Spyware Infection

#0
05.03.2006, 15:04
Member

Beiträge: 22
#1 Hi, hab das selbe Problem wie einige andere...also zunächst mal die hjt logs:

Logfile of HijackThis v1.99.1
Scan saved at 14:30:08, on 05.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Network Monitor\netmon.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Symphony\sw_serv.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe
C:\Programme\Gadu-Gadu\gg.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Symphony\maestro.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\totalcmd\TOTALCMD.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programme\iTunes\iTunes.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otzofdwxjijkexycdfchxvjk.net/LcBVhruWnLyfYPwSKQWdC9zVCwDg4Gn5rsM4adb2DL49jzZlEG7cu6PPZ5lwev29.html


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hummelpower.de.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zigeunerpack.de.vu
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.co.jp/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.zigeunerpack.de.vu
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.88.140.130:80
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEHelper - {34c57e67-a8ae-41d9-b1c0-0b71a5d432df} - C:\WINDOWS\System32\Q1130875.dll (file missing)
O2 - BHO: CommandBar.CtrlMHook - {3f1ab67e-12aa-352e-b4e0-a5f1810b60dd} - mscoree.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {4E058772-5DD7-9F89-E456-128B7C0C3623} - C:\DOKUME~1\ADMINI~1\ANWEND~1\SENDWE~1\toollist.exe
O2 - BHO: (no name) - {5136717B-6F8B-46F7-BC10-936577C54B46} - C:\WINDOWS\system32\IVIresi{eM6.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\programme\steganos internet anonym 2006\sia2006iep.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programme\Gemeinsame Dateien\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [xkjloaagun] C:\WINDOWS\System32\dlulsgz.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [DTVR Agent] C:\Programme\V-Stream Multimedia\DVB Plus\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [l23oteav] C:\WINDOWS\system32\l23oteav.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ENC ACTIVE] C:\DOKUME~1\ADMINI~1\ANWEND~1\OBJWAR~1\dogaxis.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SIA2006] "C:\Programme\Steganos Internet Anonym 2006\SIA2006.exe" -boot
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programme\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DTVR Remote Control.lnk = C:\Programme\V-Stream Multimedia\DVB-T\DVBTRCtl.exe
O4 - Global Startup: T-Sinus 931 Konfiguration.lnk = C:\Programme\Symphony\maestro.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RF - &Menü anpassen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - Formular ausf&üllen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular sp&eichern - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll

O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausf&üllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular sp&eichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: Richfind - {5E120240-C1C8-48BE-8871-FAFAA58F971D} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-&Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Richfind - {993392EB-4D01-4871-B86F-5D9EF7D31ADF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: concept/design's onlineTV - {AD867732-A0C4-4638-83BF-033E2D6CB7DC} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Richfind - {E12A8693-3EB9-470E-9383-713F905550BC} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/gerpep_nopop.exe
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} -
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://
www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?2&4&04.00.03.15&unknown&unknown&http://
www.burghausen.de/stadtinfo/stadtplan/plan2002.cfm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {F834FDED-CB7E-4CAC-878B-16089C04EFC7} (Flatcast Producer 4.12) - http://www.flatcast.de/objects/NpFp412.dll
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Accessibility - C:\WINDOWS\system32\1x_43260.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: switcher - C:\WINDOWS\SYSTEM32\sw_note.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Blpyst - Broadcom Corporation - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symphony Switcher Service - Unknown owner - C:\Programme\Symphony\sw_serv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe


Dann hier der Rest:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D

Verzeichnis von C:\WINDOWS\system32

08.02.2006 06:23 4.513.120 MRT.exe
04.02.2006 20:40 1.158 wpa.dbl
18.01.2006 13:05 57.344 avsda.dll
04.01.2006 04:35 68.096 webclnt.dll
29.12.2005 03:54 280.064 gdi32.dll
16.12.2005 15:46 7.006 jupdate-1.5.0_06-b05.log
14.12.2005 09:24 118.784 sirenacm.dll
10.12.2005 17:16 4.081 paytime.exe
08.12.2005 13:56 65.536 QuickTimeVR.qtx
08.12.2005 13:56 49.152 QuickTime.qts
06.12.2005 06:02 5.533.696 wmp.dll
02.12.2005 14:17 0 v2o537em.html
02.12.2005 14:17 3.469 l23oteav.ini

01.12.2005 04:31 1.492.480 shdocvw.dll

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D

Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

05.03.2006 15:01 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}21206.html
05.03.2006 14:58 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}3641.html
05.03.2006 14:57 0 zze59.tmp
05.03.2006 14:52 512 ~DFC1CF.tmp
05.03.2006 14:51 0 fxn56.tmp


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D

Verzeichnis von C:\WINDOWS

05.03.2006 13:59 1.769 wcx_ftp.ini
05.03.2006 13:19 54.156 QTFont.qfn
05.03.2006 11:50 575 wincmd.ini
05.03.2006 11:28 0 0.log
05.03.2006 11:27 1.192.530 WindowsUpdate.log
05.03.2006 11:27 2.048 bootstat.dat
05.03.2006 00:15 32.462 SchedLgU.Txt
04.03.2006 16:39 1.409 QTFont.for
02.03.2006 23:13 215 wiadebug.log
02.03.2006 23:02 50 wiaservc.log
01.03.2006 20:47 1.503 IE4 Error Log.txt
25.02.2006 23:33 1.373 HAFASWIN.INI
25.02.2006 16:47 116 NeroDigital.ini
25.02.2006 16:39 401.550 setupapi.log
24.02.2006 16:08 121 GEARInstall.log
16.02.2006 15:49 29.757 spupdsvc.log
15.02.2006 21:57 70.180 comsetup.log
15.02.2006 21:57 1.374 imsins.log
15.02.2006 21:57 331.433 tsoc.log
15.02.2006 21:57 33.212 ocmsn.log
15.02.2006 21:57 147.287 ntdtcsetup.log
15.02.2006 21:57 34.790 tabletoc.log
15.02.2006 21:57 828.139 iis6.log
15.02.2006 21:57 10.638 KB911927.log
15.02.2006 21:57 35.516 msgsocm.log
15.02.2006 21:57 28.245 medctroc.Log
15.02.2006 21:57 122.289 netfxocm.log
15.02.2006 21:57 102.004 ocgen.log
15.02.2006 21:57 679.532 FaxSetup.log
15.02.2006 21:57 224.782 msmqinst.log
15.02.2006 21:57 28.397 updspapi.log
15.02.2006 21:57 1.374 imsins.BAK
15.02.2006 21:57 6.413 KB911564.log
15.02.2006 21:57 9.214 wmsetup.log
15.02.2006 21:56 6.651 KB911565.log
15.02.2006 21:56 6.637 KB913446.log
13.02.2006 21:09 0 winsysupd81.dat
13.02.2006 21:09 42 drsmartload2.dat
13.02.2006 21:09 0 gimmygames1.dat
13.02.2006 21:08 40 teller2.chk

