 HKEY_CURRENT_USER\Software\NetPumper\Administrator Field4 823037983 HKEY_CURRENT_USER\Software\NetPumper\Administrator PreferenceFile C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NetPumper\Administrator.ini HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2 HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2 HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage YourSiteBar Spyware more information... Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar. Status: Deleted Infected files detected c:\windows\downloaded program files\ysbactivex.inf Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\YSBactivex.dll SpySheriff Misc more information... Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected files detected C:\!KillBox\desktop.html Infected registry entries detected HKEY_CURRENT_USER\Software\SpySheriff HKEY_CURRENT_USER\Software\SNO2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoChangingWallpaper 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoComponents 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoAddingComponents 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoEditingComponents 0 Unclassified.Trojan.111 Trojan more information... Status: Deleted Infected files detected C:\!KillBox\kl.exe Adw.CmdService Adware more information... Details: Adw.CmdService is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. Status: Deleted Infected files detected C:\!KillBox\netmon.exe C:\!KillBox\uninstall_nmon.vbs Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum 0 Root\LEGACY_CMDSERVICE\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum 0 Root\LEGACY_CMDSERVICE\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies {645FF040-5081-101B-9F08-00AA002F954E} 0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies {6BF52A52-394A-11D3-B153-00C04F79FAA6} 6 John the Ripper 1.6 Potentially dangerous utilities/tools more information... Details: John the Ripper is password cracker that is designed to be both powerful and fast. It combines several cracking modes in one program and is fully configurable. Also, John is available for several different platforms, which enables you to use the same crac Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Downloads\john-16w.zip WhenU.SaveNow Adware more information... Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior. Status: Deleted Infected files detected C:\Programme\BearShare\RunMSC.dll C:\Programme\BearShare\Webstats.exe C:\Programme\BearShare\Webstats.ini Infected registry entries detected HKEY_CLASSES_ROOT\runmsc.loader.1\clsid HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\clsid HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\curver HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class RBot.steam Trojan more information... Status: Deleted Infected files detected C:\Programme\Valve\platform\steam_dev.exe KaZaA P2P more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa\Advanced HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 1 HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 0 HKEY_CURRENT_USER\software\kazaa HKEY_CURRENT_USER\software\kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\software\kazaa\Advanced SuperNode 1 HKEY_CURRENT_USER\software\kazaa\Advanced ScanFolder 0 HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoreAll 0 HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoredUsers HKEY_CURRENT_USER\software\kazaa\k-lite InstallSig 6 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Video 0,1,2,3,4,5,6,7,8,9,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Image 0,1,2,3,4,5,6,7,8,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder All 0,1,2,3,4,5,6,7, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Software 0,1,2,3,4,5,6,7,8, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Audio 0,1,2,3,4,5,6,7,8,9,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Other 0,1,2,3, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Document 0,1,2,3,4,5,6,7,8,9, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder PlaylistNode 0,1,2,3,4,5,6,7,8,9,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Video 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Image 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 All 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Software 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Audio 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Other 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Document 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 PlaylistNode 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Video 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Image 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 All 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Software 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Audio 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Other 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Document 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 PlaylistNode 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Video 153,57,98,75,70,52,70,78,75,70,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Image 153,57,98,70,75,70,70,70,75,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths All 153,57,98,70,75,70,75,245, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Software 153,57,98,75,70,70,70,75,245, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Audio 153,57,98,70,75,52,49,78,38,75,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Other 153,98,70,52, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Document 153,57,98,75,70,78,70,70,75,245, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths PlaylistNode 153,57,98,75,70,52,70,78,75,70,0, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Video -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1 ,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Image -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns All -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Software -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Audio -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Other -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Document -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns PlaylistNode -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,- 1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 0 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 1 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 2 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 3 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 4 95 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 5 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 6 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 7 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 8 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 0 161 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 1 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 4 116 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 5 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 6 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 7 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 8 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 9 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 0 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 1 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 2 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 3 130 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 4 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 5 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 6 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 7 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 8 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 9 182 HKEY_CURRENT_USER\software\kazaa\LocalContent DisableSharing 0 HKEY_CURRENT_USER\software\kazaa\LocalContent DownloadDir C:\My Shared Folder HKEY_CURRENT_USER\software\kazaa\ResultsFilter adult_filter_level 0 HKEY_CURRENT_USER\software\kazaa\ResultsFilter showDisableAdultFilter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter password HKEY_CURRENT_USER\software\kazaa\ResultsFilter virus_filter 0 HKEY_CURRENT_USER\software\kazaa\ResultsFilter firewall_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter bogus_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter custom_filter_phrases .scr, .vbs, .jpg.exe, .jpg.vbs, .avi.exe, .avi.vbs, .mp3.exe, .mp3.vbs, -fulldownloader, 3-fulldwnloader, -full-downloader, -games-fulldownloader, divx-fulldownloader, 3-full-dwnloader- HKEY_CURRENT_USER\software\kazaa\Skins SkinsDir C:\Programme\Kazaa Lite K++\Skins HKEY_CURRENT_USER\software\kazaa\SOCKS Enabled 0 HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentDownloads 4 HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentUploads 4 HKEY_CURRENT_USER\software\kazaa\Transfer UploadBandwidth 0 HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 0 HKEY_CURRENT_USER\software\kazaa\Transfer CacheHost 0 HKEY_CURRENT_USER\software\kazaa\Transfer CachePort 0 HKEY_CURRENT_USER\software\kazaa\Transfer CacheDiscoveryTime 1119968913 HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0 C:\My Shared Folder HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode DE HKEY_CURRENT_USER\software\kazaa\UserDetails UserName daniell HKEY_CURRENT_USER\software\kazaa\UserDetails Email user@kazaalite.kpp HKEY_CURRENT_USER\software\kazaa\UserDetails Newsletter 0 HKEY_CURRENT_USER\software\kazaa\UserDetails AutoConnected 0 HKEY_CURRENT_USER\software\kazaa LimitBitrate 0 HKEY_CURRENT_USER\software\kazaa LastSearchHash CoolWebSearch.StartPage Browser Hijacker more information... Details: CoolWebSearch StartPage hijacks Internet Explorers start page not allowing the user to change this URL. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Bar_bak HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page_bak Trojan.Downloader.AXLoad Trojan Downloader more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000000-7777-0704-0B53-2C8830E9FAEC} SDBot Worm more information... Details: SDBot is the name of a family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F5192746-22D6-41BD-9D2D-1E75D14FBD3C} SearchRelevancy Adware more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\searchrelevancy HKEY_LOCAL_MACHINE\software\searchrelevancy\Update TimeStamp 1105475091 HKEY_LOCAL_MACHINE\software\searchrelevancy ID 8F5B7A9F Windows AdTools Adware more information... Details: Windows AdTools is an ad delivery software which provides targeted advertising offers. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdTools Service Trojan.Desktophijack Trojan more information... Details: Trojan.Desktophijack modifies the home page and desktop settings on a compromised computer. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ForceActiveDesktopOn 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html Trojan.vxgame Trojan more information... Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoChangingWallpaper 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoComponents 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoDeletingComponents 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoHTMLWallPaper 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoEditingComponents 0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoAddingComponents 0 Trojan.Downloader.Small.popcorn Trojan Downloader more information... Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html Adw.StartPage.TimesSquare Adware more information... Details: Adw.StartPage.TimesSquare hijacks the IE start page and search pages and displays ads. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Policies {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Trojan.PayTime Trojan more information... Details: Trojan.PayTime modifies the default Internet Explorer start page to the a spyware-related URL by modifying the systems registry. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Default_Page_URL c:\secure32.html UCMoreSearchAccelerator Spyware more information... Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\UCmore - The Search Accelerator HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\UCmore - The Search Accelerator Order |
|
|
||
06.03.2006, 15:35
Ehrenmitglied
Beiträge: 29434 |
#14
1.
nun scanne noch mal mit Counterspy, solange, bis alles sauber bleibt. 2. dann schreibe mir bitte den kompletten Namen/Pfad : C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE.... C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR.... 3 smitfraud.fix--> arbeite Option 1 und 2 ab und poste immer den scanreport http://virus-protect.org/artikel/tools/smitfrautfix.html 4. Lade :smitRem TOOL (Entfernungstool) * Laden: SmitRem2.8 http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 - Oeffne smitRem folder, Doppelklick: RunThis.bat - warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) - suche smitfiles.txt und poste die Textdatei in den Thread 5. scanne laut Anweisungen mit escan und poste den scanreport http://virus-protect.org/escan.html ---------------------------------------------------------------------------- ps: deinstalliere --> NetPumper The Search Accelerator DeskAd Service BearShare gain publishing ** __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.03.2006, 17:39
Member
Themenstarter Beiträge: 22 |
#15
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\send web\toollist.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\8015BC.sys C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\baitbowsbore.exe C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\Chicbashpile01.exe C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\dogaxis.exe C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\kgujbuhn.exe C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\lufwyrkf.exe C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\wkxdsinu.exe 3. Option 1: SmitFraudFix v2.22 Rapport fait à 17:42:15,96 le 06.03.2006 Executé à partir de C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche ...\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" [HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Option 2: SmitFraudFix v2.22 Rapport fait à 17:43:07,48 le 06.03.2006 Executé à partir de C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Der Rest folgt.. Dieser Beitrag wurde am 06.03.2006 um 17:44 Uhr von Thaniel editiert.
|
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 14:30:08, on 05.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Network Monitor\netmon.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Symphony\sw_serv.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe
C:\Programme\Gadu-Gadu\gg.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Symphony\maestro.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programme\iTunes\iTunes.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otzofdwxjijkexycdfchxvjk.net/LcBVhruWnLyfYPwSKQWdC9zVCwDg4Gn5rsM4adb2DL49jzZlEG7cu6PPZ5lwev29.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hummelpower.de.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zigeunerpack.de.vu
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.jp/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.zigeunerpack.de.vu
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.88.140.130:80
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEHelper - {34c57e67-a8ae-41d9-b1c0-0b71a5d432df} - C:\WINDOWS\System32\Q1130875.dll (file missing)
O2 - BHO: CommandBar.CtrlMHook - {3f1ab67e-12aa-352e-b4e0-a5f1810b60dd} - mscoree.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {4E058772-5DD7-9F89-E456-128B7C0C3623} - C:\DOKUME~1\ADMINI~1\ANWEND~1\SENDWE~1\toollist.exe
O2 - BHO: (no name) - {5136717B-6F8B-46F7-BC10-936577C54B46} - C:\WINDOWS\system32\IVIresi{eM6.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\programme\steganos internet anonym 2006\sia2006iep.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programme\Gemeinsame Dateien\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [xkjloaagun] C:\WINDOWS\System32\dlulsgz.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [DTVR Agent] C:\Programme\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [l23oteav] C:\WINDOWS\system32\l23oteav.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ENC ACTIVE] C:\DOKUME~1\ADMINI~1\ANWEND~1\OBJWAR~1\dogaxis.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SIA2006] "C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe" -boot
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programme\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DTVR Remote Control.lnk = C:\Programme\V-Stream Multimedia\DVB-T\DVBTRCtl.exe
O4 - Global Startup: T-Sinus 931 Konfiguration.lnk = C:\Programme\Symphony\maestro.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RF - &Menü anpassen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - Formular ausf&üllen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular sp&eichern - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausf&üllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular sp&eichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: Richfind - {5E120240-C1C8-48BE-8871-FAFAA58F971D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-&Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Richfind - {993392EB-4D01-4871-B86F-5D9EF7D31ADF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: concept/design's onlineTV - {AD867732-A0C4-4638-83BF-033E2D6CB7DC} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Richfind - {E12A8693-3EB9-470E-9383-713F905550BC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/gerpep_nopop.exe
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} -
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://
www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?2&4&04.00.03.15&unknown&unknown&http://
www.burghausen.de/stadtinfo/stadtplan/plan2002.cfm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {F834FDED-CB7E-4CAC-878B-16089C04EFC7} (Flatcast Producer 4.12) - http://www.flatcast.de/objects/NpFp412.dll
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Accessibility - C:\WINDOWS\system32\1x_43260.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: switcher - C:\WINDOWS\SYSTEM32\sw_note.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Blpyst - Broadcom Corporation - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symphony Switcher Service - Unknown owner - C:\Programme\Symphony\sw_serv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
Dann hier der Rest:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D
Verzeichnis von C:\WINDOWS\system32
08.02.2006 06:23 4.513.120 MRT.exe
04.02.2006 20:40 1.158 wpa.dbl
18.01.2006 13:05 57.344 avsda.dll
04.01.2006 04:35 68.096 webclnt.dll
29.12.2005 03:54 280.064 gdi32.dll
16.12.2005 15:46 7.006 jupdate-1.5.0_06-b05.log
14.12.2005 09:24 118.784 sirenacm.dll
10.12.2005 17:16 4.081 paytime.exe
08.12.2005 13:56 65.536 QuickTimeVR.qtx
08.12.2005 13:56 49.152 QuickTime.qts
06.12.2005 06:02 5.533.696 wmp.dll
02.12.2005 14:17 0 v2o537em.html
02.12.2005 14:17 3.469 l23oteav.ini
01.12.2005 04:31 1.492.480 shdocvw.dll
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D
Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp
05.03.2006 15:01 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}21206.html
05.03.2006 14:58 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}3641.html
05.03.2006 14:57 0 zze59.tmp
05.03.2006 14:52 512 ~DFC1CF.tmp
05.03.2006 14:51 0 fxn56.tmp
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D
Verzeichnis von C:\WINDOWS
05.03.2006 13:59 1.769 wcx_ftp.ini
05.03.2006 13:19 54.156 QTFont.qfn
05.03.2006 11:50 575 wincmd.ini
05.03.2006 11:28 0 0.log
05.03.2006 11:27 1.192.530 WindowsUpdate.log
05.03.2006 11:27 2.048 bootstat.dat
05.03.2006 00:15 32.462 SchedLgU.Txt
04.03.2006 16:39 1.409 QTFont.for
02.03.2006 23:13 215 wiadebug.log
02.03.2006 23:02 50 wiaservc.log
01.03.2006 20:47 1.503 IE4 Error Log.txt
25.02.2006 23:33 1.373 HAFASWIN.INI
25.02.2006 16:47 116 NeroDigital.ini
25.02.2006 16:39 401.550 setupapi.log
24.02.2006 16:08 121 GEARInstall.log
16.02.2006 15:49 29.757 spupdsvc.log
15.02.2006 21:57 70.180 comsetup.log
15.02.2006 21:57 1.374 imsins.log
15.02.2006 21:57 331.433 tsoc.log
15.02.2006 21:57 33.212 ocmsn.log
15.02.2006 21:57 147.287 ntdtcsetup.log
15.02.2006 21:57 34.790 tabletoc.log
15.02.2006 21:57 828.139 iis6.log
15.02.2006 21:57 10.638 KB911927.log
15.02.2006 21:57 35.516 msgsocm.log
15.02.2006 21:57 28.245 medctroc.Log
15.02.2006 21:57 122.289 netfxocm.log
15.02.2006 21:57 102.004 ocgen.log
15.02.2006 21:57 679.532 FaxSetup.log
15.02.2006 21:57 224.782 msmqinst.log
15.02.2006 21:57 28.397 updspapi.log
15.02.2006 21:57 1.374 imsins.BAK
15.02.2006 21:57 6.413 KB911564.log
15.02.2006 21:57 9.214 wmsetup.log
15.02.2006 21:56 6.651 KB911565.log
15.02.2006 21:56 6.637 KB913446.log
13.02.2006 21:09 0 winsysupd81.dat
13.02.2006 21:09 42 drsmartload2.dat
13.02.2006 21:09 0 gimmygames1.dat
13.02.2006 21:08 40 teller2.chk
11.01.2006 21:33 10.037 KB908519.log
06.01.2006 11:05 11.020 KB912919.log
03.01.2006 17:45 1.989 uninstall_nmon.vbs
28.12.2005 19:46 150 AIMPR.INI
22.12.2005 02:28 60 setupact.log
21.12.2005 22:51 32.091 DirectX.log
20.12.2005 17:55 55.113 HAFASINS.LOG
16.12.2005 21:51 10.999 KB910437.log
16.12.2005 21:51 16.791 KB905915.log
10.12.2005 17:17 2.033 hosts
10.12.2005 17:17 1.999 desktop.html
So das wars dann erstmal, hoffe ihr könnt mir irgendwie weiter helfen, danke schonmal im voraus.