Ich kann Spywarequake nicht entfernen

#0
04.08.2006, 01:18
...neu hier

Beiträge: 9
#76 Hallo Sabina,
mich hats auch erwischt!! Wäre super, wenn Du mir helfen könntest - ich bin verzweifelt!
Danke im Voraus,
Stefan

Hier meine Logs:
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\system32

04.08.2006 00:56 2.206 wpa.dbl
03.08.2006 23:43 400.164 perfh009.dat
03.08.2006 23:43 63.012 perfc009.dat
03.08.2006 23:43 414.780 perfh007.dat
03.08.2006 23:43 75.934 perfc007.dat
03.08.2006 23:43 963.946 PerfStringBackup.INI
02.08.2006 23:09 176.128 viruxz.dll
07.07.2006 03:21 6.757.792 MRT.exe
22.06.2006 12:47 181.248 rasmans.dll
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
19.05.2006 17:09 3.073.536 mshtml.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
19.05.2006 15:09 95.744 iphlpapi.dll
19.05.2006 15:09 148.480 dnsapi.dll
18.05.2006 07:36 450.560 jscript.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 96.768 inseng.dll
10.05.2006 07:22 16.384 jsproxy.dll
10.05.2006 07:22 55.808 extmgr.dll
10.05.2006 07:22 1.056.256 danim.dll
10.05.2006 07:22 251.392 iepeers.dll
10.05.2006 07:22 205.312 dxtrans.dll
10.05.2006 07:22 357.888 dxtmsft.dll
10.05.2006 07:22 1.022.976 browseui.dll
10.05.2006 07:22 152.064 cdfview.dll
29.04.2006 06:07 5.533.696 wmp.dll
26.04.2006 22:44 2 stera.job
26.04.2006 22:34 2 stera.log

03.04.2006 11:40 14.048 spmsg.dll
17.03.2006 11:11 679.424 inetcomm.dll
17.03.2006 06:03 8.493.056 shell32.dll
17.03.2006 02:38 28.672 verclsid.exe
15.03.2006 15:00 542.195 CmboPls1.ocx
01.03.2006 21:43 91.136 mtxoci.dll
01.03.2006 21:43 426.496 msdtcprx.dll
01.03.2006 21:43 956.416 msdtctm.dll
01.03.2006 21:43 11.776 xolehlp.dll
01.03.2006 21:43 161.280 msdtcuiu.dll
01.03.2006 21:43 66.560 mtxclu.dll


Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp

04.08.2006 00:58 22.066 WcesView.log
04.08.2006 00:56 224 WCESCOMM.LOG
04.08.2006 00:17 0 isA.tmp
04.08.2006 00:17 0 is6.tmp
03.08.2006 22:46 4.735.074 candis.wmv
03.08.2006 21:57 1.316 InoSetup.log
02.08.2006 23:35 0 ixt6A.tmp
02.08.2006 23:34 0 grr69.tmp
02.08.2006 23:32 0 xzx68.tmp
02.08.2006 23:09 49.696 tmp5A.tmp
31.07.2006 03:55 124 0CF6E057.TMP
29.07.2006 12:50 409 WGANotify.settings
29.07.2006 12:28 4.335 tmp-34.xpi
24.07.2006 23:33 241.154 vodafone_settings.zip
24.07.2006 23:19 16.412 tmp-33.xpi
24.07.2006 23:19 141.584 plugtmp-24-1
24.07.2006 22:52 0 hio29.tmp
24.07.2006 08:18 0 41z8.tmp
24.07.2006 08:17 0 ax17.tmp
24.07.2006 08:14 0 ka45.tmp
21.07.2006 00:19 0 ef52F.tmp
21.07.2006 00:18 0 cnn2E.tmp
21.07.2006 00:16 0 eb62D.tmp
19.07.2006 22:52 797.676 IMT16.xml
19.07.2006 22:52 426 IMT15.xml
19.07.2006 22:52 2.036 IMT14.xml
19.07.2006 22:51 797.676 IMT13.xml
19.07.2006 22:51 426 IMT12.xml
19.07.2006 22:51 2.036 IMT11.xml
19.07.2006 22:51 797.676 IMTA.xml
19.07.2006 22:51 426 IMT9.xml
19.07.2006 22:51 2.036 IMT8.xml
19.07.2006 22:45 797.676 IMT21.xml
19.07.2006 22:45 426 IMT20.xml
19.07.2006 22:45 2.036 IMT1F.xml
19.07.2006 22:45 797.676 IMT1E.xml
19.07.2006 22:45 426 IMT1D.xml
19.07.2006 22:45 2.036 IMT1C.xml
19.07.2006 22:44 797.676 IMTC.xml
19.07.2006 22:44 426 IMTB.xml
19.07.2006 21:59 4.335 tmp-32.xpi
19.07.2006 20:41 1.122.308 homemadeporn01.mpg
19.07.2006 20:40 1.122.308 homemadeporn03.mpg
19.07.2006 20:40 825.020 vanitybucci4.mpg
19.07.2006 20:37 0 rpl17.tmp
19.07.2006 20:36 0 zax16.tmp
19.07.2006 20:35 0 19u15.tmp
19.07.2006 20:34 0 ro514.tmp
19.07.2006 20:32 3.577.630 movie004.mpg
19.07.2006 20:32 3.565.310 movie002.mpg
19.07.2006 20:31 3.691.596 movie003.mpg
19.07.2006 20:28 1.300.486 02_clip.avi
19.07.2006 20:28 1.436.058 04_clip.avi
19.07.2006 20:26 1.452.378 03_clip.avi
19.07.2006 20:11 4.335 tmp-31.xpi
14.07.2006 18:18 22.425 tmp-30.xpi
14.07.2006 18:18 138.942 plugtmp-22-1
13.07.2006 23:57 0 r2sC1.tmp
13.07.2006 23:55 0 ophC0.tmp
13.07.2006 23:24 0 50t8C.tmp
13.07.2006 23:23 0 qpr8B.tmp
13.07.2006 23:17 0 wsy89.tmp
12.07.2006 22:27 0 r0z49.tmp
11.07.2006 09:16 0 2cbB.tmp
11.07.2006 00:43 0 8bd40.tmp
11.07.2006 00:41 0 1s43F.tmp
11.07.2006 00:40 0 6li3E.tmp
11.07.2006 00:39 0 4ju3D.tmp
10.07.2006 23:57 4.335 tmp-29.xpi
03.07.2006 17:56 717 control.xml
03.07.2006 17:49 4.335 tmp-28.xpi
29.06.2006 23:18 6.762.992 t-mobile_mda3.pdf
29.06.2006 22:51 0 fla64.tmp
29.06.2006 22:50 0 fla61.tmp
29.06.2006 22:50 0 fla5D.tmp
29.06.2006 22:50 0 fla57.tmp
29.06.2006 22:48 0 fla55.tmp
29.06.2006 21:37 16.212 header.gif
27.06.2006 00:28 0 0wjF.tmp
27.06.2006 00:27 0 f1xE.tmp
27.06.2006 00:25 0 7emD.tmp
27.06.2006 00:24 0 x76C.tmp
27.06.2006 00:23 0 j6lB.tmp
27.06.2006 00:22 0 aloA.tmp
25.06.2006 22:47 4.335 tmp-27.xpi
22.06.2006 22:31 1.912 pf1853832607.tmp
22.06.2006 22:30 32 pf834703.tmp
22.06.2006 22:30 0 audio834703.tmp
22.06.2006 22:29 1.912 pf1853832606.tmp
22.06.2006 22:28 0 CacheInfo.dnl
22.06.2006 22:28 1.287 pf2257979510.tmp
21.06.2006 23:34 0 qgt30.tmp
21.06.2006 23:30 0 pq02F.tmp
21.06.2006 23:29 0 ku22E.tmp
18.06.2006 18:52 0 bwn2C.tmp
18.06.2006 17:06 0 dcx2B.tmp
18.06.2006 17:05 0 n9i2A.tmp
18.06.2006 17:04 0 j3129.tmp
18.06.2006 17:01 0 qbh28.tmp
18.06.2006 16:37 4.335 tmp-26.xpi
08.06.2006 00:05 990.342 sample.wmv
08.06.2006 00:02 0 qps5D.tmp
08.06.2006 00:01 0 i385C.tmp
08.06.2006 00:00 0 1mn5B.tmp
07.06.2006 23:59 0 knv5A.tmp
07.06.2006 23:58 0 us959.tmp
07.06.2006 23:57 0 fik58.tmp
07.06.2006 23:56 0 o1t57.tmp
06.06.2006 23:04 4.335 tmp-25.xpi
01.06.2006 23:07 0 24g26.tmp
01.06.2006 23:06 0 pve25.tmp
01.06.2006 23:03 0 qyn24.tmp
31.05.2006 23:31 22.360 tmp-24.xpi
25.05.2006 22:31 4.335 tmp-23.xpi
23.05.2006 22:12 0 zxf1C.tmp
23.05.2006 22:11 0 99m1B.tmp
23.05.2006 22:10 0 l9i1A.tmp
23.05.2006 22:10 0 wnn19.tmp
23.05.2006 22:09 0 w7l18.tmp
21.05.2006 22:23 665 TWAIN.LOG
21.05.2006 22:23 156 Twunk001.MTX
21.05.2006 22:23 3 Twain001.Mtx
19.05.2006 14:45 17.449 tmp-22.xpi
19.05.2006 14:45 126.316 plugtmp-16-1
18.05.2006 23:38 1.413 pf1136108790.tmp



Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS

04.08.2006 00:57 12.310 mozver.dat
04.08.2006 00:57 898.514 setupapi.log
04.08.2006 00:56 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
04.08.2006 00:56 0 0.log
04.08.2006 00:56 1.270.449 WindowsUpdate.log
04.08.2006 00:56 261 SCARDSRV.INI
04.08.2006 00:56 2.048 bootstat.dat
04.08.2006 00:54 32.622 SchedLgU.Txt
04.08.2006 00:11 590 win.ini
04.08.2006 00:11 227 system.ini
04.08.2006 00:02 181.927 MILTIME.VAL
03.08.2006 23:52 387.017 comsetup.log
03.08.2006 23:52 166.200 iis6.log
03.08.2006 23:52 251.383 ntdtcsetup.log
03.08.2006 23:52 754.897 ocgen.log
03.08.2006 23:52 64.228 msgsocm.log
03.08.2006 23:52 1.891 imsins.log
03.08.2006 23:52 489.621 tsoc.log
03.08.2006 23:52 61.026 ocmsn.log
03.08.2006 23:52 1.158.479 FaxSetup.log
03.08.2006 23:43 4.507 imsins.BAK
03.08.2006 23:33 50 wiaservc.log
03.08.2006 23:33 214 wiadebug.log
29.07.2006 12:50 8.497 WgaNotify.log
28.07.2006 22:56 202 NeroDigital.ini
13.07.2006 00:05 12.230 KB917159.log
13.07.2006 00:05 12.741 KB914388.log
13.07.2006 00:05 38.529 updspapi.log
13.07.2006 00:05 10.803 KB916595.log
13.07.2006 00:00 2.595 GatorPatch.log
12.07.2006 22:03 534 WMCSetupUninst.log
03.07.2006 17:56 424.961 wmsetup.log
28.06.2006 23:41 11.569 KB911280.log
28.06.2006 00:14 0 SwSys1.bmp
28.06.2006 00:14 0 SwSys2.bmp
18.06.2006 21:52 32.375 spupdsvc.log
18.06.2006 21:04 12.301 KB917734.log
18.06.2006 21:02 15.017 KB918439.log
18.06.2006 21:02 15.698 KB917344.log
18.06.2006 21:02 14.658 KB917953.log
18.06.2006 21:02 18.414 KB916281.log
18.06.2006 21:01 11.917 KB914389.log
28.05.2006 23:48 250.010 MILTIME.VAM
14.05.2006 21:01 12.181 KB913580.log
26.04.2006 21:55 11.603 KB900485.log


Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\

04.08.2006 01:16 0 sys.txt
04.08.2006 01:16 17.885 system.txt
04.08.2006 01:14 23.105 systemtemp.txt
04.08.2006 01:08 104.390 system32.txt
04.08.2006 00:56 536.399.872 hiberfil.sys
04.08.2006 00:56 805.306.368 pagefile.sys
04.08.2006 00:41 1.122 c.txt
04.08.2006 00:40 17.885 windows.txt
04.08.2006 00:11 211 boot.ini
03.05.2006 22:53 55.230 PICT0878.JPG
Seitenanfang Seitenende
04.08.2006, 11:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#77 ueberflieger

poste bitte noch:

1.
scanlog von option 1 und 2
http://virus-protect.org/artikel/tools/smitfrautfix.html

2.
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit
rechtem Mausklick "einfügen"

3.
scanlog
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.08.2006, 17:35
...neu hier

Beiträge: 4
#78 SmitFraudFix v2.79

Scan done at 17:35:21,08, 05.08.2006
Run from D:\Dokumente und Einstellungen\Besitzer\Desktop\SmitefraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

D:\WINDOWS\system32\ot.ico FOUND !
D:\WINDOWS\system32\pmnqguh.dll FOUND !
D:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» D:\Dokumente und Einstellungen\Besitzer\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOKUME~1\BESITZER\FAVORI~1

D:\DOKUME~1\BESITZER\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Programme

D:\Programme\SpyQuake2.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

SmitFraudFix v2.79

Scan done at 17:36:26,32, 05.08.2006
Run from D:\Dokumente und Einstellungen\Besitzer\Desktop\SmitefraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

D:\WINDOWS\system32\ot.ico Deleted
D:\WINDOWS\system32\pmnqguh.dll Deleted
D:\WINDOWS\system32\1024\ Deleted
D:\DOKUME~1\BESITZER\FAVORI~1\Antivirus Test Online.url Deleted
D:\Programme\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tnlgblot

*******************

Script file located at: \??\D:\Program Files\hjiubkci.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:



File D:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf not found!
Deletion of file D:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf failed!

Could not process line:
D:\WINDOWS\Downloaded Program Files\YazzleActiveX.inf
Status: 0xc0000034



File D:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx not found!
Deletion of file D:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx failed!

Could not process line:
D:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx
Status: 0xc0000034

File D:\WINDOWS\system32\fghjl.ini2 deleted successfully.
File D:\WINDOWS\system32\fghjl.bak2 deleted successfully.


File D:\WINDOWS\system32\ot.ico not found!
Deletion of file D:\WINDOWS\system32\ot.ico failed!

Could not process line:
D:\WINDOWS\system32\ot.ico
Status: 0xc0000034



File D:\WINDOWS\System32\pmnqguh.dll not found!
Deletion of file D:\WINDOWS\System32\pmnqguh.dll failed!

Could not process line:
D:\WINDOWS\System32\pmnqguh.dll
Status: 0xc0000034

File D:\WINDOWS\system32\wnvmjsst.exe deleted successfully.
File D:\WINDOWS\system32\cedpubph.exe deleted successfully.
File D:\WINDOWS\system32\qiieabec.exe deleted successfully.
File D:\WINDOWS\system32\evkkknoq.exe deleted successfully.


File D:\WINDOWS\system32\issearch.exe not found!
Deletion of file D:\WINDOWS\system32\issearch.exe failed!

Could not process line:
D:\WINDOWS\system32\issearch.exe
Status: 0xc0000034



File D:\WINDOWS\System32\isnotify.exe not found!
Deletion of file D:\WINDOWS\System32\isnotify.exe failed!

Could not process line:
D:\WINDOWS\System32\isnotify.exe
Status: 0xc0000034

File D:\WINDOWS\system32\mcrh.tmp deleted successfully.
File D:\WINDOWS\system32\fghjl.ini deleted successfully.
File D:\WINDOWS\system32\atmclk.PIF deleted successfully.
File D:\WINDOWS\system32\fghjl.tmp deleted successfully.
File D:\WINDOWS\system32\wpa.bak deleted successfully.
File D:\WINDOWS\system32\wpa.dbl deleted successfully.
File D:\WINDOWS\system32\fghjl.bak1 deleted successfully.
File D:\WINDOWS\system32\ljhgf.dll deleted successfully.
File D:\WINDOWS\system32\wnstssv.exe deleted successfully.


File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6F.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6F.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6F.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6C.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6C.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6C.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win69.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win69.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win69.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6B.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6B.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6B.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6D.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6D.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6D.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6E.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6E.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win6E.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\removalfile.bat not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\removalfile.bat failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\removalfile.bat
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win68.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win68.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win68.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\66.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\66.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\66.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win65.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win65.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win65.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win63.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win63.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win63.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5F.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5F.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5F.tmp
Status: 0xc0000034



File D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5D.tmp not found!
Deletion of file D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5D.tmp failed!