11.01.2006 21:33 10.037 KB908519.log
06.01.2006 11:05 11.020 KB912919.log
03.01.2006 17:45 1.989 uninstall_nmon.vbs
28.12.2005 19:46 150 AIMPR.INI
22.12.2005 02:28 60 setupact.log
21.12.2005 22:51 32.091 DirectX.log
20.12.2005 17:55 55.113 HAFASINS.LOG
16.12.2005 21:51 10.999 KB910437.log
16.12.2005 21:51 16.791 KB905915.log
10.12.2005 17:17 2.033 hosts
10.12.2005 17:17 1.999 desktop.html


So das wars dann erstmal, hoffe ihr könnt mir irgendwie weiter helfen, danke schonmal im voraus.
Seitenanfang Seitenende
05.03.2006, 16:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Thaniel

1.
stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

2.
deinstalliere:
MessengerPlus! 3

3.
dann poste bitte noch mal die 4 Textdateien von datfindbat..bis oktober 2005

4.
Lade echo.zip --> enpacken--> klicke echo.bat --> der Texteditor wird sich oeffnen--> Text abkopieren
http://virus-protect.org/bat/echo.zip

5.
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Network Monitor

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.03.2006, 17:17
Member

Themenstarter

Beiträge: 22
#3 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D

Verzeichnis von C:\WINDOWS\system32

08.02.2006 06:23 4.513.120 MRT.exe
04.02.2006 20:40 1.158 wpa.dbl
18.01.2006 13:05 57.344 avsda.dll
04.01.2006 04:35 68.096 webclnt.dll
29.12.2005 03:54 280.064 gdi32.dll
16.12.2005 15:46 7.006 jupdate-1.5.0_06-b05.log
14.12.2005 09:24 118.784 sirenacm.dll
10.12.2005 17:16 4.081 paytime.exe
08.12.2005 13:56 65.536 QuickTimeVR.qtx
08.12.2005 13:56 49.152 QuickTime.qts
06.12.2005 06:02 5.533.696 wmp.dll
02.12.2005 14:17 0 v2o537em.html
02.12.2005 14:17 3.469 l23oteav.ini
01.12.2005 04:31 1.492.480 shdocvw.dll
24.11.2005 00:58 1.022.464 browseui.dll
24.11.2005 00:58 3.013.632 mshtml.dll
10.11.2005 17:48 381.632 FNTCACHE.DAT
10.11.2005 13:03 127.078 javaws.exe
10.11.2005 13:03 49.265 jpicpl32.cpl
10.11.2005 11:27 49.250 javaw.exe
10.11.2005 11:27 49.248 java.exe
05.11.2005 04:16 606.208 urlmon.dll
05.11.2005 04:16 1.056.256 danim.dll
30.10.2005 21:23 2.576 PerfStringBackup.TMP
29.10.2005 06:52 307.200 atiiiexx.dll
29.10.2005 06:13 258.048 ATIDEMGR.dll
29.10.2005 05:32 6.684.672 atioglx1.dll
29.10.2005 04:27 4.866.048 atioglxx.dll
29.10.2005 04:12 247.296 ati2dvag.dll
29.10.2005 04:08 110.592 atipdlxx.dll
29.10.2005 04:07 77.824 Oemdspif.dll
29.10.2005 04:07 26.112 Ati2mdxx.exe
29.10.2005 04:07 40.960 ati2edxx.dll
29.10.2005 04:07 47.616 ati2evxx.dll
29.10.2005 04:06 389.120 ati2evxx.exe
29.10.2005 04:06 53.248 ATIDDC.DLL
29.10.2005 03:58 2.491.808 ati3duag.dll
29.10.2005 03:52 603.040 ativvaxx.dll
29.10.2005 03:40 151.552 atikvmag.dll
29.10.2005 03:21 17.408 atitvo32.dll
29.10.2005 03:16 237.568 ati2cqag.dll
28.10.2005 21:05 520.192 ati2sgag.exe
21.10.2005 04:40 664.064 wininet.dll
21.10.2005 04:40 474.112 shlwapi.dll
21.10.2005 04:40 530.944 mstime.dll
21.10.2005 04:40 39.424 pngfilt.dll
21.10.2005 04:40 448.512 mshtmled.dll
21.10.2005 04:40 146.432 msrating.dll
21.10.2005 04:40 96.768 inseng.dll
21.10.2005 04:40 152.064 cdfview.dll
21.10.2005 04:40 251.392 iepeers.dll
21.10.2005 04:40 205.312 dxtrans.dll
21.10.2005 04:40 55.808 extmgr.dll
20.10.2005 23:25 1.094.144 esent.dll
17.10.2005 22:20 118.272 t2embed.dll
17.10.2005 22:20 80.896 fontsub.dll
17.10.2005 15:15 110.293 atiicdxx.dat
13.10.2005 00:11 15.584 spmsg.dll
06.10.2005 04:08 1.839.616 win32k.sys
23.09.2005 04:06 8.491.520 shell32.dll
14.09.2005 20:17 53.248 pxhpinst.exe
10.09.2005 02:54 2.067.968 cdosys.dll
07.09.2005 19:28 35.184 b6j198q7.dat
07.09.2005 19:28 188.144 ajdfcutb.dat
07.09.2005 19:28 4.240 cpok6im2.dat
04.09.2005 20:53 0 t6c9iao0.html
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
30.08.2005 04:55 1.292.800 quartz.dll
24.08.2005 18:25 6.020 atifglpf.xml
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll
11.08.2005 16:11 65.024 nwwks.dll
26.07.2005 05:39 101.376 txflog.dll
26.07.2005 05:39 37.888 olecnv32.dll
26.07.2005 05:39 397.824 rpcss.dll
26.07.2005 05:39 74.752 olecli32.dll
26.07.2005 05:39 11.776 xolehlp.dll
26.07.2005 05:39 1.285.120 ole32.dll
26.07.2005 05:39 66.560 mtxclu.dll
26.07.2005 05:39 91.136 mtxoci.dll
26.07.2005 05:39 945.152 msdtctm.dll
26.07.2005 05:39 161.280 msdtcuiu.dll
26.07.2005 05:39 425.472 msdtcprx.dll
26.07.2005 05:39 243.200 es.dll
26.07.2005 05:39 540.160 comuid.dll
26.07.2005 05:39 1.267.200 comsvcs.dll
26.07.2005 05:39 498.688 clbcatq.dll
26.07.2005 05:39 60.416 colbact.dll
26.07.2005 05:39 97.792 comrepl.dll
26.07.2005 05:39 625.152 catsrvut.dll
26.07.2005 05:39 225.792 catsrv.dll
26.07.2005 05:39 110.080 clbcatex.dll
19.07.2005 20:11 4.096 crash
19.07.2005 19:32 35 dod1tc5q.ini
19.07.2005 19:32 35 k4cqcejp.ini
16.07.2005 06:09 3.799 jupdate-1.5.0_04-b05.log
10.07.2005 12:34 56 winxp32.sys
09.07.2005 10:22 100 LuResult.txt
08.07.2005 17:28 76.800 remotesp.tsp
08.07.2005 17:28 249.344 tapisrv.dll
01.07.2005 13:58 1.603.808 NpFp415.dll
29.06.2005 02:49 254.976 icm32.dll
29.06.2005 02:49 74.240 mscms.dll
28.06.2005 09:21 22.752 spupdsvc.exe
26.06.2005 17:06 77.824 GkSui20.EXE
15.06.2005 18:49 295.936 kerberos.dll
11.06.2005 00:53 57.856 spoolsv.exe
31.05.2005 10:20 79.432 GEARAspi.dll
27.05.2005 03:04 546.304 hhctrl.ocx
27.05.2005 03:04 41.472 hhsetup.dll
27.05.2005 03:04 137.216 itss.dll
27.05.2005 03:04 155.136 itircl.dll
26.05.2005 15:34 2.297.552 d3dx9_26.dll
26.05.2005 03:16 18.200 wups2.dll
26.05.2005 03:16 41.240 wups.dll
26.05.2005 03:16 173.536 wuweb.dll
26.05.2005 03:16 1.343.768 wuaueng.dll
26.05.2005 03:16 198.424 iuengine.dll
26.05.2005 03:16 75.544 cdm.dll
26.05.2005 03:16 124.696 wuauclt.exe
26.05.2005 03:16 174.872 wuauclt1.exe
26.05.2005 03:16 174.872 wuaucpl.cpl
26.05.2005 03:16 194.840 wuaueng1.dll
26.05.2005 03:16 466.200 wuapi.dll
26.05.2005 03:16 128.280 wucltui.dll
17.05.2005 01:42 17.408 xpsp3res.dll
15.05.2005 23:36 3.069 jupdate-1.5.0_02-b09.log
11.05.2005 03:30 78.336 telnet.exe
04.05.2005 13:45 2.890.240 msi.dll
21.03.2005 14:00 271.360 msihnd.dll
21.03.2005 14:00 78.848 msiexec.exe
21.03.2005 14:00 884.736 msimsg.dll
21.03.2005 14:00 15.360 msisip.dll
20.03.2005 13:39 4.212 zllictbl.dat
18.03.2005 17:19 2.337.488 d3dx9_25.dll
11.03.2005 23:48 56.320 pxinsa64.exe
11.03.2005 23:48 109.568 pxinsi64.exe
11.03.2005 23:48 56.832 pxcpya64.exe
11.03.2005 23:48 108.544 pxcpyi64.exe
11.03.2005 23:28 151.552 pxwma.dll
11.03.2005 23:28 405.504 pxdrv.dll
11.03.2005 23:28 172.032 pxmas.dll
11.03.2005 23:28 339.968 pxwave.dll
11.03.2005 23:28 339.968 px.dll
11.03.2005 23:28 28.672 vxblock.dll
07.03.2005 21:19 2.151.936 kernel1.exe
02.03.2005 19:09 56.832 authz.dll
02.03.2005 19:09 578.560 user32.dll
02.03.2005 19:06 2.017.792 ntkrnlpa.exe
02.03.2005 19:06 2.138.112 ntoskrnl.exe
14.02.2005 02:12 45.056 CSvidcap.dll
27.01.2005 14:39 466.944 capicom.dll
16.12.2004 21:10 383.390 perfh009
16.12.2004 21:10 394.830 perfh007
16.12.2004 21:10 53.744 perfc009
16.12.2004 21:10 64.796 perfc007
16.12.2004 21:10 906.376 PerfStringBackup.INI
08.12.2004 13:49 340.240 FNTCACHE
07.12.2004 20:33 96.768 srvsvc.dll
06.12.2004 22:47 995 oeminfo.ini
06.12.2004 22:47 8.326 oemlogo.rar
30.11.2004 12:28 86.094 ImageDrive.cpl
20.11.2004 19:27 2.368 SVKP.sys
17.11.2004 18:42 356.352 hypertrm.dll
16.11.2004 22:17 68.608 hlink.dll
10.11.2004 16:45 16.832 amcompat.tlb
10.11.2004 16:45 23.392 nscompat.tlb
29.10.2004 09:29 251 spupdwxp.log
28.10.2004 02:23 729.600 lsasrv.dll
19.10.2004 11:18 34.064 lhacm.acm
06.10.2004 15:30 3.207 jupdate-1.4.2_05-b04.log
04.10.2004 02:10 98.304 tsccvid.dll

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D

Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

05.03.2006 17:12 16.384 Perflib_Perfdata_950.dat
05.03.2006 17:12 16.384 Perflib_Perfdata_348.dat
05.03.2006 17:11 16.384 Perflib_Perfdata_11c.dat
05.03.2006 17:10 408 jusched.log
05.03.2006 17:06 1.806 MsgPlusUninst.bat
5 Datei(en) 51.366 Bytes
0 Verzeichnis(se), 8.466.014.208 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D

Verzeichnis von C:\WINDOWS

05.03.2006 17:12 54.156 QTFont.qfn
05.03.2006 17:10 0 0.log
05.03.2006 17:10 1.197.346 WindowsUpdate.log
05.03.2006 17:09 2.048 bootstat.dat
05.03.2006 17:07 32.462 SchedLgU.Txt
05.03.2006 15:13 572 wincmd.ini
05.03.2006 13:59 1.769 wcx_ftp.ini
04.03.2006 16:39 1.409 QTFont.for
02.03.2006 23:13 215 wiadebug.log
02.03.2006 23:02 50 wiaservc.log
25.02.2006 23:33 1.373 HAFASWIN.INI
25.02.2006 16:47 116 NeroDigital.ini
25.02.2006 16:39 401.550 setupapi.log
24.02.2006 16:08 121 GEARInstall.log
16.02.2006 15:49 29.757 spupdsvc.log
15.02.2006 21:57 1.374 imsins.log
15.02.2006 21:57 70.180 comsetup.log
15.02.2006 21:57 828.139 iis6.log
15.02.2006 21:57 33.212 ocmsn.log
15.02.2006 21:57 34.790 tabletoc.log
15.02.2006 21:57 331.433 tsoc.log
15.02.2006 21:57 147.287 ntdtcsetup.log
15.02.2006 21:57 10.638 KB911927.log
15.02.2006 21:57 28.245 medctroc.Log
15.02.2006 21:57 102.004 ocgen.log
15.02.2006 21:57 122.289 netfxocm.log
15.02.2006 21:57 35.516 msgsocm.log
15.02.2006 21:57 679.532 FaxSetup.log
15.02.2006 21:57 224.782 msmqinst.log
15.02.2006 21:57 28.397 updspapi.log
15.02.2006 21:57 1.374 imsins.BAK
15.02.2006 21:57 6.413 KB911564.log
15.02.2006 21:57 9.214 wmsetup.log
15.02.2006 21:56 6.651 KB911565.log
15.02.2006 21:56 6.637 KB913446.log
13.02.2006 21:09 0 winsysupd81.dat
13.02.2006 21:09 42 drsmartload2.dat
13.02.2006 21:09 0 gimmygames1.dat
13.02.2006 21:08 40 teller2.chk
11.01.2006 21:33 10.037 KB908519.log
06.01.2006 11:05 11.020 KB912919.log
03.01.2006 17:45 1.989 uninstall_nmon.vbs
28.12.2005 19:46 150 AIMPR.INI
22.12.2005 02:28 60 setupact.log
21.12.2005 22:51 32.091 DirectX.log
20.12.2005 17:55 55.113 HAFASINS.LOG
16.12.2005 21:51 10.999 KB910437.log
16.12.2005 21:51 16.791 KB905915.log
10.12.2005 17:17 2.033 hosts
10.12.2005 17:17 1.999 desktop.html
10.12.2005 17:16 3.054 SECURE32.HTML.VIR
10.12.2005 17:16 1.536 kl.exe
10.12.2005 17:16 0 uniq
08.12.2005 00:25 172 CrypTool.INI
08.12.2005 00:25 286.720 iun506.exe
23.11.2005 17:28 1.105 unins000.dat
23.11.2005 17:28 72.748 unins000.exe
10.11.2005 15:20 11.816 KB896424.log
07.11.2005 15:17 1.067 win.ini
04.11.2005 22:09 1.125 winamp.ini
24.10.2005 10:50 640 batchJobList.dat
19.10.2005 10:12 24.326 KB901017.log
19.10.2005 10:12 26.456 KB902400.log
19.10.2005 10:11 16.795 KB896688.log
19.10.2005 10:11 13.906 KB899589.log
19.10.2005 10:10 14.221 KB905414.log
19.10.2005 10:10 13.963 KB900725.log
19.10.2005 10:10 11.339 KB904706.log
19.10.2005 10:10 11.993 KB905749.log
14.10.2005 20:51 218 Clony2.ini
09.10.2005 15:21 107.132 UninstallFirefox.exe
09.10.2005 15:21 8.295 mozver.dat

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D

Verzeichnis von C:\

05.03.2006 17:14 0 sys.txt
05.03.2006 17:14 15.136 system.txt
05.03.2006 17:14 536 systemtemp.txt
05.03.2006 17:13 124.068 system32.txt
05.03.2006 17:09 1.073.270.784 hiberfil.sys
05.03.2006 17:09 1.598.029.824 pagefile.sys
05.03.2006 13:59 152 2005-06-08_pk_nadal_de_dsl.wvx
28.02.2006 19:54 1.369 anfrage.html
21.02.2006 22:30 2.204 phpbestell.txt
01.02.2006 23:32 2.983 insider.txt
01.02.2006 22:12 4.670 loginerror.php
31.01.2006 19:35 545 anfrage2.html
09.01.2006 19:05 289 pw.php
09.01.2006 18:52 45 falsch.php
09.01.2006 18:52 45 falsch.html
09.01.2006 17:29 241 php.html
09.01.2006 17:13 154 passwordabfrage.php
24.12.2005 00:30 317 index.html
19.12.2005 17:46 188 Delme.bat
10.11.2005 19:31 41.080 pacman.swf
11.09.2005 14:26 6.852 ips.txt
04.09.2005 17:32 1.196.753 20050409_174041_Administrator.nbi
04.09.2005 13:42 46 hWaitEventRetryInstall
05.06.2005 17:11 4.262 ASPI.LOG
27.05.2005 10:03 451 .bash_history
10.03.2005 19:24 194 boot.ini
09.03.2005 18:25 3.397 adp_inst.log
02.03.2005 19:28 71.324 TREEINFO.WC
20.02.2005 06:48 40 Auth.prof
18.02.2005 21:31 12.913 index.php
21.12.2004 17:41 32.970 ISO1.nri
17.11.2004 16:24 15.016 tmp.txt
11.11.2004 19:51 155 Blank.cue
28.10.2004 21:22 47.564 ntdetect.com
28.10.2004 21:22 251.184 ntldr

So das sind nochmal die neuen Textdateien

Hier noch 4. und 5.

4. :
10)DPF????
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 758B-B16D

Verzeichnis von C:\WINDOWS\Downloaded Program Files

15.12.2004 21:24 <DIR> CONFLICT.19
03.01.2005 13:52 23.552 DeskAdX.dll
25.07.2002 17:13 24.576 dwusplay.dll
25.07.2002 17:13 196.608 dwusplay.exe
26.10.2003 15:25 133.712 EARTPX.dll
26.10.2003 15:13 321 EARTPX.inf
13.08.2004 18:10 894.544 EPUWALcontrol.dll
13.08.2004 18:02 539 EPUWALcontrol.inf
08.09.2004 22:38 1.271 erma.inf
26.07.2004 19:37 325 heartbeat.inf
26.07.2004 19:36 101.464 hrtbeat.ocx
16.06.2004 15:03 355.955 ICQVideoControl.dll
08.06.2004 10:26 268 ICQVideoControl.inf
11.11.2005 13:11 1.210.104 ICSScan.dll
11.11.2005 09:02 470 ICSScanner.inf
25.07.2002 17:05 172.032 isusweb.dll
25.08.2003 17:12 1.096 iuctl.inf
29.05.2003 15:00 160.864 messengerstatsclient.dll
06.04.2004 18:03 172.072 MessengerStatsPAClient.dll
22.08.2003 09:49 220 MetaStream3.inf
20.05.2004 12:36 237.568 MISBH.dll
09.05.2004 09:03 194 MISBH.INF
30.06.2005 14:19 227 MsnMessengerSetupDownloader.inf
13.08.2005 23:26 113.664 MsnMessengerSetupDownloader.ocx
02.06.2005 21:32 1.586.984 NpFp412.dll
02.06.2005 20:53 681.760 NpFv412.dll
26.09.2005 14:59 682.200 NpFv415.dll
05.11.2003 06:04 228 odyssey_webmoo.inf
08.12.2003 12:58 3.759 swflash.inf
01.11.2004 10:10 221 webdlg32.inf
26.01.2004 17:42 856 yinst.inf
26.01.2004 17:40 133.120 yinsthelper.dll
17.08.2004 13:58 227 ysbactivex.inf
31.01.2005 22:26 117.800 ZIntro.ocx
26.07.2004 19:36 134.747 zsetup.exe
34 Datei(en) 7.143.548 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.19

15.12.2004 21:24 <DIR> .
15.12.2004 21:24 <DIR> ..
0 Datei(en) 0 Bytes

Anzahl der angezeigten Dateien:
34 Datei(en) 7.143.548 Bytes
3 Verzeichnis(se), 8.465.948.672 Bytes frei

5. :
REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.0.1

; Results at 05.03.2006 17:22:20 for strings:
; 'network monitor'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
"Service"="Network Monitor"
"DeviceDesc"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control]
"ActiveService"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor]
; Contents of value:
; C:\Programme\Network Monitor\netmon.exe service
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\
20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\
63,65,00
"DisplayName"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
"Service"="Network Monitor"
"DeviceDesc"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor]
; Contents of value:
; C:\Programme\Network Monitor\netmon.exe service
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\
20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\
63,65,00
"DisplayName"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
"Service"="Network Monitor"
"DeviceDesc"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control]
"ActiveService"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor]
; Contents of value:
; C:\Programme\Network Monitor\netmon.exe service
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\
20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\
63,65,00
"DisplayName"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum]

; End Of The Log...

MfG
Thaniel
Dieser Beitrag wurde am 05.03.2006 um 17:26 Uhr von Thaniel editiert.
Seitenanfang Seitenende
05.03.2006, 18:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Thaniel

Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html

----------------------------------------------------------------------------------------------------

Start>> Ausfuehren>> Type in Services.msc und Click OK!

"Eigenschaften" >> Click "Stop">> Starttyp "deaktiviert" --> Network Monitor

----------------------------------------------------------------------------------------------------

Start -- Ausführen -- regedit (reinschreiben)

bearbeiten --> suchen --> Network Monitor

Sollte man Probleme haben, die Einträge zu löschen,
Legacy_ .....kann nicht gelöscht werden. Fehler beim Löschen des Schlüssels,
dann gehe mit Rechtsklick im Kontextmenü auf: "Berechtigungen" Setze das Häkchen bei "Vollzugriff zulassen"
Übernehmen, OK
Danach sollte(n) sich der(die) betreffenden Schlüssel löschen lassen.


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor

-------------------------------------------------------------------------------------------------------------

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: .......

C:\WINDOWS\System32\v2o537em.html
C:\WINDOWS\System32\l23oteav.ini
C:\WINDOWS\system32\IVIresi{eM6.dll
C:\WINDOWS\System32\Q1130875.dll
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\dlulsgz.exe
C:\WINDOWS\system32\l23oteav.exe
C:\WINDOWS\System32\b6j198q7.dat
C:\WINDOWS\System32\ajdfcutb.dat
C:\WINDOWS\System32\cpok6im2.dat
C:\WINDOWS\System32\t6c9iao0.html
C:\WINDOWS\System32\crash
C:\WINDOWS\System32\dod1tc5q.ini
C:\WINDOWS\System32\k4cqcejp.ini
C:\WINDOWS\hosts
c:\secure32.html
C:\WINDOWS\desktop.html
C:\WINDOWS\SECURE32.HTML.VIR
C:\WINDOWS\kl.exe
C:\WINDOWS\uniq
C:\WINDOWS\winsysupd81.dat
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\gimmygames1.dat
C:\WINDOWS\teller2.chk
C:\Programme\Network Monitor\netmon.exe
C:\WINDOWS\system32\drivers\netpt.sys
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MsgPlusUninst.bat
C:\WINDOWS\uninstall_nmon.vbs

PC neustarten--> in den abgesicherten Modus ...F8 druecken, wenn der PC hochfaehrt

deinstallieren:
Desktop Sidebar

loeschen
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE~1\toollist.exe
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR~1\dogaxis.exe

C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE....
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR....

C:\Programme\Desktop Sidebar\sbhelp.dll
C:\Programme\Desktop Sidebar
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\Program Files\AdTools Service
C:\Programme\MessengerPlus! 3
C:\Programme\Network Monitor\netmon.exe
C:\Programme\Network Monitor

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.otzofdwxjijkexycdfchxvjk.net/LcBVhruWnLyfYPwSKQWdC9zVCwDg4Gn5rsM4adb2DL49jzZlEG7cu6PPZ5lwev29.html

O2 - BHO: IEHelper - {34c57e67-a8ae-41d9-b1c0-0b71a5d432df} - C:\WINDOWS\System32\Q1130875.dll (file missing)
O2 - BHO: CommandBar.CtrlMHook - {3f1ab67e-12aa-352e-b4e0-a5f1810b60dd} - mscoree.dll (file missing)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {4E058772-5DD7-9F89-E456-128B7C0C3623} - C:\DOKUME~1\ADMINI~1\ANWEND~1\SENDWE~1\toollist.exe
O2 - BHO: (no name) - {5136717B-6F8B-46F7-BC10-936577C54B46} - C:\WINDOWS\system32\IVIresi{eM6.dll (file missing)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\Run: [xkjloaagun] C:\WINDOWS\System32\dlulsgz.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [l23oteav] C:\WINDOWS\system32\l23oteav.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ENC ACTIVE] C:\DOKUME~1\ADMINI~1\ANWEND~1\OBJWAR~1\dogaxis.exe

O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programme\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/gerpep_nopop.exe
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} -
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

PC neustarten

Hoster.zip -> anwenden
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

Zitat

dir %Windir%\tasks /a h > files.txt
notepad files.txt
- Speichern als: findjobs.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text

-----------------------------------------------------------------------------
Counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab

scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html

**
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.03.2006, 19:27
Member

Themenstarter

Beiträge: 22
#5 Ich habe ein paar Probleme bei der durchführung...bis hierhin ging alles gut...

Zitat

loeschen
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE~1\toollist.exe
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR~1\dogaxis.exe

C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE....
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR....

C:\Programme\Desktop Sidebar\sbhelp.dll
C:\Programme\Desktop Sidebar
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\Program Files\AdTools Service
C:\Programme\MessengerPlus! 3
C:\Programme\Network Monitor\netmon.exe
C:\Programme\Network Monitor
Die ersten beiden Absätze ließen sich nicht löschen, da ich angeblich keine Berechtigung dafür habe. zu den darauffolgenden: der Pfad C:\Programme\Desktop Sidebar existiert nicht, jedoch der Pfad C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\Desktop Sidebar
Sind diese jeweils die selben?
Seitenanfang Seitenende
05.03.2006, 19:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 1.
du musst die Reinigung im abgesicherten Modus machen

2.
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\Desktop Sidebar--> loeschen

3.
wie du die Eintraege in der Registry loescht, steht ganz genau erklaert da.....

Zitat

Sollte man Probleme haben, die Einträge zu löschen,
Legacy_ .....kann nicht gelöscht werden. Fehler beim Löschen des Schlüssels,
dann gehe mit Rechtsklick im Kontextmenü auf: "Berechtigungen" Setze das Häkchen bei "Vollzugriff zulassen"
Übernehmen, OK
Danach sollte(n) sich der(die) betreffenden Schlüssel löschen lassen.

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.03.2006, 19:55
Member

Themenstarter

Beiträge: 22
#7 Also zu 3. das hab ich gemacht, die Desktop Sidebar auch...

Ich glaube ich weiß jetzt wo mein Problem liegt, ich komme nicht in den abgesicherten Modus(hört sich ziemlich blöd an), habe ein bios von hp...dort ist der Taste F8 nichts zugewiesen...

von dort aus kann ich nur ins Bios oder ein Medium auswählen von dem ich booten will.

MfG
Thaniel
Seitenanfang Seitenende
05.03.2006, 21:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 versuche alles im Normalmodus zumachen....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.03.2006, 22:13
Member

Themenstarter

Beiträge: 22
#9 im Normal Modus kann ich wie gesagt, die Dateien:
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE~1\toollist.exe
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR~1\dogaxis.exe

nicht löschen...ich habe mal im Anhang die fehlermeldung, vieleicht hilft die weiter...

Anhang: fehler.jpg
Seitenanfang Seitenende
06.03.2006, 10:56
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 scanne mit panda und poste den scanbericht...dann sehen wir weiter...
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.03.2006, 14:58
Member

Themenstarter

Beiträge: 22
#11 Ja, dabei habe ich wieder ein Problem, normalerweise benutzte ich FIrefox zum surfen...jedoch ist dieser nicht für den Scan verwendbar, also habe ich den Internet Explorer benutzt. Dieser spielt total verückt, und zeigt den Button zum scannen nicht als Link an, bzw. wenn man auf diesen Klickt passiert gar nix...der Popupblocker ist auch deaktiviert. Wenn es weiterhilft, kann ich die files.txt und den Scanreport aus Counterspy posten.

MfG
Thaniel
Seitenanfang Seitenende
06.03.2006, 15:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 nun gut, poste den scanreport vom counterspy
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.03.2006, 15:31
Member

Themenstarter

Beiträge: 22
#13 Spyware Scan Details
Start Date: 05.03.2006 22:44:44
End Date: 06.03.2006 00:08:49
Total Time: 1 hrs 24 mins 5 secs

Detected spyware

Claria.GAIN Adware more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\about gain publishing.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\gain publishing web site.url


BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Deleted

Infected files detected
c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\bearshare.exe
c:\programme\bearshare\bsidle.dll
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\history.txt
c:\programme\bearshare\install.log
c:\programme\bearshare\runmsc.dll
c:\programme\bearshare\unwise.exe
c:\programme\bearshare\webstats.bat
c:\programme\bearshare\webstats.exe
c:\programme\bearshare\webstats.ini
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\connect.txt
c:\programme\bearshare\db\gnucache.dat
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\db\hbcache.dat
c:\programme\bearshare\db\hostiles-chat.txt
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.2.db
c:\programme\bearshare\db\library.2.db.lastgoodload.bak
c:\programme\bearshare\db\library.dat
c:\programme\bearshare\db\library.db
c:\programme\bearshare\db\library.db.lastgoodload.bak
c:\programme\bearshare\db\searches.ini
c:\programme\bearshare\db\searchtemplates.ini
c:\programme\bearshare\logs\console.txt
c:\programme\bearshare\logs\hosts-state.txt
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt
c:\programme\bearshare\logs\streams.txt
c:\programme\bearshare\sounds\notify.wav
c:\programme\bearshare\temp\tmp044 - original deutschmacher - lebenslang gruen weiss.dat
c:\programme\bearshare\temp\tmp044 - original deutschmacher - lebenslang gruen weiss.dat.bak
c:\programme\bearshare\temp\tmp044 - original deutschmacher - lebenslang gruen weiss.mp3
c:\programme\bearshare\temp\tmpbeatsteaks.smacksmach.ace
c:\programme\bearshare\temp\tmpbeatsteaks.smacksmach.dat
c:\programme\bearshare\temp\tmpbeatsteaks.smacksmach.dat.bak
c:\programme\bearshare\temp\tmpbeyonce - naughty girl (speedbreaker remix) {only at euroadrenaline.com}.dat
c:\programme\bearshare\temp\tmpbeyonce - naughty girl (speedbreaker remix) {only at euroadrenaline.com}.dat.bak
c:\programme\bearshare\temp\tmpbeyonce - naughty girl (speedbreaker remix) {only at euroadrenaline.com}.mp3
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.dat
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.dat.bak
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.exe
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.tiger
c:\programme\bearshare\temp\tmpde höhner - 1 fc köln hymne.dat
c:\programme\bearshare\temp\tmpde höhner - 1 fc köln hymne.dat.bak
c:\programme\bearshare\temp\tmpde höhner - 1 fc köln hymne.mp3
c:\programme\bearshare\temp\tmpde höhner - 1.fc köln countdown jetzt geht's los (stadionversion).dat
c:\programme\bearshare\temp\tmpde höhner - 1.fc köln countdown jetzt geht's los (stadionversion).dat.bak
c:\programme\bearshare\temp\tmpde höhner - 1.fc köln countdown jetzt geht's los (stadionversion).mp3
c:\programme\bearshare\temp\tmpde höhner - jetzt gehts los.dat
c:\programme\bearshare\temp\tmpde höhner - jetzt gehts los.dat.bak
c:\programme\bearshare\temp\tmpde höhner - jetzt gehts los.mp3
c:\programme\bearshare\temp\tmpdie toten hosen vfl bochum anti köln song.dat
c:\programme\bearshare\temp\tmpdie toten hosen vfl bochum anti köln song.dat.bak
c:\programme\bearshare\temp\tmpdie toten hosen vfl bochum anti köln song.mp3
c:\programme\bearshare\temp\tmpdie ärzte - zum bäcker.dat
c:\programme\bearshare\temp\tmpdie ärzte - zum bäcker.dat.bak
c:\programme\bearshare\temp\tmpdie ärzte - zum bäcker.mp3
c:\programme\bearshare\temp\tmpfinal fantasy viii - the extreme.mp3
c:\programme\bearshare\temp\tmpkarneval de höhner - dicke mädchen haben schöne namen.dat
c:\programme\bearshare\temp\tmpkarneval de höhner - dicke mädchen haben schöne namen.dat.bak
c:\programme\bearshare\temp\tmpkarneval de höhner - dicke mädchen haben schöne namen.mp3
c:\programme\bearshare\temp\tmpkarneval de höhner - dicke mädchen haben schöne namen.tiger
c:\programme\bearshare\temp\tmpmadsen - lüg mich an.dat
c:\programme\bearshare\temp\tmpmadsen - lüg mich an.dat.bak
c:\programme\bearshare\temp\tmpmadsen - lüg mich an.mp3
c:\programme\bearshare\temp\tmpmadsen - wohin.dat
c:\programme\bearshare\temp\tmpmadsen - wohin.dat.bak
c:\programme\bearshare\temp\tmpmadsen - wohin.mp3
c:\programme\bearshare\temp\tmpthe offspring - original prankster.mp3
c:\programme\bearshare\temp\tmpvolker lechtenbrink - hitch hike baby, kleine rasthauslady.dat
c:\programme\bearshare\temp\tmpvolker lechtenbrink - hitch hike baby, kleine rasthauslady.dat.bak
c:\programme\bearshare\temp\tmpvolker lechtenbrink - hitch hike baby, kleine rasthauslady.mp3
c:\programme\bearshare\temp\tmpwalls of jericho - why father (hellfest 2000).dat
c:\programme\bearshare\temp\tmpwalls of jericho - why father (hellfest 2000).dat.bak
c:\programme\bearshare\temp\tmpwalls of jericho - why father (hellfest 2000).mpg

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.1.0.26
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.com/help.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare


AntiLeech Plugin Adware more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Infected files detected
c:\programme\anti-leech\alie_1.0.1.6\al2np.dll
c:\programme\anti-leech\alie_1.0.1.6\alhlp.exe
c:\programme\anti-leech\alie_1.0.1.6\alie.dll
c:\programme\anti-leech\alie_1.0.1.6\alie.inf
c:\programme\anti-leech\alie_1.0.1.6\iesetup2.exe
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe
C:\Dokumente und Einstellungen\Administrator\ALPlugin-1.0.1.6-setup.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera\Opera\ALPlugin-1.0.1.6-setup.exe
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\installdateien\ALPlugin-1.0.1.6-setup.exe
C:\Programme\Mozilla Firefox\plugins\al2np.dll
C:\Programme\Opera\Plugins\al2np.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Opera C:\Programme\Opera\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5 C:\Programme\Mozilla Firefox\plugins\
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\Suffixes
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Path C:\Programme\Anti-Leech\ALNN\npalnn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Description Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Version 1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Vendor Anti-Leech
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 ProductName Anti-Leech Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\administrator\anwendungsdaten\netpumper\administrator.ini
c:\dokumente und einstellungen\administrator\anwendungsdaten\netpumper\administrator.ini.bak

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free\Firstrun state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free pkid
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free alid n4p3
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free iid {3BCA588F-F338-46FC-AF55-C3F0630F0925}
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo DNMaklAbyRR4Juzvj8U7fxS-WEQ5ZKXervozkQRaRY89HW86c8hSno3aJ1Oc
Zds67l5oGRtl67PHp37ifkRuI0XzPr3TT9aDXSOAwcix6ZWyQ1mgVDfjPBDn+DB0vaNdIt4MihR
hKRFdauU5RQDgxQDPMkMMnxtAogGWIbls+V4ofeCHa-ukuptD0YMWY-BEFE8NXPCZXGey
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\Administrator Field1 1147259826
HKEY_CURRENT_USER\Software\NetPumper\Administrator Field2 1795181542
HKEY_CURRENT_USER\Software\NetPumper\Administrator Field3 1179495030
HKEY_CURRENT_USER\Software\NetPumper\Administrator Field4 823037983
HKEY_CURRENT_USER\Software\NetPumper\Administrator PreferenceFile C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NetPumper\Administrator.ini
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage


YourSiteBar Spyware more information...
Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar.
Status: Deleted

Infected files detected
c:\windows\downloaded program files\ysbactivex.inf

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\YSBactivex.dll


SpySheriff Misc more information...
Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers.
Status: Deleted

Infected files detected
C:\!KillBox\desktop.html

Infected registry entries detected
HKEY_CURRENT_USER\Software\SpySheriff
HKEY_CURRENT_USER\Software\SNO2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoChangingWallpaper 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoComponents 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoAddingComponents 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoEditingComponents 0


Unclassified.Trojan.111 Trojan more information...
Status: Deleted

Infected files detected
C:\!KillBox\kl.exe


Adw.CmdService Adware more information...
Details: Adw.CmdService is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages.
Status: Deleted

Infected files detected
C:\!KillBox\netmon.exe
C:\!KillBox\uninstall_nmon.vbs

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum NextInstance 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum Count 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum 0 Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum 0 Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum Count 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService\Enum NextInstance 1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies {645FF040-5081-101B-9F08-00AA002F954E} 0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies {6BF52A52-394A-11D3-B153-00C04F79FAA6} 6


John the Ripper 1.6 Potentially dangerous utilities/tools more information...
Details: John the Ripper is password cracker that is designed to be both powerful and fast. It combines several cracking modes in one program and is fully configurable. Also, John is available for several different platforms, which enables you to use the same crac
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Downloads\john-16w.zip


WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Deleted

Infected files detected
C:\Programme\BearShare\RunMSC.dll
C:\Programme\BearShare\Webstats.exe
C:\Programme\BearShare\Webstats.ini

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class


RBot.steam Trojan more information...
Status: Deleted

Infected files detected
C:\Programme\Valve\platform\steam_dev.exe


KaZaA P2P more information...
Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa\Advanced
HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200
HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 1
HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 0
HKEY_CURRENT_USER\software\kazaa
HKEY_CURRENT_USER\software\kazaa\Advanced MaxSearchResult 200
HKEY_CURRENT_USER\software\kazaa\Advanced SuperNode 1
HKEY_CURRENT_USER\software\kazaa\Advanced ScanFolder 0
HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoreAll 0
HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoredUsers
HKEY_CURRENT_USER\software\kazaa\k-lite InstallSig 6
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Video 0,1,2,3,4,5,6,7,8,9,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Image 0,1,2,3,4,5,6,7,8,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder All 0,1,2,3,4,5,6,7,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Software 0,1,2,3,4,5,6,7,8,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Audio 0,1,2,3,4,5,6,7,8,9,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Other 0,1,2,3,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder Document 0,1,2,3,4,5,6,7,8,9,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnOrder PlaylistNode 0,1,2,3,4,5,6,7,8,9,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Video 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Image 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 All 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Software 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Audio 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Other 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 Document 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates1 PlaylistNode 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Video 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Image 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 All 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Software 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Audio 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Other 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 Document 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnSortStates2 PlaylistNode 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Video 153,57,98,75,70,52,70,78,75,70,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Image 153,57,98,70,75,70,70,70,75,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths All 153,57,98,70,75,70,75,245,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Software 153,57,98,75,70,70,70,75,245,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Audio 153,57,98,70,75,52,49,78,38,75,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Other 153,98,70,52,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths Document 153,57,98,75,70,78,70,70,75,245,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\ColumnWidths PlaylistNode 153,57,98,75,70,52,70,78,75,70,0,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Video -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Image -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns All -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Software -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Audio -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Other -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns Document -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\CombinedSortedColumns PlaylistNode -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 0 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 1 136
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 2 136
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 3 136
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 4 95
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 5 136
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 6 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 7 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Download Width 8 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 0 161
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 1 72
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 2 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 3 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 4 116
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 5 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 6 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 7 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 8 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\EverythingWidth 9 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 0 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 1 136
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 2 136
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 3 130
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 4 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 5 136
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 6 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 7 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 8 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Lite K++\Upload Width 9 182
HKEY_CURRENT_USER\software\kazaa\LocalContent DisableSharing 0
HKEY_CURRENT_USER\software\kazaa\LocalContent DownloadDir C:\My Shared Folder
HKEY_CURRENT_USER\software\kazaa\ResultsFilter adult_filter_level 0
HKEY_CURRENT_USER\software\kazaa\ResultsFilter showDisableAdultFilter 1
HKEY_CURRENT_USER\software\kazaa\ResultsFilter password
HKEY_CURRENT_USER\software\kazaa\ResultsFilter virus_filter 0
HKEY_CURRENT_USER\software\kazaa\ResultsFilter firewall_filter 1
HKEY_CURRENT_USER\software\kazaa\ResultsFilter bogus_filter 1
HKEY_CURRENT_USER\software\kazaa\ResultsFilter custom_filter_phrases .scr, .vbs, .jpg.exe, .jpg.vbs, .avi.exe, .avi.vbs, .mp3.exe, .mp3.vbs, -fulldownloader, 3-fulldwnloader, -full-downloader, -games-fulldownloader, divx-fulldownloader, 3-full-dwnloader-
HKEY_CURRENT_USER\software\kazaa\Skins SkinsDir C:\Programme\Kazaa Lite K++\Skins
HKEY_CURRENT_USER\software\kazaa\SOCKS Enabled 0
HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentDownloads 4
HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentUploads 4
HKEY_CURRENT_USER\software\kazaa\Transfer UploadBandwidth 0
HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 0
HKEY_CURRENT_USER\software\kazaa\Transfer CacheHost 0
HKEY_CURRENT_USER\software\kazaa\Transfer CachePort 0
HKEY_CURRENT_USER\software\kazaa\Transfer CacheDiscoveryTime 1119968913
HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0 C:\My Shared Folder
HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode DE
HKEY_CURRENT_USER\software\kazaa\UserDetails UserName daniell
HKEY_CURRENT_USER\software\kazaa\UserDetails Email user@kazaalite.kpp
HKEY_CURRENT_USER\software\kazaa\UserDetails Newsletter 0
HKEY_CURRENT_USER\software\kazaa\UserDetails AutoConnected 0
HKEY_CURRENT_USER\software\kazaa LimitBitrate 0
HKEY_CURRENT_USER\software\kazaa LastSearchHash


CoolWebSearch.StartPage Browser Hijacker more information...
Details: CoolWebSearch StartPage hijacks Internet Explorers start page not allowing the user to change this URL.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Bar_bak
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page_bak


Trojan.Downloader.AXLoad Trojan Downloader more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000000-7777-0704-0B53-2C8830E9FAEC}


SDBot Worm more information...
Details: SDBot is the name of a family of remote access tools, also known as backdoors or worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F5192746-22D6-41BD-9D2D-1E75D14FBD3C}


SearchRelevancy Adware more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\searchrelevancy
HKEY_LOCAL_MACHINE\software\searchrelevancy\Update TimeStamp 1105475091
HKEY_LOCAL_MACHINE\software\searchrelevancy ID 8F5B7A9F


Windows AdTools Adware more information...
Details: Windows AdTools is an ad delivery software which provides targeted advertising offers.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdTools Service


Trojan.Desktophijack Trojan more information...
Details: Trojan.Desktophijack modifies the home page and desktop settings on a compromised computer.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ForceActiveDesktopOn 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html


Trojan.vxgame Trojan more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoChangingWallpaper 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoComponents 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoDeletingComponents 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoHTMLWallPaper 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoEditingComponents 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop NoAddingComponents 0


Trojan.Downloader.Small.popcorn Trojan Downloader more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System Wallpaper C:\WINDOWS\desktop.html


Adw.StartPage.TimesSquare Adware more information...
Details: Adw.StartPage.TimesSquare hijacks the IE start page and search pages and displays ads.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Policies {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


Trojan.PayTime Trojan more information...
Details: Trojan.PayTime modifies the default Internet Explorer start page to the a spyware-related URL by modifying the systems registry.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Default_Page_URL c:\secure32.html


UCMoreSearchAccelerator Spyware more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\UCmore - The Search Accelerator
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\UCmore - The Search Accelerator Order
Seitenanfang Seitenende
06.03.2006, 15:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 1.
nun scanne noch mal mit Counterspy, solange, bis alles sauber bleibt.

2.
dann schreibe mir bitte den kompletten Namen/Pfad :

C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\SENDWE....
C:\Dokumente und Einstellungen\ADMINI~1\Anwendungsdaten\OBJWAR....

3
smitfraud.fix--> arbeite Option 1 und 2 ab und poste immer den scanreport
http://virus-protect.org/artikel/tools/smitfrautfix.html

4.
Lade :smitRem TOOL (Entfernungstool)
* Laden: SmitRem2.8 http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
- Oeffne smitRem folder, Doppelklick: RunThis.bat

- warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)
- suche smitfiles.txt und poste die Textdatei in den Thread

5.
scanne laut Anweisungen mit escan und poste den scanreport
http://virus-protect.org/escan.html
----------------------------------------------------------------------------

ps: deinstalliere -->
NetPumper
The Search Accelerator
DeskAd Service
BearShare
gain publishing

**
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.03.2006, 17:39
Member

Themenstarter

Beiträge: 22
#15 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\send web\toollist.exe

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\8015BC.sys
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\baitbowsbore.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\Chicbashpile01.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\dogaxis.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\kgujbuhn.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\lufwyrkf.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\obj warn\wkxdsinu.exe

3. Option 1:
SmitFraudFix v2.22

Rapport fait à 17:42:15,96 le 06.03.2006
Executé à partir de C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche ...\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Option 2:
SmitFraudFix v2.22

Rapport fait à 17:43:07,48 le 06.03.2006
Executé à partir de C:\Dokumente und Einstellungen\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport


Der Rest folgt..
Dieser Beitrag wurde am 06.03.2006 um 17:44 Uhr von Thaniel editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: