Ich kann Spywarequake nicht entfernen |
||
---|---|---|
#0
| ||
04.08.2006, 01:18
...neu hier
Beiträge: 9 |
||
|
||
04.08.2006, 11:45
Ehrenmitglied
Beiträge: 29434 |
#77
ueberflieger
poste bitte noch: 1. scanlog von option 1 und 2 http://virus-protect.org/artikel/tools/smitfrautfix.html 2. Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" 3. scanlog http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.08.2006, 17:35
...neu hier
Beiträge: 4 |
#78
SmitFraudFix v2.79
Scan done at 17:35:21,08, 05.08.2006 Run from D:\Dokumente und Einstellungen\Besitzer\Desktop\SmitefraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32 D:\WINDOWS\system32\ot.ico FOUND ! D:\WINDOWS\system32\pmnqguh.dll FOUND ! D:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» D:\Dokumente und Einstellungen\Besitzer\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» D:\DOKUME~1\BESITZER\FAVORI~1 D:\DOKUME~1\BESITZER\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» D:\Programme D:\Programme\SpyQuake2.com\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.79 Scan done at 17:36:26,32, 05.08.2006 Run from D:\Dokumente und Einstellungen\Besitzer\Desktop\SmitefraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files D:\WINDOWS\system32\ot.ico Deleted D:\WINDOWS\system32\pmnqguh.dll Deleted D:\WINDOWS\system32\1024\ Deleted D:\DOKUME~1\BESITZER\FAVORI~1\Antivirus Test Online.url Deleted D:\Programme\SpyQuake2.com\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\tnlgblot ******************* Script file located at: \??\D:\Program Files\hjiubkci.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at D:\Avenger ******************* Beginning to process script file: File D:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf not found! Deletion of file D:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf failed! Could not process line: D:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf Status: 0xc0000034 File D:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx not found! Deletion of file D:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx failed! Could not process line: D:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx Status: 0xc0000034 File D:\WINDOWS\system32\fghjl.ini2 deleted successfully. File D:\WINDOWS\system32\fghjl.bak2 deleted successfully. File D:\WINDOWS\system32\ot.ico not found! Deletion of file D:\WINDOWS\system32\ot.ico failed! Could not process line: D:\WINDOWS\system32\ot.ico Status: 0xc0000034 File D:\WINDOWS\System32\pmnqguh.dll not found! Deletion of file D:\WINDOWS\System32\pmnqguh.dll failed! Could not process line: D:\WINDOWS\System32\pmnqguh.dll Status: 0xc0000034 File D:\WINDOWS\system32\wnvmjsst.exe deleted successfully. File D:\WINDOWS\system32\cedpubph.exe deleted successfully. File D:\WINDOWS\system32\qiieabec.exe deleted successfully. File D:\WINDOWS\system32\evkkknoq.exe deleted successfully. File D:\WINDOWS\system32\issearch.exe not found! Deletion of file D:\WINDOWS\system32\issearch.exe failed! Could not process line: D:\WINDOWS\system32\issearch.exe Status: 0xc0000034 File D:\WINDOWS\System32\isnotify.exe not found! Deletion of file D:\WINDOWS\System32\isnotify.exe failed! Could not process line: D:\WINDOWS\System32\isnotify.exe Status: 0xc0000034 File D:\WINDOWS\system32\mcrh.tmp deleted successfully. File D:\WINDOWS\system32\fghjl.ini deleted successfully. File D:\WINDOWS\system32\atmclk.PIF deleted successfully. File D:\WINDOWS\system32\fghjl.tmp deleted successfully. File D:\WINDOWS\system32\wpa.bak deleted successfully. File D:\WINDOWS\system32\wpa.dbl deleted successfully. File D:\WINDOWS\system32\fghjl.bak1 deleted successfully. File D:\WINDOWS\system32\ljhgf.dll deleted successfully. File D:\WINDOWS\system32\wnstssv.exe deleted successfully. File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6F.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6F.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6F.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6C.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6C.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6C.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win69.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win69.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win69.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6B.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6B.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6B.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6D.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6D.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6D.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6E.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6E.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6E.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\removalfile.bat not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\removalfile.bat failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\removalfile.bat Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win68.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win68.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win68.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\66.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\66.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\66.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win65.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win65.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win65.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win63.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win63.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win63.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5F.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5F.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5F.tmp Status: 0xc0000034 File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5D.tmp not found! Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5D.tmp failed! Could not process line: D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5D.tmp Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljhgf deleted successfully. Completed script processing. ******************* Finished! Terminate. Dieser Beitrag wurde am 05.08.2006 um 18:01 Uhr von Thogrim editiert.
|
|
|
||
05.08.2006, 19:28
Ehrenmitglied
Beiträge: 29434 |
#79
Thogrim
das sieht doch schon mal gut aus 1. loesche das backup vom Avenger 2. poste bitte noch dieses Log zur ueberpruefung scanlog http://virus-protect.org/artikel/tools/combofix.html 3. und scanne mit dr.web + poste den scanreport http://virus-protect.org/cureit.html 4. poste das neue log vom HijacktHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.08.2006, 05:40
...neu hier
Beiträge: 4 |
#80
Ich denke, das ist nicht mehr nötig, das Icon unten rechts ist weg, und auch die Meldung ist nicht mehr aufgetaucht... ich frag mich zwar, wie du das gemacht hast, aber anscheinend hat es funktioniert... Weißt du, wo man sich diese Schei... herholt? Ich hab nämlich keine Ahnung mehr, wo ich das her habe
|
|
|
||
06.08.2006, 13:02
...neu hier
Beiträge: 9 |
#81
Hallo Sabina
ich glaube ich bin schon `clean` Das nervige Pop-up erscheint jedenfalls bereits nicht mehr!! Schon mal HERZLICHEN DANK für diesen auusergewöhlichen support!!! Hier noch meine Scanlogs. Bitte schau nochmal drüber, ob alles sauber ist: 1. scanlog von option 1 und 2 http://virus-protect.org/artikel/tools/smitfrautfix.html SmitFraudFix v2.80 Scan done at 12:58:25,96, 06.08.2006 Run from C:\Dokumente und Einstellungen\Stefan Schmidt\Eigene Dateien\Eigene Downloads\Kann gel”scht werden\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Stefan Schmidt\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\STEFAN~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End 2. HijackThis.log Logfile of HijackThis v1.99.1 Scan saved at 13:08:10, on 06.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\SCARDS32.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\WinBar XP 2005\WinBar.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Ahead\InCD\InCD.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\mHotkey.exe C:\Programme\Business PDF Writer\busipdf.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Netscape\Netscape Browser\netscape.exe C:\Dokumente und Einstellungen\Stefan Schmidt\Eigene Dateien\Eigene Downloads\Kann gelöscht werden\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seb.de/home.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [WinBar] C:\Programme\WinBar XP 2005\WinBar.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ChrisTV Agent] "C:\Programme\ChrisTV Lite\ChrisTV_Agent.exe" O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Business PDF Writer] C:\Programme\Business PDF Writer\busipdf.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AOLMIcon.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Programme\PrecisionTime\PrecisionTime.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100197902218 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 3. Scanlog mit combofix.exe Start Time= 06.08.2006 13:11:07,75 Running from: C:\Programme\Netscape\Netscape Browser QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-04 00:24:16 ( .D... ) "C:\Programme\CleanUp!" 2006-07-05 23:25:28 18868 ( A.... ) "C:\Dokumente und Einstellungen\Stefan Schmidt\Anwendungsdaten\wklnhst.dat" 2006-06-28 00:14:50 ( .D... ) "C:\Programme\Morpheus Ultra" 2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-05-19 15:09:50 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-05-19 15:09:50 112128 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll" 2006-05-19 15:09:50 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll" 2003-08-14 20:13:12 40960 ( A.... ) "C:\Programme\Uninstall_PCM.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-06 12:58 53.248 C:\WINDOWS\system32\Process.exe 2006-08-06 12:58 42.496 C:\WINDOWS\system32\swreg.exe 2006-08-06 12:58 40.960 C:\WINDOWS\system32\swsc.exe 2006-08-06 12:58 288.417 C:\WINDOWS\system32\SrchSTS.exe 2006-08-06 12:56 536.399.872 C:\hiberfil.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "WinBar"="C:\\Programme\\WinBar XP 2005\\WinBar.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe" "PCMService"="\"C:\\Programme\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe" "Dit"="Dit.exe" "CMESys"="\"C:\\Programme\\Gemeinsame Dateien\\CMEII\\CMESys.exe\"" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "ChrisTV Agent"="\"C:\\Programme\\ChrisTV Lite\\ChrisTV_Agent.exe\"" "CHotkey"="mHotkey.exe" "Business PDF Writer"="C:\\Programme\\Business PDF Writer\\busipdf.exe" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\aolshare\\AOLMIcon.exe" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" Contents of the 'Scheduled Tasks' folder Completion time: 06.08.2006 13:11:17,59 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt Dieser Beitrag wurde am 06.08.2006 um 13:15 Uhr von ueberflieger editiert.
|
|
|
||
06.08.2006, 14:00
Ehrenmitglied
Beiträge: 29434 |
#82
ueberflieger
clean ist der rechner auf keinen Fall: http://virus-protect.org/artikel/spyware/gain.html Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.08.2006, 14:04
Ehrenmitglied
Beiträge: 29434 |
#83
Thogrim
eingefangen hast du die die malware wahrscheinlich ueber einen Codec __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.08.2006, 18:49
...neu hier
Beiträge: 9 |
#84
Hi Sabina,
stimmt, gain verfolgt mich bereits seit längerem. Wäre natürlich super, wenn ich dies auch los werden könnte. SpywarQuake wurde jedoch bereits besiegt! Nochmals vielen Dank für diesen geleisteten "Zauber" !!! Lieben Gruß, Stefan Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII 05.08.2006 21:07 <DIR> . 05.08.2006 21:07 <DIR> .. 08.01.2006 21:57 1.750 CMEDiagnostics.log 16.02.2005 22:22 90.167 CMEIIAPI.dll 16.02.2005 22:23 90.112 CMESys.exe 21.03.2002 19:43 65.536 CMEUpd.exe 16.02.2005 22:22 421.942 GAppMgr.dll 06.08.2006 12:56 570 GatorSupportInfo.txt 16.02.2005 22:22 217.146 GController.dll 16.02.2005 22:23 249.911 GDwldEng.dll 21.03.2002 19:46 65.536 GFormCTM.dll 16.02.2005 22:22 110.644 GIocl.dll 16.02.2005 22:22 90.170 GIoclClient.dll 16.02.2005 22:23 167.991 GMTProxy.dll 16.02.2005 22:22 249.908 GObjs.dll 05.08.2006 21:07 269 gOps.bac 05.08.2006 21:07 873 gReg.reg 16.02.2005 22:22 110.645 GStore.dll 16.02.2005 22:23 102.459 GStoreServer.dll 21.03.2002 19:47 180.224 GSvcMgr.dll 21.03.2002 19:48 118.784 GSvcSAP.dll 16.02.2005 22:22 438.325 Gtools.dll 01.01.2006 21:25 <DIR> gui 01.01.2006 21:25 <DIR> store 20 Datei(en) 2.772.962 Bytes 4 Verzeichnis(se), 15.094.538.240 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: 882C-5933 Verzeichnis von C:\Programme\Gemeinsame Dateien\GMT 05.08.2006 21:23 <DIR> . 05.08.2006 21:23 <DIR> .. 01.01.2006 21:24 <DIR> Data 08.01.2006 21:57 <DIR> DownloadTemp 16.02.2005 22:17 421.947 EGGCEngine.dll 16.02.2005 22:17 1.429.563 egIEEngine.dll 16.02.2005 22:17 127.036 EGIEProcess.dll 16.02.2005 22:17 458.811 EGNSEngine.dll 21.03.2002 19:33 4.244 FillIn.wav 06.08.2006 12:48 15.149 Gator.log 16.02.2005 22:16 356.352 GatorRes.dll 16.02.2005 22:17 249.919 GatorStubSetup.exe 16.02.2005 22:20 2.183.220 GMT.exe 13.04.2004 15:34 678 GMT.exe.manifest 16.02.2005 22:16 122.880 gtrawbm.fil 16.02.2005 22:23 409.600 GUninstaller.exe 21.03.2002 19:33 29.390 Helper.wav 06.08.2006 12:57 148 mepbs.dat 06.08.2006 12:57 148 mepcat.dat 06.08.2006 12:57 148 mepcatne.dat 06.08.2006 12:57 148 mepcme.dat 06.08.2006 12:57 148 mepcmeft.dat 06.08.2006 12:57 148 mepconv.dat 06.08.2006 12:57 148 mepgh.dat 06.08.2006 12:57 148 mepimg.dat 06.08.2006 12:57 148 meprca.dat 06.08.2006 12:56 148 mepsi.dat 06.08.2006 12:57 148 meptafi.dat 05.08.2006 21:07 <DIR> s375428sve 06.08.2006 12:57 <DIR> scripts 19.11.2004 18:01 <DIR> tladk0j59n 24 Datei(en) 5.810.417 Bytes 7 Verzeichnis(se), 15.094.538.240 Bytes frei |
|
|
||
06.08.2006, 20:02
Ehrenmitglied
Beiträge: 29434 |
#85
ueberflieger
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten **öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"** PC neustarten ** manuell loeschen: C:\Programme\PrecisionTime C:\Programme\Gemeinsame Dateien\CMEII C:\Programme\Gemeinsame Dateien\GMT ** loesche das backup vom Avenger ** scanne mit Counterspy http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Remove poste hier den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.08.2006, 22:43
...neu hier
Beiträge: 9 |
#86
Hi Sabina
Habe alles erledigt, PrecisionTime steht jedoch noch im Recycler-Verzeichnis! Ist das OK? Hier der Log: Spyware Scan Details Start Date: 06.08.2006 21:36:55 End Date: 06.08.2006 22:40:18 Total Time: 1 hrs 3 mins 23 secs Detected spyware Claria.Gator.eWallet Adware (General) more information... Details: Claria's Gator eWallet is an ad supported program that can automatically fill in passwords and other form-elements on Web pages. Status: Quarantined EUniverse Updater Hijacker more information... Details: EUniverse is an adware program that runs at startup, generates popup ads, and performs a number of spyware related functions such as transmitting personal information and hijacking Internet Explorer. Status: Quarantined Infected files detected c:\programme\common files\searchupgrader\client.cfg c:\programme\common files\searchupgrader\system.cfg c:\programme\common files\searchupgrader\updmgruninstall.exe Claria.GAIN.CommonElements Adware (General) more information... Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time. Status: Quarantined Infected files detected c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\about gain publishing.lnk c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\gain publishing web site.url C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2919\EGIEProcess.dll C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2919\GatorRes.dll C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2919\GMT.exe C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2924\store\core\appmgrgui.zip C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2924\store\core\hfixcfg Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} uets HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GEF 704 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMG 5BF5122C-5456-4F52-96A7-10A3965F9BD3 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI 593824699 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SSeq 347 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} LastInstall 1136750198 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} PAK HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SEvt 1262 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI64 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-bytes 258 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-bytes 42 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-bytes 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-bytes 6172 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\BD HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\BD StartTime 1154891643 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL First 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL 0 524288 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL MRU 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL Last 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL First 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL 0 524288 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL MRU 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL Last 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Starts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchAttempts2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BW 323573317140-60 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMI Q0INbH4AAAAwEqOK04a8NQjh98cYsZzjTE6UrPRGdbBhMtWJBHNV84flWGp+hDKzWlW8k43tiBOG5RjNkcbnWI+wVrJuGWq5Xs1U/Pi34t0uuV4nOAu0xrsUVWBTeByHYUHFxUuS3CPzxSM7xqjSSSu4ljTyMOUvllVoogKcyLBYbrX7dw9f/w== HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMIt 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Shutdowns 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Exits 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS OpenIH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptMatches 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DragDrops 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DoubleClicks 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS GreatDealsClicks 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS HyperlinkFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLSeqOK 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchFailures2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH- 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH+ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH- 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH+ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Import 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Export 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchAttempts2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchFailures2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UpdateMyInfoShown 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UserPrefShown 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Login 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Form 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS CciShellFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WLHB 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WFHB 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate DefaultCheckIntervalHours 24 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate NextCheck 2006-08-07 19:14:03 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate TmpUpdaterApplet HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager LastHashDownload 1154891645 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager AELLastHashDownload 1154891645 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager MaxSiteHashAgeSecondsDef 86400 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\EventLog\Msgs Next 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\BD StartTime 1154891643 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\EL StartTime 1154891621 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL StartTime 1154891643 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL 1154891646.0 200 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 217-200 4 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 217-bytes 1616 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 217-200 2 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 217-bytes 63480 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-bytes 258 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-bytes 42 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 217-200 2 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 217-bytes 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt 217-bytes 41 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-bytes 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-bytes 6172 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL First 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL 0 524288 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL MRU 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL Last 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Starts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchAttempts2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BW 323573317140-60 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMI Q0INbH4AAAAwEqOK04a8NQjh98cYsZzjTE6UrPRGdbBhMtWJBHNV84flWGp+hDKzWlW8k43tiBOG5RjNkcbnWI+wVrJuGWq5Xs1U/Pi34t0uuV4nOAu0xrsUVWBTeByHYUHFxUuS3CPzxSM7xqjSSSu4ljTyMOUvllVoogKcyLBYbrX7dw9f/w== HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMIt 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Shutdowns 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Exits 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS OpenIH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptMatches 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DragDrops 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DoubleClicks 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS GreatDealsClicks 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS HyperlinkFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLSeqOK 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchFailures2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH- 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH+ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH- 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH+ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Import 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Export 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchAttempts2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchFailures2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UpdateMyInfoShown 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UserPrefShown 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Login 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Form 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS CciShellFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WLHB 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WFHB 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\NS CDBRNEID 2770 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\NS CH HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Settings AppHasRun 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Settings GatorVersion 7.0.3.5 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn AppPath C:\Avenger HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn AppExe GMT.exe HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn ResDll GatorRes.dll HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd gtd HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd lf 08/06/2006 21:14:07 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GFD p3qd57wfo8 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SegBucket 92 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GMTExe C:\Avenger\GMT.exe HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings bosk 8131 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SiteRetryTime 3600 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings MaxGBDDownloadTime 600 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SIR 9223 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings IMU_OFFCAP 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Empty 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Name HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegStatus 2 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 SiteInfo HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegInfo HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Empty 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Name HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegStatus 2 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 SiteInfo HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegInfo HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users CurrentUser User1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2796 VER 4 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TASJbQBgAAALeq-toBgnpj LF 08/06/2006 21:14:06 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd gtd HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd lf 08/06/2006 21:14:07 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GFD p3qd57wfo8 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SegBucket 92 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GMTExe C:\Avenger\GMT.exe HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings bosk 8131 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SiteRetryTime 3600 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings MaxGBDDownloadTime 600 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SIR 9223 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings IMU_OFFCAP 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT TGNStat 268435456 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Empty 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Name HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegStatus 2 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 SiteInfo HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegInfo HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users CurrentUser User1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat Guid 5BF5122C-5456-4F52-96A7-10A3965F9BD3 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID 593824699 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID64 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\GInternet\Proxy HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\GInternet\Proxy Enabled 0 HKEY_LOCAL_MACHINE\software\gator.com HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT event Global\GainAppRunning_GMT HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT timeout_secs_ui 30 HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT timeout_secs_full 300 HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT restart C:\Avenger\GMT.exe HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT lockfiles C:\Avenger\GMT.exe;C:\Avenger\GatorRes.dll;C:\Avenger\GatorOemRes*.dll;C:\Avenger\egIEEngine.dll;C:\Avenger\EGIEProcess.dll;C:\Avenger\CTBRTE2.dll;C:\Avenger\EGNSEngine.dll HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\AutoUpdate DefaultCheckIntervalHours 24 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\AutoUpdate NextCheck 2006-08-07 19:14:03 GMT HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\AutoUpdate TmpUpdaterApplet HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\BannerManager LastHashDownload 1154891645 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\BannerManager AELLastHashDownload 1154891645 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\BannerManager MaxSiteHashAgeSecondsDef 86400 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\EventLog\Msgs Next 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\BD StartTime 1154891643 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\EL StartTime 1154891621 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\GBL StartTime 1154891643 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\GBL 1154891646.0 200 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bc2 StartTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bc2 OldestTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bc2 217-200 4 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bc2 217-bytes 1616 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bg2 StartTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bg2 OldestTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bg2 217-200 2 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bg2 217-bytes 63480 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gbs StartTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gbs OldestTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gbs 217-200 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gbs 217-bytes 258 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi StartTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi OldestTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi 217-200 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi 217-bytes 42 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs StartTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs OldestTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs 217-200 2 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs 217-bytes 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gt StartTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gt OldestTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gt 217-200 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gt 217-bytes 41 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_regserver StartTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_regserver OldestTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_regserver 217-200 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_regserver 217-bytes 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ss StartTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ss OldestTime 217 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ss 217-200 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ss 217-bytes 6172 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS\HOL First 1154891684 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS\HOL 0 524288 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS\HOL MRU 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS\HOL Last 1154891684 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Starts 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS BannerFetchAttempts2 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ContentFetchAttempts 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS _BW 323573317140-60 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS _PMI Q0INbH4AAAAwEqOK04a8NQjh98cYsZzjTE6UrPRGdbBhMtWJBHNV84flWGp+hDKzWlW8k43tiBOG5RjNkcbnWI+wVrJuGWq5Xs1U/Pi34t0uuV4nOAu0xrsUVWBTeByHYUHFxUuS3CPzxSM7xqjSSSu4ljTyMOUvllVoogKcyLBYbrX7dw9f/w== HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS _PMIt 1154891684 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Shutdowns 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Exits 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS OpenIH 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ScriptMatches 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SearchFetchAttempts 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SearchFetchFailures 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ScriptFetchAttempts 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ScriptFetchFailures 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS IH_DragDrops 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS IH_DoubleClicks 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS GreatDealsClicks 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS HyperlinkFailures 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SLAttempts 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SLSeqOK 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SLFailures 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS BannerFetchFailures2 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ContentFetchFailures 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SH- 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SH 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SH+ 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS LH- 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS LH 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS LH+ 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS IH 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Import 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Export 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS RTSFetchAttempts2 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS RTSFetchFailures2 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS UpdateMyInfoShown 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS UserPrefShown 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS AutoTune4Login 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS AutoTune4Form 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS CciShellFailures 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS WLHB 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS WFHB 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\NS CDBRNEID 2770 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\NS CH HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\Settings AppHasRun 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\Settings GatorVersion 7.0.3.5 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn AppPath C:\Avenger HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn AppExe GMT.exe HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn ResDll GatorRes.dll HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\GA\2796 VER 4 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\GD\Q0TASJbQBgAAALeq-toBgnpj LF 08/06/2006 21:14:06 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\gtd gtd HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\gtd lf 08/06/2006 21:14:07 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings GFD p3qd57wfo8 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings SegBucket 92 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings GMTExe C:\Avenger\GMT.exe HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings bosk 8131 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings SiteRetryTime 3600 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings MaxGBDDownloadTime 600 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings SIR 9223 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings IMU_OFFCAP 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT TGNStat 268435456 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 Empty 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 Name HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 RegStatus 2 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 SiteInfo HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 RegInfo HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users CurrentUser User1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat Guid 5BF5122C-5456-4F52-96A7-10A3965F9BD3 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat MID 593824699 HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat MID64 HKEY_LOCAL_MACHINE\software\gator.com\GInternet\Proxy Enabled 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate DefaultCheckIntervalHours 24 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate NextCheck 2006-08-07 19:14:03 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate TmpUpdaterApplet HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager LastHashDownload 1154891645 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager AELLastHashDownload 1154891645 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager MaxSiteHashAgeSecondsDef 86400 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\EventLog\Msgs Next 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\BD StartTime 1154891643 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\EL StartTime 1154891621 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL StartTime 1154891643 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL 1154891646.0 200 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 217-200 4 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 217-bytes 1616 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 217-200 2 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 217-bytes 63480 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-bytes 258 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-bytes 42 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 217-200 2 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 217-bytes 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt 217-bytes 41 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-bytes 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss StartTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss OldestTime 217 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-bytes 6172 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL First 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL 0 524288 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL MRU 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL Last 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Starts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchAttempts2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BW 323573317140-60 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMI Q0INbH4AAAAwEqOK04a8NQjh98cYsZzjTE6UrPRGdbBhMtWJBHNV84flWGp+hDKzWlW8k43tiBOG5RjNkcbnWI+wVrJuGWq5Xs1U/Pi34t0uuV4nOAu0xrsUVWBTeByHYUHFxUuS3CPzxSM7xqjSSSu4ljTyMOUvllVoogKcyLBYbrX7dw9f/w== HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMIt 1154891684 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Shutdowns 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Exits 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS OpenIH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptMatches 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DragDrops 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DoubleClicks 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS GreatDealsClicks 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS HyperlinkFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLAttempts 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLSeqOK 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchFailures2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH- 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH+ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH- 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH+ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Import 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Export 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchAttempts2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchFailures2 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UpdateMyInfoShown 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UserPrefShown 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Login 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Form 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS CciShellFailures 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WLHB 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WFHB 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\NS CDBRNEID 2770 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\NS CH HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Settings AppHasRun 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Settings GatorVersion 7.0.3.5 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn AppPath C:\Avenger HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn AppExe GMT.exe HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn ResDll GatorRes.dll HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2796 VER 4 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TASJbQBgAAALeq-toBgnpj LF 08/06/2006 21:14:06 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd gtd HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd lf 08/06/2006 21:14:07 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GFD p3qd57wfo8 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SegBucket 92 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GMTExe C:\Avenger\GMT.exe HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings bosk 8131 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SiteRetryTime 3600 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings MaxGBDDownloadTime 600 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SIR 9223 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings IMU_OFFCAP 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT TGNStat 268435456 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Empty 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Name HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegStatus 2 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 SiteInfo HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegInfo HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users CurrentUser User1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat Guid 5BF5122C-5456-4F52-96A7-10A3965F9BD3 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID 593824699 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID64 KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Ignored Infected files detected c:\programme\kazaa\bdcore.dll c:\programme\kazaa\libfn.dll c:\programme\kazaa\plugins.htm c:\programme\kazaa\versions.dat c:\programme\kazaa\bgp2p\plugins\ace.xmd c:\programme\kazaa\bgp2p\plugins\arc.xmd c:\programme\kazaa\bgp2p\plugins\arj.xmd c:\programme\kazaa\bgp2p\plugins\bach.xmd c:\programme\kazaa\bgp2p\plugins\bzip2.xmd c:\programme\kazaa\bgp2p\plugins\cab.xmd c:\programme\kazaa\bgp2p\plugins\cevakrnl.cvd c:\programme\kazaa\bgp2p\plugins\cevakrnl.ivd c:\programme\kazaa\bgp2p\plugins\cevakrnl.rvd c:\programme\kazaa\bgp2p\plugins\cevakrnl.xmd c:\programme\kazaa\bgp2p\plugins\ceva_dll.cvd c:\programme\kazaa\bgp2p\plugins\ceva_vfs.cvd c:\programme\kazaa\bgp2p\plugins\chm.xmd c:\programme\kazaa\bgp2p\plugins\cpio.xmd c:\programme\kazaa\bgp2p\plugins\cran.cvd c:\programme\kazaa\bgp2p\plugins\cran.xmd c:\programme\kazaa\bgp2p\plugins\dbx.xmd c:\programme\kazaa\bgp2p\plugins\docfile.xmd c:\programme\kazaa\bgp2p\plugins\emalware.cvd c:\programme\kazaa\bgp2p\plugins\emalware.ivd c:\programme\kazaa\bgp2p\plugins\emalware.xmd c:\programme\kazaa\bgp2p\plugins\epoc.xmd c:\programme\kazaa\bgp2p\plugins\gzip.xmd c:\programme\kazaa\bgp2p\plugins\ha.xmd c:\programme\kazaa\bgp2p\plugins\hlp.xmd c:\programme\kazaa\bgp2p\plugins\hpe.cvd c:\programme\kazaa\bgp2p\plugins\hpe.xmd c:\programme\kazaa\bgp2p\plugins\hqx.xmd c:\programme\kazaa\bgp2p\plugins\html.xmd c:\programme\kazaa\bgp2p\plugins\imp.xmd c:\programme\kazaa\bgp2p\plugins\inno.xmd c:\programme\kazaa\bgp2p\plugins\instyler.xmd c:\programme\kazaa\bgp2p\plugins\iso.xmd c:\programme\kazaa\bgp2p\plugins\java.cvd c:\programme\kazaa\bgp2p\plugins\java.xmd c:\programme\kazaa\bgp2p\plugins\jpeg.xmd c:\programme\kazaa\bgp2p\plugins\lha.xmd c:\programme\kazaa\bgp2p\plugins\lnk.xmd c:\programme\kazaa\bgp2p\plugins\mbox.xmd c:\programme\kazaa\bgp2p\plugins\mbx.xmd c:\programme\kazaa\bgp2p\plugins\mdx.xmd c:\programme\kazaa\bgp2p\plugins\mdx_97.cvd c:\programme\kazaa\bgp2p\plugins\mdx_97.ivd c:\programme\kazaa\bgp2p\plugins\mdx_w95.cvd c:\programme\kazaa\bgp2p\plugins\mdx_x95.cvd c:\programme\kazaa\bgp2p\plugins\mdx_xf.cvd c:\programme\kazaa\bgp2p\plugins\mime.xmd c:\programme\kazaa\bgp2p\plugins\mso.xmd c:\programme\kazaa\bgp2p\plugins\na.cvd c:\programme\kazaa\bgp2p\plugins\na.xmd c:\programme\kazaa\bgp2p\plugins\nelf.cvd c:\programme\kazaa\bgp2p\plugins\nelf.xmd c:\programme\kazaa\bgp2p\plugins\nsis.xmd c:\programme\kazaa\bgp2p\plugins\objd.xmd c:\programme\kazaa\bgp2p\plugins\pdf.xmd c:\programme\kazaa\bgp2p\plugins\pst.xmd c:\programme\kazaa\bgp2p\plugins\rar.xmd c:\programme\kazaa\bgp2p\plugins\rpm.xmd c:\programme\kazaa\bgp2p\plugins\rtf.xmd c:\programme\kazaa\bgp2p\plugins\rup.cvd c:\programme\kazaa\bgp2p\plugins\rup.xmd c:\programme\kazaa\bgp2p\plugins\sdx.cvd c:\programme\kazaa\bgp2p\plugins\sdx.ivd c:\programme\kazaa\bgp2p\plugins\sdx.xmd c:\programme\kazaa\bgp2p\plugins\sfx.xmd c:\programme\kazaa\bgp2p\plugins\swf.xmd c:\programme\kazaa\bgp2p\plugins\tar.xmd c:\programme\kazaa\bgp2p\plugins\td0.xmd c:\programme\kazaa\bgp2p\plugins\thebat.xmd c:\programme\kazaa\bgp2p\plugins\tnef.xmd c:\programme\kazaa\bgp2p\plugins\unpack.cvd c:\programme\kazaa\bgp2p\plugins\unpack.ivd c:\programme\kazaa\bgp2p\plugins\unpack.xmd c:\programme\kazaa\bgp2p\plugins\update.txt c:\programme\kazaa\bgp2p\plugins\uudecode.xmd c:\programme\kazaa\bgp2p\plugins\ve.cvd c:\programme\kazaa\bgp2p\plugins\ve.ivd c:\programme\kazaa\bgp2p\plugins\ve.xmd c:\programme\kazaa\bgp2p\plugins\vedata.cvd c:\programme\kazaa\bgp2p\plugins\viza.xmd c:\programme\kazaa\bgp2p\plugins\wise.xmd c:\programme\kazaa\bgp2p\plugins\xishield.xmd c:\programme\kazaa\bgp2p\plugins\z.xmd c:\programme\kazaa\bgp2p\plugins\zip.xmd c:\programme\kazaa\bgp2p\plugins\zoo.xmd c:\programme\kazaa\bgp2p\plugins.htm c:\programme\kazaa\bgp2p\versions.dat c:\programme\kazaa\db\ctx4-041111.cab c:\programme\kazaa\db\data1024.dbb c:\programme\kazaa\db\data256.dbb c:\programme\kazaa\db\np.tmp c:\programme\kazaa\db\tsi4-041101a.cab c:\programme\kazaa\db\tsi4-041101a.dat c:\programme\kazaa\db\tsi4-041101b.cab c:\programme\kazaa\db\tsi4-041115.cab c:\programme\kazaa\db\tss4.cab c:\programme\kazaa\my shared folder\download11001977461857671.dat c:\programme\kazaa\my shared folder\kazaa266_de.exe c:\programme\kazaa\my shared folder\kmd264_de.exe c:\programme\kazaa\plugins\ace.xmd c:\programme\kazaa\plugins\arc.xmd c:\programme\kazaa\plugins\arj.xmd c:\programme\kazaa\plugins\bach.xmd c:\programme\kazaa\plugins\bzip2.xmd c:\programme\kazaa\plugins\cab.xmd c:\programme\kazaa\plugins\cevakrnl.cvd c:\programme\kazaa\plugins\cevakrnl.ivd c:\programme\kazaa\plugins\cevakrnl.rvd c:\programme\kazaa\plugins\cevakrnl.xmd c:\programme\kazaa\plugins\ceva_dll.cvd c:\programme\kazaa\plugins\ceva_vfs.cvd c:\programme\kazaa\plugins\chm.xmd c:\programme\kazaa\plugins\cpio.xmd c:\programme\kazaa\plugins\cran.cvd c:\programme\kazaa\plugins\cran.xmd c:\programme\kazaa\plugins\dbx.xmd c:\programme\kazaa\plugins\docfile.xmd c:\programme\kazaa\plugins\emalware.cvd c:\programme\kazaa\plugins\emalware.ivd c:\programme\kazaa\plugins\emalware.xmd c:\programme\kazaa\plugins\epoc.xmd c:\programme\kazaa\plugins\gzip.xmd c:\programme\kazaa\plugins\ha.xmd c:\programme\kazaa\plugins\hlp.xmd c:\programme\kazaa\plugins\hpe.cvd c:\programme\kazaa\plugins\hpe.xmd c:\programme\kazaa\plugins\hqx.xmd c:\programme\kazaa\plugins\html.xmd c:\programme\kazaa\plugins\imp.xmd c:\programme\kazaa\plugins\inno.xmd c:\programme\kazaa\plugins\instyler.xmd c:\programme\kazaa\plugins\iso.xmd c:\programme\kazaa\plugins\java.cvd c:\programme\kazaa\plugins\java.xmd c:\programme\kazaa\plugins\lha.xmd c:\programme\kazaa\plugins\lnk.xmd c:\programme\kazaa\plugins\mbox.xmd c:\programme\kazaa\plugins\mbx.xmd c:\programme\kazaa\plugins\mdx.xmd c:\programme\kazaa\plugins\mdx_97.cvd c:\programme\kazaa\plugins\mdx_97.ivd c:\programme\kazaa\plugins\mdx_w95.cvd c:\programme\kazaa\plugins\mdx_x95.cvd c:\programme\kazaa\plugins\mdx_xf.cvd c:\programme\kazaa\plugins\mime.xmd c:\programme\kazaa\plugins\mso.xmd c:\programme\kazaa\plugins\na.cvd c:\programme\kazaa\plugins\na.xmd c:\programme\kazaa\plugins\nelf.cvd c:\programme\kazaa\plugins\nelf.xmd c:\programme\kazaa\plugins\objd.xmd c:\programme\kazaa\plugins\pdf.xmd c:\programme\kazaa\plugins\pst.xmd c:\programme\kazaa\plugins\rar.xmd c:\programme\kazaa\plugins\rpm.xmd c:\programme\kazaa\plugins\rtf.xmd c:\programme\kazaa\plugins\rup.cvd c:\programme\kazaa\plugins\rup.xmd c:\programme\kazaa\plugins\sdx.cvd c:\programme\kazaa\plugins\sdx.ivd c:\programme\kazaa\plugins\sdx.xmd c:\programme\kazaa\plugins\sfx.xmd c:\programme\kazaa\plugins\swf.xmd c:\programme\kazaa\plugins\tar.xmd c:\programme\kazaa\plugins\td0.xmd c:\programme\kazaa\plugins\thebat.xmd c:\programme\kazaa\plugins\tnef.xmd c:\programme\kazaa\plugins\unpack.cvd c:\programme\kazaa\plugins\unpack.ivd c:\programme\kazaa\plugins\unpack.xmd c:\programme\kazaa\plugins\update.txt c:\programme\kazaa\plugins\uudecode.xmd c:\programme\kazaa\plugins\ve.cvd c:\programme\kazaa\plugins\ve.ivd c:\programme\kazaa\plugins\ve.xmd c:\programme\kazaa\plugins\vedata.cvd c:\programme\kazaa\plugins\viza.xmd c:\programme\kazaa\plugins\wise.xmd c:\programme\kazaa\plugins\xishield.xmd c:\programme\kazaa\plugins\z.xmd c:\programme\kazaa\plugins\zip.xmd c:\programme\kazaa\plugins\zoo.xmd C:\Dokumente und Einstellungen\Stefan Schmidt\Eigene Dateien\PC+Internet\kmd.exe Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa HKEY_CURRENT_USER\Software\Kazaa\Advanced ScWeeklyDate 18-11-2004 HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST ChannelType BROWSE HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Source eUniverse HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST DisplayName GamingBlast HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST TargetUrl http://ssm.kazaa.com/us/gamingblast/index.htm HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST ChannelFile gamingblast.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST IconServer ssm.kazaa.com HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST IconPath /us/gamingblast/ HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST IconFile gamingblast.bmp HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Position 7 HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\DontShow CloseToSystray 0 HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableListFiles 1 HKEY_CURRENT_USER\Software\Kazaa\LocalContent Dir0 012345:C:\Program Files\Altnet\My Altnet Shares HKEY_CURRENT_USER\Software\Kazaa\LocalContent LastAltnetFolder C:\Program Files\Altnet\My Altnet Shares HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BBDbLoc C:\Programme\Kazaa\Db\bb.db HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc C:\Programme\Kazaa\broadband.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc2 C:\Programme\Kazaa\broadband2.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BroadNagCount2 4 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband LastBBShown 1100880158 HKEY_CURRENT_USER\Software\Kazaa\Search 0 e±,‚ñ "_@€x HKEY_CURRENT_USER\Software\Kazaa\Search 1 f |ª,Ÿàl\ HKEY_CURRENT_USER\Software\Kazaa\Search 2 tw±,ð]`I@—Éîr^€Ïf9¿ HKEY_CURRENT_USER\Software\Kazaa\Search 3 e±,‚ñ "_@€½hR™ˆ";¢ HKEY_CURRENT_USER\Software\Kazaa\Search 4 e±,‚ñ "_@€½hR™ˆ HKEY_CURRENT_USER\Software\Kazaa\Search 5 am¼iž´ HKEY_CURRENT_USER\Software\Kazaa\Search 6 `w±,žñ"]N‹¯ HKEY_CURRENT_USER\Software\Kazaa\Search 7 am·~Ìî HKEY_CURRENT_USER\Software\Kazaa\Settings + HKEY_CURRENT_USER\Software\Kazaa\Settings Date HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer + HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1 HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheHost 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer CachePort 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheDiscoveryTime 1100880045 HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir0 C:\Programme\Kazaa\My Shared Folder HKEY_CURRENT_USER\Software\Kazaa\UserDetails + HKEY_CURRENT_USER\Software\Kazaa\UserDetails CountryCode DE HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserName Janine_1964 HKEY_CURRENT_USER\Software\Kazaa Tmp 0 HKEY_CURRENT_USER\Software\Kazaa LastSearchHash HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_LOCAL_MACHINE\software\sharman networks ltd Morpheus P2P Program more information... Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing. Status: Ignored Infected files detected c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 01 [digitaldistractions].avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 02 [digitaldistractions].avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 03 [digitaldistractions].avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 04 [digitaldistractions].avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 05 [digitaldistractions].avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 06 [digitaldistractions].avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 07 [digitaldistractions].avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\- vampire - porno gina wild - xxx [divx].divx.info c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\anal intruders (sophie evans, gina blonde, michelle wild, alissa, katerina, britnee, susy, brigette) private the best by.avi.info c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\anal intruders (sophie evans, gina blonde, michelle wild, alissa, katerina, britnee, susy, brigette) private the best by.avi.part c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\anal intruders (sophie evans, gina blonde, michelle wild, alissa, katerina, britnee, susy, brigette) private the best by.partial.avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\porno - gina wild - teacher sex(2).mpg.info c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\porno - gina wild - teacher sex(2).mpg.part c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\porno - gina wild - teacher sex(2).partial.mpg c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\wild thing (alexa rae, sydnee steele, gina ryder, shay sweet, miko lee).avi.info c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\wild thing (alexa rae, sydnee steele, gina ryder, shay sweet, miko lee).avi.part c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\wild thing (alexa rae, sydnee steele, gina ryder, shay sweet, miko lee).partial.avi c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\torrents\long way round.torrent c:\programme\morpheus\50 dollars free- yukon gold casino.ico c:\programme\morpheus\once.tmp c:\programme\morpheus\pokerrewards.ico c:\programme\morpheus\svc.conf C:\Dokumente und Einstellungen\Stefan Schmidt\Eigene Dateien\Eigene Downloads\Morpheus.exe Infected registry entries detected HKEY_CLASSES_ROOT\morphtorrent HKEY_CLASSES_ROOT\morphtorrent\DefaultIcon "C:\Programme\Morpheus\Torrent.ico" HKEY_CLASSES_ROOT\morphtorrent\shell\open\command "C:\Programme\Morpheus\Morpheus.exe" "%1" HKEY_CLASSES_ROOT\morphtorrent EditFlags hex:00,00,01,00 HKEY_CLASSES_ROOT\morphtorrent TORRENT File Bullguard Potentially Unwanted Program more information... Details: Bullguard is a software suite that includes antivirus, firewall, spam filter and online backup. Status: Ignored ErrorSafe Rogue Security Program more information... Details: ErrorSafe is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan. Status: Quarantined Infected files detected c:\programme\errorsafe\lock.dat c:\windows\system32\drivers\erssdd.sys Infected registry entries detected HKEY_LOCAL_MACHINE\Software\ErrorSafe HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck\CLSID {5284AC2A-EF00-4750-9B82-B5B907D26536} HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck\CurVer ESSPCheck.ESSPCheck.1 HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck WFX5PCheck Class HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1 HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1\CLSID {5284AC2A-EF00-4750-9B82-B5B907D26536} HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1 WFX5PCheck Class HKEY_CURRENT_USER\Software\ErrorSafe HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536} HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\InprocServer32 C:\Programme\ErrorSafe\esPCheck.dll HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\ProgID ESSPCheck.ESSPCheck.1 HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\TypeLib {68BC55E9-4D3E-4c89-89AC-7559763C98B8} HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\VersionIndependentProgID ESSPCheck.ESSPCheck HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536} WFX5PCheck Class HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3} HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\TypeLib {68BC55E9-4D3E-4C89-89AC-7559763C98B8} HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3} ICheckProduct HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8} HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}\1.0\0\win32 C:\Programme\ErrorSafe\esPCheck.dll HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}\1.0\HELPDIR C:\Programme\ErrorSafe\ HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}\1.0 CheckProduct2Lib WinAntiVirus Pro Rogue Security Program more information... Status: Quarantined Infected files detected c:\dokumente und einstellungen\stefan schmidt\anwendungsdaten\winantivirus pro 2006\pge.dat c:\windows\system32\stera.log C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll Infected registry entries detected HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\ HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0 CheckProduct2Lib HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StoreHistory 0 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 AllowPopupClickType 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeOpenedPopups 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddBorders 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeFitToDesktop 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddMenuAndToolbar 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 TimedPopupLimit 2 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StartBlockOnTimedPopups 0 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainPopupLimit 2 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainOnPopups 0 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 DefaultAction 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VSScan 0 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VirusShield 1 HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings MailProtect 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum 0 Root\LEGACY_VSPF_HK\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum INITSTARTFAILED 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Type 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Start 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Tag 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk ImagePath \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk DisplayName vspf_hk HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Group Streams Drivers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Enum 0 Root\LEGACY_VSPF\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Enum INITSTARTFAILED 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Type 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Start 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Tag 10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf ImagePath \??\C:\WINDOWS\system32\drivers\vspf5.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DisplayName vspf HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Group PNP_TDI HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DependOnService tcpip HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DependOnGroup HKEY_LOCAL_MACHINE\Software\WinAntiVirus Pro 2006 HKEY_CURRENT_USER\software\winantivirus pro 2006 HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings MailProtect 1 HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings VirusShield 1 HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings VSScan 0 HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings UpdateData HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings UpdateDataBin HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings DBUNA HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings LastUpdateTimeDBOK HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings LastLogonTime HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings FirstRun 0 HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings EnableIS 0 HKEY_CURRENT_USER\software\winantivirus pro 2006 DefaultAction 1 HKEY_CURRENT_USER\software\winantivirus pro 2006 Active 0 HKEY_CURRENT_USER\software\winantivirus pro 2006 BlockDomainOnPopups 0 HKEY_CURRENT_USER\software\winantivirus pro 2006 BlockDomainPopupLimit 2 HKEY_CURRENT_USER\software\winantivirus pro 2006 StartBlockOnTimedPopups 0 HKEY_CURRENT_USER\software\winantivirus pro 2006 TimedPopupLimit 2 HKEY_CURRENT_USER\software\winantivirus pro 2006 NormalizeAddMenuAndToolbar 1 HKEY_CURRENT_USER\software\winantivirus pro 2006 NormalizeFitToDesktop 1 HKEY_CURRENT_USER\software\winantivirus pro 2006 NormalizeAddBorders 1 HKEY_CURRENT_USER\software\winantivirus pro 2006 NormalizeOpenedPopups 1 HKEY_CURRENT_USER\software\winantivirus pro 2006 AllowPopupClickType 1 HKEY_CURRENT_USER\software\winantivirus pro 2006 StoreHistory 0 HKEY_CURRENT_USER\software\winantivirus pro 2006 IEPage http://www.seb.de/home.html HKEY_CURRENT_USER\software\winantivirus pro 2006 MozillaPage http://www.wetteronline.de/ Hacker.AG Porn Dialer more information... Status: Quarantined Infected files detected c:\windows\coder.ini Twain Tech Adware (General) more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Quarantined Infected files detected c:\windows\smdat32a.sys c:\windows\smdat32m.sys Claria.GotSmiley Adware (General) more information... Details: GotSmiley is an ad supported program that provides the user with smileys for use in emails. Status: Quarantined Infected files detected c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\about gain publishing.lnk Altnet Download Manager Low Risk Adware more information... Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network. Status: Ignored Infected files detected C:\Program Files\Altnet\Download Manager\adm.exe C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css Gator.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Quarantined Infected files detected C:\Programme\Gemeinsame Dateien\lnpuppra\luemmtccod\ddqnafooc.exe C:\Programme\Gemeinsame Dateien\lnpuppra\npbmoemr\ubqlaeuf.exe Infected cookies detected c:\dokumente und einstellungen\stefan schmidt\cookies\stefan schmidt@webpdp.gator[2].txt Altnet/Topsearch Browser Plug-in more information... Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\software\altnet HKEY_LOCAL_MACHINE\software\altnet SharedMediaDir C:\Program Files\Altnet\My Altnet Shares HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} 135AEBB1-F2F0-4DA9-BF7E-BBF6C4F2E515 HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0} HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0} 2026433148 Cydoor.TOPicks Adware (General) more information... Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites. Status: Quarantined Infected registry entries detected HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d} HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\TypeLib {676F6D1D-C559-42A9-860B-27C1477B7179} HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d} IDMan25 My Way Speedbar Potentially Unwanted Program more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} HKEY_CLASSES_ROOT\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} 135AEBB1-F2F0-4DA9-BF7E-BBF6C4F2E515 HKEY_CLASSES_ROOT\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} HKEY_CLASSES_ROOT\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} 2026433148 Cydoor Adware (General) more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Quarantined Infected registry entries detected HKEY_CURRENT_USER\software\cydoor HKEY_CURRENT_USER\software\cydoor\Adwr_329 LNextCMSConn 1100881322 Zlob.Media-Codec Trojan Downloader more information... Details: Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Zlob.Media-Codec actually downloads and installs additional malware on the user's ma Status: Qu |
|
|
||
06.08.2006, 23:02
Ehrenmitglied
Beiträge: 29434 |
#87
ueberflieger
kommmt da noch mehr ?? das ist jedenfalls mehr drauf, als ich gedacht habe, sogar der C:\Programme\ErrorSafe http://virus-protect.org/artikel/spyware/errorsafe.html und winantivirus pro 2006.... http://virus-protect.org/artikel/spyware/winantivirus_%20pro_%202006.html du scheinst wirklich auf alles zu klicken, was da blinkt im net..ohne an die Konsequenzen zu denken * Quarantaene war schon mal doof, "remove" waere vernuenftiger gewesen......... poste den Rest vom Log, falls es noch mehr gibt ** leere den Papierkorb ** Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet. ** loesche, falls es noch vorhanden ist: c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing C:\Program Files\Altnet C:\Programme\Gemeinsame Dateien\lnpuppra C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 c:\dokumente und einstellungen\stefan schmidt\anwendungsdaten\winantivirus pro 2006 c:\programme\common files\searchupgrader c:\programme\errorsafe __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.08.2006, 09:26
...neu hier
Beiträge: 9 |
#88
Hallo Sabina,
erstmal Danke für die Tipps. Das kommt vom jahrelangen Dauersurfen! Ich werde alle Anweisungen befolgen - dies aber erst Ende der Woche. Dann poste ich wieder! Gruß, Stefan |
|
|
||
07.08.2006, 13:46
Ehrenmitglied
Beiträge: 29434 |
||
|
||
08.08.2006, 16:43
...neu hier
Beiträge: 1 |
#90
Hi gleiches Problem....Spyware Quake 2.3...
Hab schon versucht mit dem was ich hier gelesen hab aber die beiden blinkenden Teile in der Taskleiste sind immernoch da.... Sowohl Spayware Quake alsauch den Codec habe ich deinstalliert....Danke im Voraus Hijack File: Logfile of HijackThis v1.99.1 Scan saved at 16:41:39, on 08.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\IntCodec\pmsngr.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\RunDll32.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\IntCodec\pmmon.exe c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\Programme\Winamp\winamp.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\HyBr!D\Desktop\HijackThis.exe O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8B072E-F917-418C-B160-B497E48DED9E}: NameServer = 194.8.194.60 213.168.112.60 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A8B072E-F917-418C-B160-B497E48DED9E}: NameServer = 194.8.194.60 213.168.112.60 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
|
|
||
mich hats auch erwischt!! Wäre super, wenn Du mir helfen könntest - ich bin verzweifelt!
Danke im Voraus,
Stefan
Hier meine Logs:
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933
Verzeichnis von C:\WINDOWS\system32
04.08.2006 00:56 2.206 wpa.dbl
03.08.2006 23:43 400.164 perfh009.dat
03.08.2006 23:43 63.012 perfc009.dat
03.08.2006 23:43 414.780 perfh007.dat
03.08.2006 23:43 75.934 perfc007.dat
03.08.2006 23:43 963.946 PerfStringBackup.INI
02.08.2006 23:09 176.128 viruxz.dll
07.07.2006 03:21 6.757.792 MRT.exe
22.06.2006 12:47 181.248 rasmans.dll
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
19.05.2006 17:09 3.073.536 mshtml.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
19.05.2006 15:09 95.744 iphlpapi.dll
19.05.2006 15:09 148.480 dnsapi.dll
18.05.2006 07:36 450.560 jscript.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 96.768 inseng.dll
10.05.2006 07:22 16.384 jsproxy.dll
10.05.2006 07:22 55.808 extmgr.dll
10.05.2006 07:22 1.056.256 danim.dll
10.05.2006 07:22 251.392 iepeers.dll
10.05.2006 07:22 205.312 dxtrans.dll
10.05.2006 07:22 357.888 dxtmsft.dll
10.05.2006 07:22 1.022.976 browseui.dll
10.05.2006 07:22 152.064 cdfview.dll
29.04.2006 06:07 5.533.696 wmp.dll
26.04.2006 22:44 2 stera.job
26.04.2006 22:34 2 stera.log
03.04.2006 11:40 14.048 spmsg.dll
17.03.2006 11:11 679.424 inetcomm.dll
17.03.2006 06:03 8.493.056 shell32.dll
17.03.2006 02:38 28.672 verclsid.exe
15.03.2006 15:00 542.195 CmboPls1.ocx
01.03.2006 21:43 91.136 mtxoci.dll
01.03.2006 21:43 426.496 msdtcprx.dll
01.03.2006 21:43 956.416 msdtctm.dll
01.03.2006 21:43 11.776 xolehlp.dll
01.03.2006 21:43 161.280 msdtcuiu.dll
01.03.2006 21:43 66.560 mtxclu.dll
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933
Verzeichnis von C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp
04.08.2006 00:58 22.066 WcesView.log
04.08.2006 00:56 224 WCESCOMM.LOG
04.08.2006 00:17 0 isA.tmp
04.08.2006 00:17 0 is6.tmp
03.08.2006 22:46 4.735.074 candis.wmv
03.08.2006 21:57 1.316 InoSetup.log
02.08.2006 23:35 0 ixt6A.tmp
02.08.2006 23:34 0 grr69.tmp
02.08.2006 23:32 0 xzx68.tmp
02.08.2006 23:09 49.696 tmp5A.tmp
31.07.2006 03:55 124 0CF6E057.TMP
29.07.2006 12:50 409 WGANotify.settings
29.07.2006 12:28 4.335 tmp-34.xpi
24.07.2006 23:33 241.154 vodafone_settings.zip
24.07.2006 23:19 16.412 tmp-33.xpi
24.07.2006 23:19 141.584 plugtmp-24-1
24.07.2006 22:52 0 hio29.tmp
24.07.2006 08:18 0 41z8.tmp
24.07.2006 08:17 0 ax17.tmp
24.07.2006 08:14 0 ka45.tmp
21.07.2006 00:19 0 ef52F.tmp
21.07.2006 00:18 0 cnn2E.tmp
21.07.2006 00:16 0 eb62D.tmp
19.07.2006 22:52 797.676 IMT16.xml
19.07.2006 22:52 426 IMT15.xml
19.07.2006 22:52 2.036 IMT14.xml
19.07.2006 22:51 797.676 IMT13.xml
19.07.2006 22:51 426 IMT12.xml
19.07.2006 22:51 2.036 IMT11.xml
19.07.2006 22:51 797.676 IMTA.xml
19.07.2006 22:51 426 IMT9.xml
19.07.2006 22:51 2.036 IMT8.xml
19.07.2006 22:45 797.676 IMT21.xml
19.07.2006 22:45 426 IMT20.xml
19.07.2006 22:45 2.036 IMT1F.xml
19.07.2006 22:45 797.676 IMT1E.xml
19.07.2006 22:45 426 IMT1D.xml
19.07.2006 22:45 2.036 IMT1C.xml
19.07.2006 22:44 797.676 IMTC.xml
19.07.2006 22:44 426 IMTB.xml
19.07.2006 21:59 4.335 tmp-32.xpi
19.07.2006 20:41 1.122.308 homemadeporn01.mpg
19.07.2006 20:40 1.122.308 homemadeporn03.mpg
19.07.2006 20:40 825.020 vanitybucci4.mpg
19.07.2006 20:37 0 rpl17.tmp
19.07.2006 20:36 0 zax16.tmp
19.07.2006 20:35 0 19u15.tmp
19.07.2006 20:34 0 ro514.tmp
19.07.2006 20:32 3.577.630 movie004.mpg
19.07.2006 20:32 3.565.310 movie002.mpg
19.07.2006 20:31 3.691.596 movie003.mpg
19.07.2006 20:28 1.300.486 02_clip.avi
19.07.2006 20:28 1.436.058 04_clip.avi
19.07.2006 20:26 1.452.378 03_clip.avi
19.07.2006 20:11 4.335 tmp-31.xpi
14.07.2006 18:18 22.425 tmp-30.xpi
14.07.2006 18:18 138.942 plugtmp-22-1
13.07.2006 23:57 0 r2sC1.tmp
13.07.2006 23:55 0 ophC0.tmp
13.07.2006 23:24 0 50t8C.tmp
13.07.2006 23:23 0 qpr8B.tmp
13.07.2006 23:17 0 wsy89.tmp
12.07.2006 22:27 0 r0z49.tmp
11.07.2006 09:16 0 2cbB.tmp
11.07.2006 00:43 0 8bd40.tmp
11.07.2006 00:41 0 1s43F.tmp
11.07.2006 00:40 0 6li3E.tmp
11.07.2006 00:39 0 4ju3D.tmp
10.07.2006 23:57 4.335 tmp-29.xpi
03.07.2006 17:56 717 control.xml
03.07.2006 17:49 4.335 tmp-28.xpi
29.06.2006 23:18 6.762.992 t-mobile_mda3.pdf
29.06.2006 22:51 0 fla64.tmp
29.06.2006 22:50 0 fla61.tmp
29.06.2006 22:50 0 fla5D.tmp
29.06.2006 22:50 0 fla57.tmp
29.06.2006 22:48 0 fla55.tmp
29.06.2006 21:37 16.212 header.gif
27.06.2006 00:28 0 0wjF.tmp
27.06.2006 00:27 0 f1xE.tmp
27.06.2006 00:25 0 7emD.tmp
27.06.2006 00:24 0 x76C.tmp
27.06.2006 00:23 0 j6lB.tmp
27.06.2006 00:22 0 aloA.tmp
25.06.2006 22:47 4.335 tmp-27.xpi
22.06.2006 22:31 1.912 pf1853832607.tmp
22.06.2006 22:30 32 pf834703.tmp
22.06.2006 22:30 0 audio834703.tmp
22.06.2006 22:29 1.912 pf1853832606.tmp
22.06.2006 22:28 0 CacheInfo.dnl
22.06.2006 22:28 1.287 pf2257979510.tmp
21.06.2006 23:34 0 qgt30.tmp
21.06.2006 23:30 0 pq02F.tmp
21.06.2006 23:29 0 ku22E.tmp
18.06.2006 18:52 0 bwn2C.tmp
18.06.2006 17:06 0 dcx2B.tmp
18.06.2006 17:05 0 n9i2A.tmp
18.06.2006 17:04 0 j3129.tmp
18.06.2006 17:01 0 qbh28.tmp
18.06.2006 16:37 4.335 tmp-26.xpi
08.06.2006 00:05 990.342 sample.wmv
08.06.2006 00:02 0 qps5D.tmp
08.06.2006 00:01 0 i385C.tmp
08.06.2006 00:00 0 1mn5B.tmp
07.06.2006 23:59 0 knv5A.tmp
07.06.2006 23:58 0 us959.tmp
07.06.2006 23:57 0 fik58.tmp
07.06.2006 23:56 0 o1t57.tmp
06.06.2006 23:04 4.335 tmp-25.xpi
01.06.2006 23:07 0 24g26.tmp
01.06.2006 23:06 0 pve25.tmp
01.06.2006 23:03 0 qyn24.tmp
31.05.2006 23:31 22.360 tmp-24.xpi
25.05.2006 22:31 4.335 tmp-23.xpi
23.05.2006 22:12 0 zxf1C.tmp
23.05.2006 22:11 0 99m1B.tmp
23.05.2006 22:10 0 l9i1A.tmp
23.05.2006 22:10 0 wnn19.tmp
23.05.2006 22:09 0 w7l18.tmp
21.05.2006 22:23 665 TWAIN.LOG
21.05.2006 22:23 156 Twunk001.MTX
21.05.2006 22:23 3 Twain001.Mtx
19.05.2006 14:45 17.449 tmp-22.xpi
19.05.2006 14:45 126.316 plugtmp-16-1
18.05.2006 23:38 1.413 pf1136108790.tmp
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933
Verzeichnis von C:\WINDOWS
04.08.2006 00:57 12.310 mozver.dat
04.08.2006 00:57 898.514 setupapi.log
04.08.2006 00:56 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
04.08.2006 00:56 0 0.log
04.08.2006 00:56 1.270.449 WindowsUpdate.log
04.08.2006 00:56 261 SCARDSRV.INI
04.08.2006 00:56 2.048 bootstat.dat
04.08.2006 00:54 32.622 SchedLgU.Txt
04.08.2006 00:11 590 win.ini
04.08.2006 00:11 227 system.ini
04.08.2006 00:02 181.927 MILTIME.VAL
03.08.2006 23:52 387.017 comsetup.log
03.08.2006 23:52 166.200 iis6.log
03.08.2006 23:52 251.383 ntdtcsetup.log
03.08.2006 23:52 754.897 ocgen.log
03.08.2006 23:52 64.228 msgsocm.log
03.08.2006 23:52 1.891 imsins.log
03.08.2006 23:52 489.621 tsoc.log
03.08.2006 23:52 61.026 ocmsn.log
03.08.2006 23:52 1.158.479 FaxSetup.log
03.08.2006 23:43 4.507 imsins.BAK
03.08.2006 23:33 50 wiaservc.log
03.08.2006 23:33 214 wiadebug.log
29.07.2006 12:50 8.497 WgaNotify.log
28.07.2006 22:56 202 NeroDigital.ini
13.07.2006 00:05 12.230 KB917159.log
13.07.2006 00:05 12.741 KB914388.log
13.07.2006 00:05 38.529 updspapi.log
13.07.2006 00:05 10.803 KB916595.log
13.07.2006 00:00 2.595 GatorPatch.log
12.07.2006 22:03 534 WMCSetupUninst.log
03.07.2006 17:56 424.961 wmsetup.log
28.06.2006 23:41 11.569 KB911280.log
28.06.2006 00:14 0 SwSys1.bmp
28.06.2006 00:14 0 SwSys2.bmp
18.06.2006 21:52 32.375 spupdsvc.log
18.06.2006 21:04 12.301 KB917734.log
18.06.2006 21:02 15.017 KB918439.log
18.06.2006 21:02 15.698 KB917344.log
18.06.2006 21:02 14.658 KB917953.log
18.06.2006 21:02 18.414 KB916281.log
18.06.2006 21:01 11.917 KB914389.log
28.05.2006 23:48 250.010 MILTIME.VAM
14.05.2006 21:01 12.181 KB913580.log
26.04.2006 21:55 11.603 KB900485.log
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933
Verzeichnis von C:\
04.08.2006 01:16 0 sys.txt
04.08.2006 01:16 17.885 system.txt
04.08.2006 01:14 23.105 systemtemp.txt
04.08.2006 01:08 104.390 system32.txt
04.08.2006 00:56 536.399.872 hiberfil.sys
04.08.2006 00:56 805.306.368 pagefile.sys
04.08.2006 00:41 1.122 c.txt
04.08.2006 00:40 17.885 windows.txt
04.08.2006 00:11 211 boot.ini
03.05.2006 22:53 55.230 PICT0878.JPG