Could not process line:
D:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\win5D.tmp
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljhgf deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Dieser Beitrag wurde am 05.08.2006 um 18:01 Uhr von Thogrim editiert.
Seitenanfang Seitenende
05.08.2006, 19:28
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#79 Thogrim

das sieht doch schon mal gut aus ;)

1.
loesche das backup vom Avenger

2.
poste bitte noch dieses Log zur ueberpruefung
scanlog
http://virus-protect.org/artikel/tools/combofix.html

3.
und scanne mit dr.web + poste den scanreport
http://virus-protect.org/cureit.html

4.
poste das neue log vom HijacktHis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.08.2006, 05:40
...neu hier

Beiträge: 4
#80 Ich denke, das ist nicht mehr nötig, das Icon unten rechts ist weg, und auch die Meldung ist nicht mehr aufgetaucht... ich frag mich zwar, wie du das gemacht hast, aber anscheinend hat es funktioniert... Weißt du, wo man sich diese Schei... herholt? Ich hab nämlich keine Ahnung mehr, wo ich das her habe
Seitenanfang Seitenende
06.08.2006, 13:02
...neu hier

Beiträge: 9
#81 Hallo Sabina
ich glaube ich bin schon `clean`
Das nervige Pop-up erscheint jedenfalls bereits nicht mehr!!
Schon mal HERZLICHEN DANK für diesen auusergewöhlichen support!!!
Hier noch meine Scanlogs. Bitte schau nochmal drüber, ob alles sauber ist:

1.
scanlog von option 1 und 2
http://virus-protect.org/artikel/tools/smitfrautfix.html

SmitFraudFix v2.80

Scan done at 12:58:25,96, 06.08.2006
Run from C:\Dokumente und Einstellungen\Stefan Schmidt\Eigene Dateien\Eigene Downloads\Kann gel”scht werden\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Stefan Schmidt\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\STEFAN~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





2. HijackThis.log

Logfile of HijackThis v1.99.1
Scan saved at 13:08:10, on 06.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SCARDS32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\WinBar XP 2005\WinBar.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Business PDF Writer\busipdf.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Netscape\Netscape Browser\netscape.exe
C:\Dokumente und Einstellungen\Stefan Schmidt\Eigene Dateien\Eigene Downloads\Kann gelöscht werden\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seb.de/home.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [WinBar] C:\Programme\WinBar XP 2005\WinBar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ChrisTV Agent] "C:\Programme\ChrisTV Lite\ChrisTV_Agent.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Business PDF Writer] C:\Programme\Business PDF Writer\busipdf.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\aolshare\AOLMIcon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Programme\PrecisionTime\PrecisionTime.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) - https://banking.seb.de/hbci/plugin/AXFOAM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100197902218
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



3. Scanlog mit combofix.exe

Start Time= 06.08.2006 13:11:07,75
Running from: C:\Programme\Netscape\Netscape Browser

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-04 00:24:16 ( .D... ) "C:\Programme\CleanUp!"
2006-07-05 23:25:28 18868 ( A.... ) "C:\Dokumente und Einstellungen\Stefan Schmidt\Anwendungsdaten\wklnhst.dat"
2006-06-28 00:14:50 ( .D... ) "C:\Programme\Morpheus Ultra"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-19 15:09:50 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 15:09:50 112128 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 15:09:50 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2003-08-14 20:13:12 40960 ( A.... ) "C:\Programme\Uninstall_PCM.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-06 12:58 53.248 C:\WINDOWS\system32\Process.exe
2006-08-06 12:58 42.496 C:\WINDOWS\system32\swreg.exe
2006-08-06 12:58 40.960 C:\WINDOWS\system32\swsc.exe
2006-08-06 12:58 288.417 C:\WINDOWS\system32\SrchSTS.exe
2006-08-06 12:56 536.399.872 C:\hiberfil.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinBar"="C:\\Programme\\WinBar XP 2005\\WinBar.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"PCMService"="\"C:\\Programme\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"Dit"="Dit.exe"
"CMESys"="\"C:\\Programme\\Gemeinsame Dateien\\CMEII\\CMESys.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"ChrisTV Agent"="\"C:\\Programme\\ChrisTV Lite\\ChrisTV_Agent.exe\""
"CHotkey"="mHotkey.exe"
"Business PDF Writer"="C:\\Programme\\Business PDF Writer\\busipdf.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\aolshare\\AOLMIcon.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""




Contents of the 'Scheduled Tasks' folder

Completion time: 06.08.2006 13:11:17,59
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
Dieser Beitrag wurde am 06.08.2006 um 13:15 Uhr von ueberflieger editiert.
Seitenanfang Seitenende
06.08.2006, 14:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#82 ueberflieger

clean ist der rechner auf keinen Fall:
http://virus-protect.org/artikel/spyware/gain.html

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\Gemeinsame Dateien\CMEII" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\GMT" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.08.2006, 14:04
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#83 Thogrim
eingefangen hast du die die malware wahrscheinlich ueber einen Codec
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.08.2006, 18:49
...neu hier

Beiträge: 9
#84 Hi Sabina,
stimmt, gain verfolgt mich bereits seit längerem.
Wäre natürlich super, wenn ich dies auch los werden könnte.
SpywarQuake wurde jedoch bereits besiegt!
Nochmals vielen Dank für diesen geleisteten "Zauber" !!!
Lieben Gruß,
Stefan

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme\Gemeinsame Dateien\CMEII

05.08.2006 21:07 <DIR> .
05.08.2006 21:07 <DIR> ..
08.01.2006 21:57 1.750 CMEDiagnostics.log
16.02.2005 22:22 90.167 CMEIIAPI.dll
16.02.2005 22:23 90.112 CMESys.exe
21.03.2002 19:43 65.536 CMEUpd.exe
16.02.2005 22:22 421.942 GAppMgr.dll
06.08.2006 12:56 570 GatorSupportInfo.txt
16.02.2005 22:22 217.146 GController.dll
16.02.2005 22:23 249.911 GDwldEng.dll
21.03.2002 19:46 65.536 GFormCTM.dll
16.02.2005 22:22 110.644 GIocl.dll
16.02.2005 22:22 90.170 GIoclClient.dll
16.02.2005 22:23 167.991 GMTProxy.dll
16.02.2005 22:22 249.908 GObjs.dll
05.08.2006 21:07 269 gOps.bac
05.08.2006 21:07 873 gReg.reg
16.02.2005 22:22 110.645 GStore.dll
16.02.2005 22:23 102.459 GStoreServer.dll
21.03.2002 19:47 180.224 GSvcMgr.dll
21.03.2002 19:48 118.784 GSvcSAP.dll
16.02.2005 22:22 438.325 Gtools.dll
01.01.2006 21:25 <DIR> gui
01.01.2006 21:25 <DIR> store
20 Datei(en) 2.772.962 Bytes
4 Verzeichnis(se), 15.094.538.240 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme\Gemeinsame Dateien\GMT

05.08.2006 21:23 <DIR> .
05.08.2006 21:23 <DIR> ..
01.01.2006 21:24 <DIR> Data
08.01.2006 21:57 <DIR> DownloadTemp
16.02.2005 22:17 421.947 EGGCEngine.dll
16.02.2005 22:17 1.429.563 egIEEngine.dll
16.02.2005 22:17 127.036 EGIEProcess.dll
16.02.2005 22:17 458.811 EGNSEngine.dll
21.03.2002 19:33 4.244 FillIn.wav
06.08.2006 12:48 15.149 Gator.log
16.02.2005 22:16 356.352 GatorRes.dll
16.02.2005 22:17 249.919 GatorStubSetup.exe
16.02.2005 22:20 2.183.220 GMT.exe
13.04.2004 15:34 678 GMT.exe.manifest
16.02.2005 22:16 122.880 gtrawbm.fil
16.02.2005 22:23 409.600 GUninstaller.exe
21.03.2002 19:33 29.390 Helper.wav
06.08.2006 12:57 148 mepbs.dat
06.08.2006 12:57 148 mepcat.dat
06.08.2006 12:57 148 mepcatne.dat
06.08.2006 12:57 148 mepcme.dat
06.08.2006 12:57 148 mepcmeft.dat
06.08.2006 12:57 148 mepconv.dat
06.08.2006 12:57 148 mepgh.dat
06.08.2006 12:57 148 mepimg.dat
06.08.2006 12:57 148 meprca.dat
06.08.2006 12:56 148 mepsi.dat
06.08.2006 12:57 148 meptafi.dat
05.08.2006 21:07 <DIR> s375428sve
06.08.2006 12:57 <DIR> scripts
19.11.2004 18:01 <DIR> tladk0j59n
24 Datei(en) 5.810.417 Bytes
7 Verzeichnis(se), 15.094.538.240 Bytes frei
Seitenanfang Seitenende
06.08.2006, 20:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#85 ueberflieger

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com

Files to delete:

C:\WINDOWS\gatorpatch.log
C:\WINDOWS\gatorpdpsetup.log
C:\Programme\Gemeinsame Dateien\CMEII\CMEDiagnostics.log
C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMEUpd.exe
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GatorSupportInfo.txt
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GFormCTM.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\gOps.bac
C:\Programme\Gemeinsame Dateien\CMEII\gReg.reg
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
C:\Programme\Gemeinsame Dateien\CMEII\GSvcMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GSvcSAP.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\FillIn.wav
C:\Programme\Gemeinsame Dateien\GMT\Gator.log
C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe.manifest
C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil
C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe
C:\Programme\Gemeinsame Dateien\GMT\Helper.wav
C:\Programme\Gemeinsame Dateien\GMT\mepbs.dat
C:\Programme\Gemeinsame Dateien\GMT\mepcat.dat
C:\Programme\Gemeinsame Dateien\GMT\mepcatne.dat
C:\Programme\Gemeinsame Dateien\GMT\mepcme.dat
C:\Programme\Gemeinsame Dateien\GMT\mepcmeft.dat
C:\Programme\Gemeinsame Dateien\GMT\mepconv.dat
C:\Programme\Gemeinsame Dateien\GMT\mepgh.dat
C:\Programme\Gemeinsame Dateien\GMT\mepimg.dat
C:\Programme\Gemeinsame Dateien\GMT\meprca.dat
C:\Programme\Gemeinsame Dateien\GMT\mepsi.dat
C:\Programme\Gemeinsame Dateien\GMT\meptafi.dat
C:\Programme\PrecisionTime\PrecisionTime.exe
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programme\PrecisionTime\PrecisionTime.exe
**
PC neustarten

**
manuell loeschen:

C:\Programme\PrecisionTime
C:\Programme\Gemeinsame Dateien\CMEII
C:\Programme\Gemeinsame Dateien\GMT

**
loesche das backup vom Avenger

**
scanne mit Counterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Remove
poste hier den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.08.2006, 22:43
...neu hier

Beiträge: 9
#86 Hi Sabina

Habe alles erledigt, PrecisionTime steht jedoch noch im Recycler-Verzeichnis!
Ist das OK?
Hier der Log:

Spyware Scan Details
Start Date: 06.08.2006 21:36:55
End Date: 06.08.2006 22:40:18
Total Time: 1 hrs 3 mins 23 secs

Detected spyware

Claria.Gator.eWallet Adware (General) more information...
Details: Claria's Gator eWallet is an ad supported program that can automatically fill in passwords and other form-elements on Web pages.
Status: Quarantined


EUniverse Updater Hijacker more information...
Details: EUniverse is an adware program that runs at startup, generates popup ads, and performs a number of spyware related functions such as transmitting personal information and hijacking Internet Explorer.
Status: Quarantined

Infected files detected
c:\programme\common files\searchupgrader\client.cfg
c:\programme\common files\searchupgrader\system.cfg
c:\programme\common files\searchupgrader\updmgruninstall.exe


Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Quarantined

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\about gain publishing.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\gain publishing web site.url
C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2919\EGIEProcess.dll
C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2919\GatorRes.dll
C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2919\GMT.exe
C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2924\store\core\appmgrgui.zip
C:\RECYCLER\S-1-5-21-2828500178-874226940-4143393686-1008\Dc2924\store\core\hfixcfg

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} uets
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GEF 704
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMG 5BF5122C-5456-4F52-96A7-10A3965F9BD3
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI 593824699
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SSeq 347
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} LastInstall 1136750198
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} PAK
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SEvt 1262
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI64
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-bytes 258
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-bytes 42
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-bytes 6172
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\BD
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\BD StartTime 1154891643
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL First 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL 0 524288
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL MRU 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL Last 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL First 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL 0 524288
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL MRU 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL Last 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Starts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchAttempts2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BW 323573317140-60
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMI Q0INbH4AAAAwEqOK04a8NQjh98cYsZzjTE6UrPRGdbBhMtWJBHNV84flWGp+hDKzWlW8k43tiBOG5RjNkcbnWI+wVrJuGWq5Xs1U/Pi34t0uuV4nOAu0xrsUVWBTeByHYUHFxUuS3CPzxSM7xqjSSSu4ljTyMOUvllVoogKcyLBYbrX7dw9f/w==
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMIt 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Shutdowns 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Exits 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS OpenIH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptMatches 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DragDrops 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DoubleClicks 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS GreatDealsClicks 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS HyperlinkFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLSeqOK 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchFailures2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH- 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH+ 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH- 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH+ 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Import 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Export 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchAttempts2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchFailures2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UpdateMyInfoShown 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UserPrefShown 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Login 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Form 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS CciShellFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WLHB 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WFHB 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate DefaultCheckIntervalHours 24
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate NextCheck 2006-08-07 19:14:03 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate TmpUpdaterApplet
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager LastHashDownload 1154891645
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager AELLastHashDownload 1154891645
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager MaxSiteHashAgeSecondsDef 86400
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\EventLog\Msgs Next 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\BD StartTime 1154891643
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\EL StartTime 1154891621
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL StartTime 1154891643
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL 1154891646.0 200
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 217-200 4
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 217-bytes 1616
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 217-200 2
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 217-bytes 63480
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-bytes 258
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-bytes 42
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 217-200 2
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 217-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt 217-bytes 41
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-bytes 6172
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL First 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL 0 524288
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL MRU 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL Last 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Starts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchAttempts2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BW 323573317140-60
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMI Q0INbH4AAAAwEqOK04a8NQjh98cYsZzjTE6UrPRGdbBhMtWJBHNV84flWGp+hDKzWlW8k43tiBOG5RjNkcbnWI+wVrJuGWq5Xs1U/Pi34t0uuV4nOAu0xrsUVWBTeByHYUHFxUuS3CPzxSM7xqjSSSu4ljTyMOUvllVoogKcyLBYbrX7dw9f/w==
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMIt 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Shutdowns 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Exits 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS OpenIH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptMatches 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DragDrops 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DoubleClicks 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS GreatDealsClicks 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS HyperlinkFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLSeqOK 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchFailures2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH- 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH+ 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH- 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH+ 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Import 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Export 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchAttempts2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchFailures2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UpdateMyInfoShown 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UserPrefShown 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Login 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Form 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS CciShellFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WLHB 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WFHB 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\NS CDBRNEID 2770
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\NS CH
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Settings AppHasRun 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Settings GatorVersion 7.0.3.5
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn AppPath C:\Avenger
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn AppExe GMT.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn ResDll GatorRes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd gtd
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd lf 08/06/2006 21:14:07
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GFD p3qd57wfo8
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SegBucket 92
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GMTExe C:\Avenger\GMT.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings bosk 8131
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SiteRetryTime 3600
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings MaxGBDDownloadTime 600
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SIR 9223
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings IMU_OFFCAP 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Empty 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Name
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegStatus 2
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 SiteInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Empty 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Name
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegStatus 2
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 SiteInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users CurrentUser User1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2796 VER 4
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TASJbQBgAAALeq-toBgnpj LF 08/06/2006 21:14:06
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd gtd
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd lf 08/06/2006 21:14:07
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GFD p3qd57wfo8
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SegBucket 92
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GMTExe C:\Avenger\GMT.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings bosk 8131
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SiteRetryTime 3600
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings MaxGBDDownloadTime 600
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SIR 9223
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings IMU_OFFCAP 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT TGNStat 268435456
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Empty 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Name
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegStatus 2
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 SiteInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users CurrentUser User1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat Guid 5BF5122C-5456-4F52-96A7-10A3965F9BD3
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID 593824699
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID64
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\GInternet\Proxy
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\GInternet\Proxy Enabled 0
HKEY_LOCAL_MACHINE\software\gator.com
HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT event Global\GainAppRunning_GMT
HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT timeout_secs_ui 30
HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT timeout_secs_full 300
HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT restart C:\Avenger\GMT.exe
HKEY_LOCAL_MACHINE\software\gator.com\AppInfo\GMT lockfiles C:\Avenger\GMT.exe;C:\Avenger\GatorRes.dll;C:\Avenger\GatorOemRes*.dll;C:\Avenger\egIEEngine.dll;C:\Avenger\EGIEProcess.dll;C:\Avenger\CTBRTE2.dll;C:\Avenger\EGNSEngine.dll
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\AutoUpdate DefaultCheckIntervalHours 24
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\AutoUpdate NextCheck 2006-08-07 19:14:03 GMT
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\AutoUpdate TmpUpdaterApplet
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\BannerManager LastHashDownload 1154891645
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\BannerManager AELLastHashDownload 1154891645
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\BannerManager MaxSiteHashAgeSecondsDef 86400
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\EventLog\Msgs Next 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\BD StartTime 1154891643
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\EL StartTime 1154891621
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\GBL StartTime 1154891643
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\GBL 1154891646.0 200
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bc2 StartTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bc2 OldestTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bc2 217-200 4
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bc2 217-bytes 1616
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bg2 StartTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bg2 OldestTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bg2 217-200 2
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_bg2 217-bytes 63480
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gbs StartTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gbs OldestTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gbs 217-200 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gbs 217-bytes 258
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi StartTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi OldestTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi 217-200 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gi 217-bytes 42
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs StartTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs OldestTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs 217-200 2
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs 217-bytes 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gt StartTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gt OldestTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gt 217-200 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gt 217-bytes 41
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_regserver StartTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_regserver OldestTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_regserver 217-200 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_regserver 217-bytes 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ss StartTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ss OldestTime 217
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ss 217-200 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_ss 217-bytes 6172
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS\HOL First 1154891684
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS\HOL 0 524288
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS\HOL MRU 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS\HOL Last 1154891684
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Starts 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS BannerFetchAttempts2 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ContentFetchAttempts 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS _BW 323573317140-60
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS _PMI Q0INbH4AAAAwEqOK04a8NQjh98cYsZzjTE6UrPRGdbBhMtWJBHNV84flWGp+hDKzWlW8k43tiBOG5RjNkcbnWI+wVrJuGWq5Xs1U/Pi34t0uuV4nOAu0xrsUVWBTeByHYUHFxUuS3CPzxSM7xqjSSSu4ljTyMOUvllVoogKcyLBYbrX7dw9f/w==
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS _PMIt 1154891684
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Shutdowns 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Exits 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS OpenIH 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ScriptMatches 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SearchFetchAttempts 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SearchFetchFailures 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ScriptFetchAttempts 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ScriptFetchFailures 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS IH_DragDrops 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS IH_DoubleClicks 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS GreatDealsClicks 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS HyperlinkFailures 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SLAttempts 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SLSeqOK 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SLFailures 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS BannerFetchFailures2 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS ContentFetchFailures 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SH- 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SH 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS SH+ 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS LH- 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS LH 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS LH+ 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS IH 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Import 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS Export 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS RTSFetchAttempts2 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS RTSFetchFailures2 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS UpdateMyInfoShown 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS UserPrefShown 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS AutoTune4Login 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS AutoTune4Form 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS CciShellFailures 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS WLHB 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GUS WFHB 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\NS CDBRNEID 2770
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\NS CH
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\Settings AppHasRun 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\Settings GatorVersion 7.0.3.5
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn AppPath C:\Avenger
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn AppExe GMT.exe
HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn ResDll GatorRes.dll
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\GA\2796 VER 4
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\GD\Q0TASJbQBgAAALeq-toBgnpj LF 08/06/2006 21:14:06
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\gtd gtd
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\gtd lf 08/06/2006 21:14:07
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings GFD p3qd57wfo8
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings SegBucket 92
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings GMTExe C:\Avenger\GMT.exe
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings bosk 8131
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings SiteRetryTime 3600
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings MaxGBDDownloadTime 600
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings SIR 9223
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT\Settings IMU_OFFCAP 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\GMT TGNStat 268435456
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 Empty 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 Name
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 RegStatus 2
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 SiteInfo
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users\User1 RegInfo
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat\Users CurrentUser User1
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat Guid 5BF5122C-5456-4F52-96A7-10A3965F9BD3
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat MID 593824699
HKEY_LOCAL_MACHINE\software\gator.com\Gator\stat MID64
HKEY_LOCAL_MACHINE\software\gator.com\GInternet\Proxy Enabled 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate DefaultCheckIntervalHours 24
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate NextCheck 2006-08-07 19:14:03 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\AutoUpdate TmpUpdaterApplet
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager LastHashDownload 1154891645
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager AELLastHashDownload 1154891645
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\BannerManager MaxSiteHashAgeSecondsDef 86400
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\EventLog\Msgs Next 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\BD StartTime 1154891643
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\EL StartTime 1154891621
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL StartTime 1154891643
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\GBL 1154891646.0 200
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 217-200 4
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bc2 217-bytes 1616
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 217-200 2
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_bg2 217-bytes 63480
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gbs 217-bytes 258
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gi 217-bytes 42
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 217-200 2
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 217-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gt 217-bytes 41
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_regserver 217-bytes 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss StartTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss OldestTime 217
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-200 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_ss 217-bytes 6172
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL First 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL 0 524288
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL MRU 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS\HOL Last 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Starts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchAttempts2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _BW 323573317140-60
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMI Q0INbH4AAAAwEqOK04a8NQjh98cYsZzjTE6UrPRGdbBhMtWJBHNV84flWGp+hDKzWlW8k43tiBOG5RjNkcbnWI+wVrJuGWq5Xs1U/Pi34t0uuV4nOAu0xrsUVWBTeByHYUHFxUuS3CPzxSM7xqjSSSu4ljTyMOUvllVoogKcyLBYbrX7dw9f/w==
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS _PMIt 1154891684
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Shutdowns 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Exits 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS OpenIH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptMatches 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SearchFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ScriptFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DragDrops 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH_DoubleClicks 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS GreatDealsClicks 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS HyperlinkFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLAttempts 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLSeqOK 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SLFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS BannerFetchFailures2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS ContentFetchFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH- 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS SH+ 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH- 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS LH+ 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS IH 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Import 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS Export 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchAttempts2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS RTSFetchFailures2 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UpdateMyInfoShown 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS UserPrefShown 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Login 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS AutoTune4Form 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS CciShellFailures 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WLHB 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GUS WFHB 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\NS CDBRNEID 2770
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\NS CH
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Settings AppHasRun 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\Settings GatorVersion 7.0.3.5
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn AppPath C:\Avenger
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn AppExe GMT.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn ResDll GatorRes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\GA\2796 VER 4
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\GD\Q0TASJbQBgAAALeq-toBgnpj LF 08/06/2006 21:14:06
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd gtd
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\gtd lf 08/06/2006 21:14:07
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GFD p3qd57wfo8
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SegBucket 92
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings GMTExe C:\Avenger\GMT.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings bosk 8131
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SiteRetryTime 3600
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings MaxGBDDownloadTime 600
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings SIR 9223
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT\Settings IMU_OFFCAP 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\GMT TGNStat 268435456
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Empty 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeFormHelper 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 ShowWelcomeLoginHelper 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 PromptCaptureLogin 1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 UpdateInfoLastTab 0
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 Name
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegStatus 2
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 SiteInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users\User1 RegInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat\Users CurrentUser User1
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat Guid 5BF5122C-5456-4F52-96A7-10A3965F9BD3
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID 593824699
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\stat MID64


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected files detected
c:\programme\kazaa\bdcore.dll
c:\programme\kazaa\libfn.dll
c:\programme\kazaa\plugins.htm
c:\programme\kazaa\versions.dat
c:\programme\kazaa\bgp2p\plugins\ace.xmd
c:\programme\kazaa\bgp2p\plugins\arc.xmd
c:\programme\kazaa\bgp2p\plugins\arj.xmd
c:\programme\kazaa\bgp2p\plugins\bach.xmd
c:\programme\kazaa\bgp2p\plugins\bzip2.xmd
c:\programme\kazaa\bgp2p\plugins\cab.xmd
c:\programme\kazaa\bgp2p\plugins\cevakrnl.cvd
c:\programme\kazaa\bgp2p\plugins\cevakrnl.ivd
c:\programme\kazaa\bgp2p\plugins\cevakrnl.rvd
c:\programme\kazaa\bgp2p\plugins\cevakrnl.xmd
c:\programme\kazaa\bgp2p\plugins\ceva_dll.cvd
c:\programme\kazaa\bgp2p\plugins\ceva_vfs.cvd
c:\programme\kazaa\bgp2p\plugins\chm.xmd
c:\programme\kazaa\bgp2p\plugins\cpio.xmd
c:\programme\kazaa\bgp2p\plugins\cran.cvd
c:\programme\kazaa\bgp2p\plugins\cran.xmd
c:\programme\kazaa\bgp2p\plugins\dbx.xmd
c:\programme\kazaa\bgp2p\plugins\docfile.xmd
c:\programme\kazaa\bgp2p\plugins\emalware.cvd
c:\programme\kazaa\bgp2p\plugins\emalware.ivd
c:\programme\kazaa\bgp2p\plugins\emalware.xmd
c:\programme\kazaa\bgp2p\plugins\epoc.xmd
c:\programme\kazaa\bgp2p\plugins\gzip.xmd
c:\programme\kazaa\bgp2p\plugins\ha.xmd
c:\programme\kazaa\bgp2p\plugins\hlp.xmd
c:\programme\kazaa\bgp2p\plugins\hpe.cvd
c:\programme\kazaa\bgp2p\plugins\hpe.xmd
c:\programme\kazaa\bgp2p\plugins\hqx.xmd
c:\programme\kazaa\bgp2p\plugins\html.xmd
c:\programme\kazaa\bgp2p\plugins\imp.xmd
c:\programme\kazaa\bgp2p\plugins\inno.xmd
c:\programme\kazaa\bgp2p\plugins\instyler.xmd
c:\programme\kazaa\bgp2p\plugins\iso.xmd
c:\programme\kazaa\bgp2p\plugins\java.cvd
c:\programme\kazaa\bgp2p\plugins\java.xmd
c:\programme\kazaa\bgp2p\plugins\jpeg.xmd
c:\programme\kazaa\bgp2p\plugins\lha.xmd
c:\programme\kazaa\bgp2p\plugins\lnk.xmd
c:\programme\kazaa\bgp2p\plugins\mbox.xmd
c:\programme\kazaa\bgp2p\plugins\mbx.xmd
c:\programme\kazaa\bgp2p\plugins\mdx.xmd
c:\programme\kazaa\bgp2p\plugins\mdx_97.cvd
c:\programme\kazaa\bgp2p\plugins\mdx_97.ivd
c:\programme\kazaa\bgp2p\plugins\mdx_w95.cvd
c:\programme\kazaa\bgp2p\plugins\mdx_x95.cvd
c:\programme\kazaa\bgp2p\plugins\mdx_xf.cvd
c:\programme\kazaa\bgp2p\plugins\mime.xmd
c:\programme\kazaa\bgp2p\plugins\mso.xmd
c:\programme\kazaa\bgp2p\plugins\na.cvd
c:\programme\kazaa\bgp2p\plugins\na.xmd
c:\programme\kazaa\bgp2p\plugins\nelf.cvd
c:\programme\kazaa\bgp2p\plugins\nelf.xmd
c:\programme\kazaa\bgp2p\plugins\nsis.xmd
c:\programme\kazaa\bgp2p\plugins\objd.xmd
c:\programme\kazaa\bgp2p\plugins\pdf.xmd
c:\programme\kazaa\bgp2p\plugins\pst.xmd
c:\programme\kazaa\bgp2p\plugins\rar.xmd
c:\programme\kazaa\bgp2p\plugins\rpm.xmd
c:\programme\kazaa\bgp2p\plugins\rtf.xmd
c:\programme\kazaa\bgp2p\plugins\rup.cvd
c:\programme\kazaa\bgp2p\plugins\rup.xmd
c:\programme\kazaa\bgp2p\plugins\sdx.cvd
c:\programme\kazaa\bgp2p\plugins\sdx.ivd
c:\programme\kazaa\bgp2p\plugins\sdx.xmd
c:\programme\kazaa\bgp2p\plugins\sfx.xmd
c:\programme\kazaa\bgp2p\plugins\swf.xmd
c:\programme\kazaa\bgp2p\plugins\tar.xmd
c:\programme\kazaa\bgp2p\plugins\td0.xmd
c:\programme\kazaa\bgp2p\plugins\thebat.xmd
c:\programme\kazaa\bgp2p\plugins\tnef.xmd
c:\programme\kazaa\bgp2p\plugins\unpack.cvd
c:\programme\kazaa\bgp2p\plugins\unpack.ivd
c:\programme\kazaa\bgp2p\plugins\unpack.xmd
c:\programme\kazaa\bgp2p\plugins\update.txt
c:\programme\kazaa\bgp2p\plugins\uudecode.xmd
c:\programme\kazaa\bgp2p\plugins\ve.cvd
c:\programme\kazaa\bgp2p\plugins\ve.ivd
c:\programme\kazaa\bgp2p\plugins\ve.xmd
c:\programme\kazaa\bgp2p\plugins\vedata.cvd
c:\programme\kazaa\bgp2p\plugins\viza.xmd
c:\programme\kazaa\bgp2p\plugins\wise.xmd
c:\programme\kazaa\bgp2p\plugins\xishield.xmd
c:\programme\kazaa\bgp2p\plugins\z.xmd
c:\programme\kazaa\bgp2p\plugins\zip.xmd
c:\programme\kazaa\bgp2p\plugins\zoo.xmd
c:\programme\kazaa\bgp2p\plugins.htm
c:\programme\kazaa\bgp2p\versions.dat
c:\programme\kazaa\db\ctx4-041111.cab
c:\programme\kazaa\db\data1024.dbb
c:\programme\kazaa\db\data256.dbb
c:\programme\kazaa\db\np.tmp
c:\programme\kazaa\db\tsi4-041101a.cab
c:\programme\kazaa\db\tsi4-041101a.dat
c:\programme\kazaa\db\tsi4-041101b.cab
c:\programme\kazaa\db\tsi4-041115.cab
c:\programme\kazaa\db\tss4.cab
c:\programme\kazaa\my shared folder\download11001977461857671.dat
c:\programme\kazaa\my shared folder\kazaa266_de.exe
c:\programme\kazaa\my shared folder\kmd264_de.exe
c:\programme\kazaa\plugins\ace.xmd
c:\programme\kazaa\plugins\arc.xmd
c:\programme\kazaa\plugins\arj.xmd
c:\programme\kazaa\plugins\bach.xmd
c:\programme\kazaa\plugins\bzip2.xmd
c:\programme\kazaa\plugins\cab.xmd
c:\programme\kazaa\plugins\cevakrnl.cvd
c:\programme\kazaa\plugins\cevakrnl.ivd
c:\programme\kazaa\plugins\cevakrnl.rvd
c:\programme\kazaa\plugins\cevakrnl.xmd
c:\programme\kazaa\plugins\ceva_dll.cvd
c:\programme\kazaa\plugins\ceva_vfs.cvd
c:\programme\kazaa\plugins\chm.xmd
c:\programme\kazaa\plugins\cpio.xmd
c:\programme\kazaa\plugins\cran.cvd
c:\programme\kazaa\plugins\cran.xmd
c:\programme\kazaa\plugins\dbx.xmd
c:\programme\kazaa\plugins\docfile.xmd
c:\programme\kazaa\plugins\emalware.cvd
c:\programme\kazaa\plugins\emalware.ivd
c:\programme\kazaa\plugins\emalware.xmd
c:\programme\kazaa\plugins\epoc.xmd
c:\programme\kazaa\plugins\gzip.xmd
c:\programme\kazaa\plugins\ha.xmd
c:\programme\kazaa\plugins\hlp.xmd
c:\programme\kazaa\plugins\hpe.cvd
c:\programme\kazaa\plugins\hpe.xmd
c:\programme\kazaa\plugins\hqx.xmd
c:\programme\kazaa\plugins\html.xmd
c:\programme\kazaa\plugins\imp.xmd
c:\programme\kazaa\plugins\inno.xmd
c:\programme\kazaa\plugins\instyler.xmd
c:\programme\kazaa\plugins\iso.xmd
c:\programme\kazaa\plugins\java.cvd
c:\programme\kazaa\plugins\java.xmd
c:\programme\kazaa\plugins\lha.xmd
c:\programme\kazaa\plugins\lnk.xmd
c:\programme\kazaa\plugins\mbox.xmd
c:\programme\kazaa\plugins\mbx.xmd
c:\programme\kazaa\plugins\mdx.xmd
c:\programme\kazaa\plugins\mdx_97.cvd
c:\programme\kazaa\plugins\mdx_97.ivd
c:\programme\kazaa\plugins\mdx_w95.cvd
c:\programme\kazaa\plugins\mdx_x95.cvd
c:\programme\kazaa\plugins\mdx_xf.cvd
c:\programme\kazaa\plugins\mime.xmd
c:\programme\kazaa\plugins\mso.xmd
c:\programme\kazaa\plugins\na.cvd
c:\programme\kazaa\plugins\na.xmd
c:\programme\kazaa\plugins\nelf.cvd
c:\programme\kazaa\plugins\nelf.xmd
c:\programme\kazaa\plugins\objd.xmd
c:\programme\kazaa\plugins\pdf.xmd
c:\programme\kazaa\plugins\pst.xmd
c:\programme\kazaa\plugins\rar.xmd
c:\programme\kazaa\plugins\rpm.xmd
c:\programme\kazaa\plugins\rtf.xmd
c:\programme\kazaa\plugins\rup.cvd
c:\programme\kazaa\plugins\rup.xmd
c:\programme\kazaa\plugins\sdx.cvd
c:\programme\kazaa\plugins\sdx.ivd
c:\programme\kazaa\plugins\sdx.xmd
c:\programme\kazaa\plugins\sfx.xmd
c:\programme\kazaa\plugins\swf.xmd
c:\programme\kazaa\plugins\tar.xmd
c:\programme\kazaa\plugins\td0.xmd
c:\programme\kazaa\plugins\thebat.xmd
c:\programme\kazaa\plugins\tnef.xmd
c:\programme\kazaa\plugins\unpack.cvd
c:\programme\kazaa\plugins\unpack.ivd
c:\programme\kazaa\plugins\unpack.xmd
c:\programme\kazaa\plugins\update.txt
c:\programme\kazaa\plugins\uudecode.xmd
c:\programme\kazaa\plugins\ve.cvd
c:\programme\kazaa\plugins\ve.ivd
c:\programme\kazaa\plugins\ve.xmd
c:\programme\kazaa\plugins\vedata.cvd
c:\programme\kazaa\plugins\viza.xmd
c:\programme\kazaa\plugins\wise.xmd
c:\programme\kazaa\plugins\xishield.xmd
c:\programme\kazaa\plugins\z.xmd
c:\programme\kazaa\plugins\zip.xmd
c:\programme\kazaa\plugins\zoo.xmd
C:\Dokumente und Einstellungen\Stefan Schmidt\Eigene Dateien\PC+Internet\kmd.exe

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa
HKEY_CURRENT_USER\Software\Kazaa\Advanced ScWeeklyDate 18-11-2004
HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST ChannelType BROWSE
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Source eUniverse
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST DisplayName GamingBlast
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST SsmUrl
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST TargetUrl http://ssm.kazaa.com/us/gamingblast/index.htm
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST ChannelFile gamingblast.kcd
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST IconServer ssm.kazaa.com
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST IconPath /us/gamingblast/
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST IconFile gamingblast.bmp
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Mandatory 0
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Visible 1
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Position 7
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST NotAdded 0
HKEY_CURRENT_USER\Software\Kazaa\Channels\GAMINGBLAST Uninstalled 0
HKEY_CURRENT_USER\Software\Kazaa\DontShow CloseToSystray 0
HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableListFiles 1
HKEY_CURRENT_USER\Software\Kazaa\LocalContent Dir0 012345:C:\Program Files\Altnet\My Altnet Shares
HKEY_CURRENT_USER\Software\Kazaa\LocalContent LastAltnetFolder C:\Program Files\Altnet\My Altnet Shares
HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BBDbLoc C:\Programme\Kazaa\Db\bb.db
HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc C:\Programme\Kazaa\broadband.gif
HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc2 C:\Programme\Kazaa\broadband2.gif
HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BroadNagCount2 4
HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband LastBBShown 1100880158
HKEY_CURRENT_USER\Software\Kazaa\Search 0 e±,‚ñ "_@€­x
HKEY_CURRENT_USER\Software\Kazaa\Search 1 f |ª,Ÿàl\
HKEY_CURRENT_USER\Software\Kazaa\Search 2 tw±,ð]`I@—Éîr^€Ïf9¿
HKEY_CURRENT_USER\Software\Kazaa\Search 3 e±,‚ñ "_@€½hR™ˆ";¢
HKEY_CURRENT_USER\Software\Kazaa\Search 4 e±,‚ñ "_@€½hR™ˆ
HKEY_CURRENT_USER\Software\Kazaa\Search 5 am¼iž´
HKEY_CURRENT_USER\Software\Kazaa\Search 6 `w±,žñ"]N‹¯ HKEY_CURRENT_USER\Software\Kazaa\Search 7 am·~Ìî
HKEY_CURRENT_USER\Software\Kazaa\Settings +
HKEY_CURRENT_USER\Software\Kazaa\Settings Date
HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer +
HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1
HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheHost 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer CachePort 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheDiscoveryTime 1100880045
HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir0 C:\Programme\Kazaa\My Shared Folder
HKEY_CURRENT_USER\Software\Kazaa\UserDetails +
HKEY_CURRENT_USER\Software\Kazaa\UserDetails CountryCode DE
HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserName Janine_1964
HKEY_CURRENT_USER\Software\Kazaa Tmp 0
HKEY_CURRENT_USER\Software\Kazaa LastSearchHash
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop
HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_LOCAL_MACHINE\software\sharman networks ltd


Morpheus P2P Program more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Ignored

Infected files detected
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 01 [digitaldistractions].avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 02 [digitaldistractions].avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 03 [digitaldistractions].avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 04 [digitaldistractions].avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 05 [digitaldistractions].avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 06 [digitaldistractions].avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\.btdownloads\long way round\long way round - episode 07 [digitaldistractions].avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\- vampire - porno gina wild - xxx [divx].divx.info
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\anal intruders (sophie evans, gina blonde, michelle wild, alissa, katerina, britnee, susy, brigette) private the best by.avi.info
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\anal intruders (sophie evans, gina blonde, michelle wild, alissa, katerina, britnee, susy, brigette) private the best by.avi.part
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\anal intruders (sophie evans, gina blonde, michelle wild, alissa, katerina, britnee, susy, brigette) private the best by.partial.avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\porno - gina wild - teacher sex(2).mpg.info
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\porno - gina wild - teacher sex(2).mpg.part
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\porno - gina wild - teacher sex(2).partial.mpg
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\wild thing (alexa rae, sydnee steele, gina ryder, shay sweet, miko lee).avi.info
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\wild thing (alexa rae, sydnee steele, gina ryder, shay sweet, miko lee).avi.part
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\partials\wild thing (alexa rae, sydnee steele, gina ryder, shay sweet, miko lee).partial.avi
c:\dokumente und einstellungen\stefan schmidt\my documents\morpheus shared\downloads\torrents\long way round.torrent
c:\programme\morpheus\50 dollars free- yukon gold casino.ico
c:\programme\morpheus\once.tmp
c:\programme\morpheus\pokerrewards.ico
c:\programme\morpheus\svc.conf
C:\Dokumente und Einstellungen\Stefan Schmidt\Eigene Dateien\Eigene Downloads\Morpheus.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\morphtorrent
HKEY_CLASSES_ROOT\morphtorrent\DefaultIcon "C:\Programme\Morpheus\Torrent.ico"
HKEY_CLASSES_ROOT\morphtorrent\shell\open\command "C:\Programme\Morpheus\Morpheus.exe" "%1"
HKEY_CLASSES_ROOT\morphtorrent EditFlags hex:00,00,01,00
HKEY_CLASSES_ROOT\morphtorrent TORRENT File


Bullguard Potentially Unwanted Program more information...
Details: Bullguard is a software suite that includes antivirus, firewall, spam filter and online backup.
Status: Ignored


ErrorSafe Rogue Security Program more information...
Details: ErrorSafe is a disabled data repair utility that nags the user to purchase it in order to fix the problems reported in its scan.
Status: Quarantined

Infected files detected
c:\programme\errorsafe\lock.dat
c:\windows\system32\drivers\erssdd.sys

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\ErrorSafe
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck\CLSID {5284AC2A-EF00-4750-9B82-B5B907D26536}
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck\CurVer ESSPCheck.ESSPCheck.1
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck WFX5PCheck Class
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1\CLSID {5284AC2A-EF00-4750-9B82-B5B907D26536}
HKEY_CLASSES_ROOT\ESSPCheck.ESSPCheck.1 WFX5PCheck Class
HKEY_CURRENT_USER\Software\ErrorSafe
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\InprocServer32 C:\Programme\ErrorSafe\esPCheck.dll
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\ProgID ESSPCheck.ESSPCheck.1
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\TypeLib {68BC55E9-4D3E-4c89-89AC-7559763C98B8}
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536}\VersionIndependentProgID ESSPCheck.ESSPCheck
HKEY_CLASSES_ROOT\clsid\{5284AC2A-EF00-4750-9B82-B5B907D26536} WFX5PCheck Class
HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\TypeLib {68BC55E9-4D3E-4C89-89AC-7559763C98B8}
HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3} ICheckProduct
HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}\1.0\0\win32 C:\Programme\ErrorSafe\esPCheck.dll
HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}\1.0\HELPDIR C:\Programme\ErrorSafe\
HKEY_CLASSES_ROOT\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}\1.0 CheckProduct2Lib


WinAntiVirus Pro Rogue Security Program more information...
Status: Quarantined

Infected files detected
c:\dokumente und einstellungen\stefan schmidt\anwendungsdaten\winantivirus pro 2006\pge.dat
c:\windows\system32\stera.log
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\
HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0 CheckProduct2Lib
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StoreHistory 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 AllowPopupClickType 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeOpenedPopups 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddBorders 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeFitToDesktop 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 NormalizeAddMenuAndToolbar 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 TimedPopupLimit 2
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 StartBlockOnTimedPopups 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainPopupLimit 2
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 BlockDomainOnPopups 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 DefaultAction 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VSScan 0
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings VirusShield 1
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006\Settings MailProtect 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Security Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum 0 Root\LEGACY_VSPF_HK\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum Count 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum NextInstance 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum INITSTARTFAILED 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Start 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Tag 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk ImagePath \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk DisplayName vspf_hk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Group Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Security Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Enum 0 Root\LEGACY_VSPF\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Enum Count 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Enum NextInstance 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf\Enum INITSTARTFAILED 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Start 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Tag 10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf ImagePath \??\C:\WINDOWS\system32\drivers\vspf5.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DisplayName vspf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Group PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DependOnService tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf DependOnGroup
HKEY_LOCAL_MACHINE\Software\WinAntiVirus Pro 2006
HKEY_CURRENT_USER\software\winantivirus pro 2006
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings MailProtect 1
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings VirusShield 1
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings VSScan 0
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings UpdateData
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings UpdateDataBin
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings DBUNA
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings LastUpdateTimeDBOK
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings LastLogonTime
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings FirstRun 0
HKEY_CURRENT_USER\software\winantivirus pro 2006\Settings EnableIS 0
HKEY_CURRENT_USER\software\winantivirus pro 2006 DefaultAction 1
HKEY_CURRENT_USER\software\winantivirus pro 2006 Active 0
HKEY_CURRENT_USER\software\winantivirus pro 2006 BlockDomainOnPopups 0
HKEY_CURRENT_USER\software\winantivirus pro 2006 BlockDomainPopupLimit 2
HKEY_CURRENT_USER\software\winantivirus pro 2006 StartBlockOnTimedPopups 0
HKEY_CURRENT_USER\software\winantivirus pro 2006 TimedPopupLimit 2
HKEY_CURRENT_USER\software\winantivirus pro 2006 NormalizeAddMenuAndToolbar 1
HKEY_CURRENT_USER\software\winantivirus pro 2006 NormalizeFitToDesktop 1
HKEY_CURRENT_USER\software\winantivirus pro 2006 NormalizeAddBorders 1
HKEY_CURRENT_USER\software\winantivirus pro 2006 NormalizeOpenedPopups 1
HKEY_CURRENT_USER\software\winantivirus pro 2006 AllowPopupClickType 1
HKEY_CURRENT_USER\software\winantivirus pro 2006 StoreHistory 0
HKEY_CURRENT_USER\software\winantivirus pro 2006 IEPage http://www.seb.de/home.html
HKEY_CURRENT_USER\software\winantivirus pro 2006 MozillaPage http://www.wetteronline.de/


Hacker.AG Porn Dialer more information...
Status: Quarantined

Infected files detected
c:\windows\coder.ini


Twain Tech Adware (General) more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Quarantined

Infected files detected
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys


Claria.GotSmiley Adware (General) more information...
Details: GotSmiley is an ad supported program that provides the user with smileys for use in emails.
Status: Quarantined

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\about gain publishing.lnk


Altnet Download Manager Low Risk Adware more information...
Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network.
Status: Ignored

Infected files detected
C:\Program Files\Altnet\Download Manager\adm.exe
C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css


Gator.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Quarantined

Infected files detected
C:\Programme\Gemeinsame Dateien\lnpuppra\luemmtccod\ddqnafooc.exe
C:\Programme\Gemeinsame Dateien\lnpuppra\npbmoemr\ubqlaeuf.exe

Infected cookies detected
c:\dokumente und einstellungen\stefan schmidt\cookies\stefan schmidt@webpdp.gator[2].txt


Altnet/Topsearch Browser Plug-in more information...
Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\altnet
HKEY_LOCAL_MACHINE\software\altnet SharedMediaDir C:\Program Files\Altnet\My Altnet Shares
HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}
HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} 135AEBB1-F2F0-4DA9-BF7E-BBF6C4F2E515
HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0} 2026433148


Cydoor.TOPicks Adware (General) more information...
Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites.
Status: Quarantined

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}
HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\TypeLib {676F6D1D-C559-42A9-860B-27C1477B7179}
HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{258a3625-183b-4477-aee2-ea54df6d878d} IDMan25


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE}
HKEY_CLASSES_ROOT\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} 135AEBB1-F2F0-4DA9-BF7E-BBF6C4F2E515
HKEY_CLASSES_ROOT\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0}
HKEY_CLASSES_ROOT\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} 2026433148


Cydoor Adware (General) more information...
Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer.
Status: Quarantined

Infected registry entries detected
HKEY_CURRENT_USER\software\cydoor
HKEY_CURRENT_USER\software\cydoor\Adwr_329 LNextCMSConn 1100881322


Zlob.Media-Codec Trojan Downloader more information...
Details: Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Zlob.Media-Codec actually downloads and installs additional malware on the user's ma
Status: Qu
Seitenanfang Seitenende
06.08.2006, 23:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#87 ueberflieger

kommmt da noch mehr ?? das ist jedenfalls mehr drauf, als ich gedacht habe, sogar der C:\Programme\ErrorSafe
http://virus-protect.org/artikel/spyware/errorsafe.html
und winantivirus pro 2006....
http://virus-protect.org/artikel/spyware/winantivirus_%20pro_%202006.html
du scheinst wirklich auf alles zu klicken, was da blinkt im net..ohne an die Konsequenzen zu denken ;)

*
Quarantaene war schon mal doof, "remove" waere vernuenftiger gewesen.........
poste den Rest vom Log, falls es noch mehr gibt

**
leere den Papierkorb

**
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet.

**
loesche, falls es noch vorhanden ist:


c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing
C:\Program Files\Altnet
C:\Programme\Gemeinsame Dateien\lnpuppra
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
c:\dokumente und einstellungen\stefan schmidt\anwendungsdaten\winantivirus pro 2006
c:\programme\common files\searchupgrader
c:\programme\errorsafe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.08.2006, 09:26
...neu hier

Beiträge: 9
#88 Hallo Sabina,
erstmal Danke für die Tipps. Das kommt vom jahrelangen Dauersurfen!
Ich werde alle Anweisungen befolgen - dies aber erst Ende der Woche. Dann poste ich wieder!
Gruß,
Stefan
Seitenanfang Seitenende
07.08.2006, 13:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#89 o.k. ich ware auf den Bericht ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.08.2006, 16:43
...neu hier

Beiträge: 1
#90 Hi gleiches Problem....Spyware Quake 2.3...

Hab schon versucht mit dem was ich hier gelesen hab aber die beiden blinkenden Teile in der Taskleiste sind immernoch da....

Sowohl Spayware Quake alsauch den Codec habe ich deinstalliert....Danke im Voraus

Hijack File:

Logfile of HijackThis v1.99.1
Scan saved at 16:41:39, on 08.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\IntCodec\pmsngr.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\IntCodec\pmmon.exe
c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\HyBr!D\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8B072E-F917-418C-B160-B497E48DED9E}: NameServer = 194.8.194.60 213.168.112.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A8B072E-F917-418C-B160-B497E48DED9E}: NameServer = 194.8.194.60 213.168.112.60
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: