Home » Spyware & Browser Hijacker Support Forum » Virus Alert! "Your computer is infected" schon wieder auf meinem PC » Themenansicht
Virus Alert! "Your computer is infected" schon wieder auf meinem PC |
||
|---|---|---|
| #0
| ||
|
09.06.2006, 21:13
Member
Beiträge: 34 |
||
 
|
|
|
|
10.06.2006, 00:11
Ehrenmitglied
 Beiträge: 29434 |
#2
cLOUDDEAD
0. öffne das HijackThis -- Button "scan" -- vor dieEinträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmpPC neustarten 1. spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten 3. smitfraudfix http://virus-protect.org/artikel/tools/smitfrautfix.html . doppelklick smitfraudfix.cmd . schreibe: 1 (es wird ein Report von den infizierten Dateien erstellt) . doppelklick smitfraudfix.cmd . schreibe: 2 "Warning : running option #2 on a non infected computer will remove your Desktop background" auf die Frage: "Voulez-vous nettoyer le registre ?" antworte mit: o [o/n] , falls festgestellt wird, dass die Datei wininet.dll infiziert ist, antworte auf die Frage: " Corriger le fichier infecté ?" mit o [o/n] die Taskleiste verschwindet + Bildschirm..alles wird blau werden...warte... wenn der Scan beeendet ist, kopiere die Logfile ab [C:\rapport.txt] ------------------------------------------------------------- 4. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann nach der Reinigung wieder aktivieren) ------------------------------------------------------------ 5. C:\WINDOWS\system32\P2P Networking -> deinstallieren ! 6. Counterspy http://virus-protect.org/counterspy.html * nach dem Scan muss man sich entscheiden für: *Ignore *Remove --> Status: Deleted *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 13:13
Member
Themenstarter Beiträge: 34 |
#3
hallo,
ich verstehe das nicht, wenn ich smitfraudfix.cmd öffne und mit doppelklick aufmache und wenn ich 1 schreibe also wenn ich auf 1 drücke passiert nichts ???? was mach ich denn da falsch ???????? Drücken Sie eine beliebige Tase... ich drücke auf 1 kommt aber nichts ????????? 1.spyfalcon und 2.avenger diese zwei schritte habe ich schon erledigt... |
|
|
|
|
|
|
10.06.2006, 13:49
Ehrenmitglied
Beiträge: 29434 |
#4
SmitRem2.8
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok öffne smitRem --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) wenn ein uninstaller vorhanden ist, den smitRem entfernt, wird der uninstaller gestartet. Klicke einfach den Uninstall button und warte, bis deinstalliert wurde. poste die smitfiles.txt --- dann scanne auch mit Counterspy und poste den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 14:19
Member
Themenstarter Beiträge: 34 |
#5
SmitRem habe ich auch jetzt durchgeführt hat alles schön geklappt aber...
wie sieht denn der uninstaller aus in dem ordner von SmitRem steht kein uninstaller usw. habe auf replace usw. allen drauf geklickt ich weis nicht ob ich es richtig gemacht habe hier nochmal die txt file ich weis nicht ob es der richtige ist. --------------------------------------------------- (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com (HKLM) {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon => %SystemRoot%\System32\browseui.dll (HKCU) {aeabe83d-672b-4717-9154-45bd6283c610} - aporocactus => C:\WINDOWS\system32\posem.dll ------------------------------------------- mit CounterSpy gescannt habe ich auch hier unten...... Spyware Scan Details Start Date: 10.06.2006 14:42:17 End Date: 10.06.2006 15:07:50 Total Time: 25 mins 33 secs Detected spyware KaZaA P2P Program more information... Details: Kazaa is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected c:\programme\kazaa\kazaa.exe c:\programme\kazaa\bdupd.dll c:\programme\kazaa\kazaa.url c:\programme\kazaa\bgp2p\bdcore.dll c:\programme\kazaa\bgp2p\libfn.dll c:\programme\kazaa\help\arrow.gif c:\programme\kazaa\help\arrow_sml.gif c:\programme\kazaa\help\background.gif c:\programme\kazaa\help\h_mykazaa.gif c:\programme\kazaa\help\h_mymedia.gif c:\programme\kazaa\help\h_myplaylists.gif c:\programme\kazaa\help\icon_gold_kap.gif c:\programme\kazaa\help\mykapsules.gif c:\programme\kazaa\help\mykapsules.htm c:\programme\kazaa\help\mykazaa.css c:\programme\kazaa\help\mykazaa.htm c:\programme\kazaa\help\mymedia.htm c:\programme\kazaa\help\myplaylists.htm c:\programme\kazaa\help\spacer.gif c:\programme\kazaa\my channels\bin\dating.kcd c:\programme\kazaa\my channels\bin\emerging_artists.kcd c:\programme\kazaa\my channels\bin\g_spot.kcd c:\programme\kazaa\my channels\bin\onelove_browse.kcd c:\programme\kazaa\my channels\bin\ringtonechannel.kcd c:\programme\kazaa\my channels\bin\rshiphop.kcd c:\programme\kazaa\my channels\bin\skilledgames.kcd c:\programme\kazaa\my channels\images\dating.bmp c:\programme\kazaa\my channels\images\emerging_artists.bmp c:\programme\kazaa\my channels\images\g_spot.bmp c:\programme\kazaa\my channels\images\onelove_browse.bmp c:\programme\kazaa\my channels\images\ringtonechannel.bmp c:\programme\kazaa\my channels\images\rshiphop_browse.bmp c:\programme\kazaa\my channels\images\skilledgames.bmp c:\programme\kazaa\my shared folder\audio - alternative rock.kpl c:\programme\kazaa\my shared folder\audio - barrington levy.kpl c:\programme\kazaa\my shared folder\audio - electronica.kpl c:\programme\kazaa\my shared folder\audio - fine arts militia album.kpl c:\programme\kazaa\my shared folder\audio - folk.kpl c:\programme\kazaa\my shared folder\audio - funk.kpl c:\programme\kazaa\my shared folder\audio - hip hop.kpl c:\programme\kazaa\my shared folder\audio - jazz.kpl c:\programme\kazaa\my shared folder\audio - pop rock.kpl c:\programme\kazaa\my shared folder\audio - public enemy revolverlution album.kpl c:\programme\kazaa\my shared folder\audio - r&b.kpl c:\programme\kazaa\my shared folder\audio - reggae.kpl c:\programme\kazaa\my shared folder\audio - the honey palace album.kpl c:\programme\kazaa\my shared folder\kazaa267_de.exe Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 1 HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING ChannelType SEARCH HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING Source Matchnet HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING DisplayName Love and Dating HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING SsmUrl http://static.matchnet.com/misc/kazaa/search2.html HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING TargetUrl http://www.americansingles.com/default.asp HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING ChannelFile dating.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING IconServer HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING IconPath HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING IconFile HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING Position 2 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE ChannelType BROWSE HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE Source Matchnet HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE DisplayName Love and Dating HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE TargetUrl http://static.matchnet.com/misc/kazaa/splash.html HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE ChannelFile dating.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE IconServer static.matchnet.com HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE IconPath /misc/kazaa/images/ HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE IconFile dating.bmp HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE Position 5 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\DATING_BROWSE Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE ChannelType BROWSE HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE Source Altnet HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE DisplayName Emerging Artists HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE TargetUrl http://www.altnet.com/channels/emerging_artists/index.htm HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE ChannelFile emerging_artists.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE IconServer www.altnet.com HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE IconPath /channels/emerging_artists/ HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE IconFile emerging_artists.bmp HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE Position 6 HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE ChannelType BROWSE HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE Source Altnet HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE DisplayName G-Spot HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE TargetUrl http://www.altnet.com/channels/g-spot/index.htm HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE ChannelFile g_spot.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE IconServer www.altnet.com HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE IconPath /channels/g-spot/ HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE IconFile g_spot.bmp HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE Position 2 HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\G_SPOT_BROWSE Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE ChannelType BROWSE HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE Source Altnet HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE DisplayName One Love HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE TargetUrl http://www.altnet.com/channels/onelove/onelove.htm HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE ChannelFile onelove_browse.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE IconServer www.altnet.com HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE IconPath /channels/onelove/ HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE IconFile onelove_browse.bmp HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE Position 3 HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\ONELOVE_BROWSE Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P ChannelType SEARCH HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P Source Sharman Networks HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P DisplayName P2P Search HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P TargetUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P ChannelFile HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P IconServer HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P IconPath HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P IconFile HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P Mandatory 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P Position 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\P2P Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE ChannelType BROWSE HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE Source Ringtone Channel HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE DisplayName Ringtone Channel HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE TargetUrl http://www.ringtonechannel.com HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE ChannelFile ringtonechannel.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE IconServer www.ringtonechannel.com HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE IconPath /images/ HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE IconFile ringtonechannel.bmp HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE Position 4 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH ChannelType SEARCH HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH Source Ringtone Channel HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH DisplayName Ringtone Channel HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH SsmUrl http://www.ringtonechannel.com/kmd/search.php HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH TargetUrl http://www.ringtonechannel.com/kmd/search_type.php HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH ChannelFile ringtonechannel.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH IconServer HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH IconPath HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH IconFile HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH Position 3 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH NotAdded 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE ChannelType BROWSE HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE Source Altnet HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE DisplayName Hip Hop HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE TargetUrl http://www.altnet.com/channels/hiphop/hiphop.htm HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE ChannelFile rshiphop.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE IconServer www.altnet.com HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE IconPath /channels/hiphop/ HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE IconFile rshiphop_browse.bmp HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE Position 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\RSHIPHOP_BROWSE Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES ChannelType BROWSE HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES Source eUniverse HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES DisplayName Skilled Gaming HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES SsmUrl HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES TargetUrl http://ssm.kazaa.com/us/skilledgames/channel.html HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES ChannelFile skilledgames.kcd HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES IconServer ssm.kazaa.com HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES IconPath /us/skilledgames/ HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES IconFile skilledgames.bmp HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES Mandatory 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES Position 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\SKILLEDGAMES Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH ChannelType SEARCH HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH Source Sharman Networks HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH DisplayName Web Search HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH SsmUrl http://ssm.kazaa.com/us/websearch/search.htm HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH TargetUrl http://search.kazaa.com/us/search.php HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH ChannelFile HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH IconServer HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH IconPath HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH IconFile HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH Mandatory 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH Visible 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH Position 1 HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH NotAdded 0 HKEY_CURRENT_USER\Software\Kazaa\Channels\WEBSEARCH Uninstalled 0 HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoreAll 1 HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableListFiles 1 HKEY_CURRENT_USER\Software\Kazaa\LocalContent ChannelsDir C:\Programme\Kazaa\My Channels HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BBDbLoc C:\Programme\Kazaa\Db\bb.db HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc C:\Programme\Kazaa\broadband.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BBDbLoc2 C:\Programme\Kazaa\Db\bb2.db HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc2 C:\Programme\Kazaa\broadband2.gif HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter firewall_filter 1 HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter adult_filter_level 2 HKEY_CURRENT_USER\Software\Kazaa\Settings + HKEY_CURRENT_USER\Software\Kazaa\Settings Date 5-30-2006 HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0 HKEY_CURRENT_USER\Software\Kazaa\Settings Quarantine C:\Programme\Kazaa\Quarantine HKEY_CURRENT_USER\Software\Kazaa\Settings HelpDir C:\Programme\Kazaa\Help HKEY_CURRENT_USER\Software\Kazaa\Settings SearchDir C:\Programme\Kazaa\Search HKEY_CURRENT_USER\Software\Kazaa\Skins SkinsDir C:\Programme\Kazaa\Skins HKEY_CURRENT_USER\Software\Kazaa\Transfer + HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1 HKEY_CURRENT_USER\Software\Kazaa\UserDetails AutoConnected 1 HKEY_CURRENT_USER\Software\Kazaa\UserDetails + HKEY_CURRENT_USER\Software\Kazaa Tmp 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:kzhash 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:topsearch 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa kt 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Description Download files using Kazaa Media Desktop HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa ShellExecute "C:\Programme\Kazaa\Kazaa.exe" /url "%URL" HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeApplication Kazaa HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeTopic URL HKEY_LOCAL_MACHINE\software\sharman networks ltd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KAZAA Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Deleted Infected files detected c:\windows\system32\p2p networking\p2p networking.eng c:\windows\system32\p2p networking\cache\database\file-1001-595.sig c:\windows\system32\p2p networking\cache\database\index256.dbb c:\windows\downloaded program files\webp2pinstaller.dll c:\windows\system32\p2p networking v126.cpl C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\InprocServer32 C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ProgID WebP2PInstaller.Installer.1 HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll, 101 HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\TypeLib {F720B40F-3A38-4B22-B30D-DCF095D42498} HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\VersionIndependentProgID WebP2PInstaller.Installer HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} Web P2P Installer HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\LocalServer32 C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\ProgID JCDE_Stack.1 HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\VersionIndependentProgID JCDE_Stack HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\Contains\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\DownloadInformation CODEBASE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\DownloadInformation INF HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\InstalledVersion 1,1,0,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} Installer JOLTID P2P Installer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CLASSES_ROOT\WebP2PInstaller.Installer HKEY_CLASSES_ROOT\WebP2PInstaller.Installer\CLSID {1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_CLASSES_ROOT\WebP2PInstaller.Installer\CurVer WebP2PInstaller.Installer.1 HKEY_CLASSES_ROOT\WebP2PInstaller.Installer Web P2P Installer HKEY_CLASSES_ROOT\JCDE_Stack HKEY_CLASSES_ROOT\JCDE_Stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\JCDE_Stack\CurVer JCDE_Stack.1 HKEY_CLASSES_ROOT\JCDE_Stack P2P Stack for Joltid Content Distribution Environment HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\NumMethods 17 HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} JCDE_ISystem HKEY_CLASSES_ROOT\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498} HKEY_CLASSES_ROOT\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}\1.1\0\win32 C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_CLASSES_ROOT\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}\1.1\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}\1.1\HELPDIR C:\WINDOWS\Downloaded Program Files\ HKEY_CLASSES_ROOT\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}\1.1 WebP2PInstaller 1.1 Type Library HKEY_CLASSES_ROOT\WebP2PInstaller.Installer.1 HKEY_CLASSES_ROOT\WebP2PInstaller.Installer.1\CLSID {1D6711C8-7154-40BB-8380-3DEA45B69CBF} HKEY_CLASSES_ROOT\WebP2PInstaller.Installer.1 Web P2P Installer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2 %SystemRoot%\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients ASM 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Kazaa 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 26520 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 57 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 3 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 15793 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655764 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1149027640 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ......... . ............ .......... ........ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 88.73.63.40:3531 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655764 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 26520 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 57 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 3 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 15793 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel1001 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 26520 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 57 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 3 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 15793 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655764 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1149027640 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ......... . ............ .......... ........ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 88.73.63.40:3531 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1149620551 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID -270484765 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1149593236 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent DLStats HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1149027640 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ......... . ............ .......... ........ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1149620551 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\software\p2p networking HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel1001 Image HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 26520 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 57 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 3 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 15793 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory 1431655765 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory 1431655764 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1149027640 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History ......... . ............ .......... ........ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 88.73.63.40:3531 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1149620551 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID -270484765 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1149593236 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent DLStats HKEY_CLASSES_ROOT\JCDE_Stack.1 HKEY_CLASSES_ROOT\JCDE_Stack.1\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\JCDE_Stack.1 P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking DisplayName P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking UninstallString C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /UNINSTALL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking DisplayIcon C:\WINDOWS\system32\P2P Networking\P2P Networking.exe RXToolbar Toolbar more information... Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com. Status: Deleted Infected files detected c:\programme\rxtoolbar\rx.xml c:\programme\rxtoolbar\rxwebsearches.xsl c:\programme\rxtoolbar\sfcont.bin c:\programme\rxtoolbar\graphics\additional.gif c:\programme\rxtoolbar\graphics\additional_active.gif c:\programme\rxtoolbar\graphics\background.jpg c:\programme\rxtoolbar\graphics\blue_hr_horz.gif c:\programme\rxtoolbar\graphics\gray_hr_horz.gif c:\programme\rxtoolbar\graphics\thumbtack.gif c:\programme\rxtoolbar\graphics\thumbtack_active.gif c:\programme\rxtoolbar\graphics\thumbtack_click.gif c:\programme\rxtoolbar\html\content.htm c:\programme\rxtoolbar\html\main.htm c:\programme\rxtoolbar\semantic insight\bkpack01.01.dat c:\programme\rxtoolbar\semantic insight\bkpack01.01.sig c:\programme\rxtoolbar\semantic insight\bkpack01.dat c:\programme\rxtoolbar\semantic insight\bkpack01.sig c:\programme\rxtoolbar\semantic insight\blabels01.dat c:\programme\rxtoolbar\semantic insight\blabels01.sig c:\programme\rxtoolbar\semantic insight\customersecret.key c:\programme\rxtoolbar\semantic insight\customersecret.sig c:\programme\rxtoolbar\semantic insight\nlabels01.dat c:\programme\rxtoolbar\semantic insight\nlabels01.sig Infected registry entries detected HKEY_LOCAL_MACHINE\Software\RXResults HKEY_LOCAL_MACHINE\Software\RXResults si 19902 HKEY_LOCAL_MACHINE\Software\RXResults st 1 HKEY_LOCAL_MACHINE\Software\RXResults dc 2 HKEY_LOCAL_MACHINE\Software\RXResults in 1 MyGlobalSearch.Toolbar Potentially Unwanted Program more information... Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field. Status: Deleted Infected files detected c:\programme\myglobalsearch\bar\history\search Infected registry entries detected HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945} HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CurVer MyGlobalSearchBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin MyGlobalSearch Toolbar Plugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945} HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 MyGlobalSearch Toolbar Plugin HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar UseFWB 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid MZ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 16 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id C929AFB3-CEAB-4E66-B455-6D3E7173E76C HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2005122813 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar favfwbs ^07B18EA9-A523-4961-B6BB-170DE4475CCA^9321DFC9-A260-4312-9585-3FD8BC98C15B^8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2^4D1C4E89-A32A-416b-BCDB-33B3EF3617D3^ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\ DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Deleted Infected files detected c:\windows\system32\1024\ldc1c7.tmp c:\windows\system32\stdole3.tlb c:\windows\system32\dcomcfg.exe c:\windows\system32\atmclk.exe Infected registry entries detected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run kernel32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{6ab7158b-4bff-4160-ad7d-4d622df548cf} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ab7158b-4bff-4160-ad7d-4d622df548cf} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ab7158b-4bff-4160-ad7d-4d622df548cf} HKEY_CLASSES_ROOT\CLSID\{6ab7158b-4bff-4160-ad7d-4d622df548cf} HKEY_CLASSES_ROOT\CLSID\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\InprocServer32 C:\WINDOWS\system32\hp100.tmp HKEY_CLASSES_ROOT\CLSID\{6ab7158b-4bff-4160-ad7d-4d622df548cf}\InprocServer32 ThreadingModel Apartment HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AB7158B-4BFF-4160-AD7D-4D622DF548CF} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AB7158B-4BFF-4160-AD7D-4D622DF548CF}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AB7158B-4BFF-4160-AD7D-4D622DF548CF}\iexplore Count 16 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AB7158B-4BFF-4160-AD7D-4D622DF548CF}\iexplore Time SpywareQuake Rogue Security Program more information... Details: SpywareQuake is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected files detected c:\programme\spywarequake.com\ignored.lst c:\programme\spywarequake.com\spyware-quake.exe c:\programme\spywarequake.com\sq.ini Infected registry entries detected HKEY_CLASSES_ROOT\TypeLib\{5CB9686D-CC21-4927-B904-D91D4479F4BD} HKEY_CLASSES_ROOT\TypeLib\{5CB9686D-CC21-4927-B904-D91D4479F4BD}\1.0\0\win32 C:\Programme\SpywareQuake.com\Spyware-Quake.exe HKEY_CLASSES_ROOT\TypeLib\{5CB9686D-CC21-4927-B904-D91D4479F4BD}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{5CB9686D-CC21-4927-B904-D91D4479F4BD}\1.0\HELPDIR C:\Programme\SpywareQuake.com\ HKEY_CLASSES_ROOT\TypeLib\{5CB9686D-CC21-4927-B904-D91D4479F4BD}\1.0 AVG 1.0 Type Library BrilliantDigital Adware (General) more information... Details: Brilliant Digital Entertainment (BDE) provides the ability for advertising and other content to be displayed using rich multimedia. Status: Deleted Infected files detected c:\programme\kazaa\bgp2p\bdcore.dll C:\Programme\Kazaa\bdupd.dll Twain Tech Adware (General) more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Deleted Infected files detected c:\windows\smdat32a.sys c:\windows\smdat32m.sys MyVideoDaily Low Risk Adware more information... Details: MyVideoDaily is installed as part of a bundle of ad supported software. Status: Deleted Infected files detected C:\Programme\My Video Daily\MVD.jpg Altnet/Topsearch Browser Plug-in more information... Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\altnet HKEY_LOCAL_MACHINE\software\altnet ALTNET_DIR HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75} HKEY_CLASSES_ROOT\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} HKEY_CLASSES_ROOT\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} Altnet Signing Module HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de} F1108889-0764-4871-855F-057A33E45870 HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\LocalServer32 C:\PROGRA~2\Altnet\DOWNLO~1\ASM.exe HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ProgID SigningModule.SigningModule.1 HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\TypeLib {4DB801AD-34BF-4755-A43F-F7FC0F3A0009} HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\VersionIndependentProgID SigningModule.SigningModule HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} SigningModule Class HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75} HKEY_CLASSES_ROOT\SigningModule.SigningModule HKEY_CLASSES_ROOT\SigningModule.SigningModule\CLSID {9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8} HKEY_CLASSES_ROOT\SigningModule.SigningModule\CurVer SigningModule.SigningModule.1 HKEY_CLASSES_ROOT\SigningModule.SigningModule SigningModule Class HKEY_CLASSES_ROOT\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43} HKEY_CLASSES_ROOT\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43}\InProcServer32 C:\Program Files\Altnet\Download Manager\ASMps.dll HKEY_CLASSES_ROOT\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43}\InProcServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43} PSFactoryBuffer HKEY_CLASSES_ROOT\SigningModule.SigningModule.1 HKEY_CLASSES_ROOT\SigningModule.SigningModule.1\CLSID {9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8} HKEY_CLASSES_ROOT\SigningModule.SigningModule.1 SigningModule Class Weatherbug Low Risk Adware more information... Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} MiniBugTransporterX Class Cydoor.TOPicks Adware (General) more information... Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\NumMethods 6 HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} JCDE_IChannel HKEY_CLASSES_ROOT\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a} HKEY_CLASSES_ROOT\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}\TypeLib {F720B40F-3A38-4B22-B30D-DCF095D42498} HKEY_CLASSES_ROOT\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}\TypeLib Version 1.1 HKEY_CLASSES_ROOT\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a} IInstaller HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\NumMethods 3 HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} JCDE_IEventSink_Channel HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\NumMethods 7 HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} JCDE_IMessageHandler HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\NumMethods 24 HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} JCDE_IFile HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\NumMethods 4 HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} JCDE_IEventSink_File My Way Speedbar Potentially Unwanted Program more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} HKEY_CLASSES_ROOT\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} F1108889-0764-4871-855F-057A33E45870 Dieser Beitrag wurde am 10.06.2006 um 15:17 Uhr von cLOUDDEAD editiert.
|
|
|
|
|
|
|
10.06.2006, 18:28
Ehrenmitglied
Beiträge: 29434 |
#6
cLOUDDEAD
du hast anscheinend die smitfraud.fix nicht korrekt angewendet.... ----------- SmitRem2.8 --> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok öffne smitRem --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt -> hierhin kopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
10.06.2006, 18:51
Member
Themenstarter Beiträge: 34 |
#7
hoffentlich habe ich es jetzt richtig gemacht... ist alles genau so gelaufen wie es sein müsste... also diese Virus Alert! und Trojaners usw. sind glaube ich weg... ???? also es zeigt nichts mehr an... !!!!!!!!!!!!!!!!!! könnte es villeicht trotzdem irgendwo sich versteckt haben ?????
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com (HKLM) {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon => %SystemRoot%\System32\browseui.dll (HKCU) {aeabe83d-672b-4717-9154-45bd6283c610} - aporocactus => C:\WINDOWS\system32\posem.dll Dieser Beitrag wurde am 10.06.2006 um 18:58 Uhr von cLOUDDEAD editiert.
|
|
|
|
|
|
|
10.06.2006, 19:20
Ehrenmitglied
Beiträge: 29434 |
#8
mache nun einen Onlinescan mit Panda und kopiere hier den scanreport
 http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
11.06.2006, 00:02
Member
Themenstarter Beiträge: 34 |
#9
hallo sabina, :-)
hier..... Incident Status Location Potentially unwanted tool:application/altnet Not disinfected c:\program files\Altnet Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\Cache\3EFBEAA3d01[smitRem/Process.exe] Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[as1.falkag.de/] Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.adtech.de/] Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.atdmt.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/PayCounter Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.paycounter.com/] Spyware:Cookie/Sextracker Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[counter16.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.sextracker.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/Sextracker Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[counter6.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[counter8.sextracker.com/] Spyware:Cookie/Sextracker Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[counter4.sextracker.com/] Spyware:Cookie/WinFixer Not disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt[.winfixer.com/] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-31c2b21a-470db20a.zip[BlackBox.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-31c2b21a-470db20a.zip[VerifierBug.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-31c2b21a-470db20a.zip[Dummy.class] Virus:Exploit/ByteVerify Disinfected C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-31c2b21a-470db20a.zip[Beyond.class] Spyware:Cookie/Apmebf Not disinfected C:\Dokumente und Einstellungen\Ferhat\Cookies\ferhat@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Ferhat\Cookies\ferhat@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Ferhat\Cookies\ferhat@doubleclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Dokumente und Einstellungen\Ferhat\Cookies\ferhat@mediaplex[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Ferhat\Cookies\ferhat@tradedoubler[1].txt Spyware:Cookie/Weborama Not disinfected C:\Dokumente und Einstellungen\Ferhat\Cookies\ferhat@weborama[2].txt ICH FLIPPE LANGSAM AUS....... HABE VORHIN MEIN PC WIEDER GEÖFFNET UND DIESE GOTTVERDAMMTE "VIRUS ALERT!" IST SCHON WIEDER DAAAA........... :-((((((( Dieser Beitrag wurde am 11.06.2006 um 13:01 Uhr von cLOUDDEAD editiert.
|
|
|
|
|
|
|
11.06.2006, 14:22
Ehrenmitglied
Beiträge: 29434 |
#10
1.
loesche: c:\program files\Altnet 2. gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken 3. TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner 4. SmitRem2.8 Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok öffne smitRem --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) kopiere hier die smitfile.txt 5. wende noch mal die smitfraudfix an und poste den report doppelklick smitfraudfix.cmd . schreibe: 1 (es wird ein Report von den infizierten Dateien erstellt) . doppelklick smitfraudfix.cmd . schreibe: 2 die Taskleiste verschwindet + Bildschirm..alles wird blau werden...warte... wenn der Scan beeendet ist, kopiere die Logfile ab [C:\rapport.txt] 6. scanne noch einmal mit counterspy und poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
11.06.2006, 15:46
Member
Themenstarter Beiträge: 34 |
#11
sooo habe alle schritte durchgeführt... ausser schritt 5. smitfraudfix...
ich habe es immer noch nicht verstanden dieses porgramm... ich öffne smitfraudfix.cmd aber es tut sich nichts ich drücke auf die 1 schliesst sich das fenster und wenn ich nochmal auf die 2 drücke passiert wieder nicht fenster geht zu und das wars es scannt weder noch was oder tut noch was garnichts.... nun hier... 4. SmitRem2.8 / smitfile.txt smitRem © log file version 3.0 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" Running from C:\Dokumente und Einstellungen\Ferhat\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{aeabe83d-672b-4717-9154-45bd6283c610}"="aporocactus" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{aeabe83d-672b-4717-9154-45bd6283c610}\InProcServer32] @="C:\WINDOWS\system32\posem.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1640 'explorer.exe' Killing PID 1640 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{aeabe83d-672b-4717-9154-45bd6283c610}"="aporocactus" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{aeabe83d-672b-4717-9154-45bd6283c610}\InProcServer32] @="C:\WINDOWS\system32\posem.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN!  -------------------------------------------------------- und hier die CounterSpyScan Spyware Scan Details Start Date: 11.06.2006 15:13:50 End Date: 11.06.2006 15:39:04 Total Time: 25 mins 14 secs Detected spyware No spyware were found during this scan. DIESE VIRUS ALERT! IST IMMER NOCH DA...... HEHEHEHE WIE GEHT DENN DAS WENN ES KEIN SPYWARE GEFUNDEN HAT ???? Dieser Beitrag wurde am 11.06.2006 um 15:50 Uhr von cLOUDDEAD editiert.
|
|
|
|
|
|
|
11.06.2006, 16:18
Ehrenmitglied
Beiträge: 29434 |
#12
1.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 2. echo.zip entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren http://virus-protect.org/bat/echo.zip 3. poste das log vom silentrunner http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
11.06.2006, 17:01
Member
Themenstarter Beiträge: 34 |
#13
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 90EB-53ED Verzeichnis von C:\WINDOWS\system32 11.06.2006 16:24 81.984 bdod.bin 11.06.2006 16:03 31 getfile.dat 11.06.2006 15:57 29.204 nvapps.xml 11.06.2006 00:00 2.550 Uninstall.ico 11.06.2006 00:00 1.406 Help.ico 11.06.2006 00:00 30.590 pavas.ico 10.06.2006 23:48 0 asfiles.txt 09.06.2006 20:56 2.206 wpa.dbl 06.06.2006 14:09 176.128 posem.dll 24.05.2006 17:00 311.740 perfh009.dat 24.05.2006 17:00 40.128 perfc009.dat 24.05.2006 17:00 316.924 perfh007.dat 24.05.2006 17:00 48.354 perfc007.dat 24.05.2006 17:00 723.744 PerfStringBackup.INI 24.05.2006 15:20 854.266 Devil Inside Screensaver.scr 21.04.2006 14:08 320.056 FNTCACHE.DAT 06.04.2006 10:54 73.728 asuninst.exe 03.04.2006 10:59 128 xposer.cfg 03.04.2006 10:59 128 asinst.cfg 13.03.2006 17:12 3.534 jupdate-1.5.0_03-b07.log 05.03.2006 01:14 146.650 BuzzingBee.wav 05.03.2006 01:14 940.794 LoopyMusic.wav 20.02.2006 19:25 73.728 sockspy.dll ----------------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 90EB-53ED Verzeichnis von C:\DOKUME~1\Ferhat\LOKALE~1\Temp 11.06.2006 16:06 59.964 Adobelm_Cleanup.0001 11.06.2006 16:06 0 s31s.pdf 11.06.2006 15:59 0 fla8.tmp 11.06.2006 15:57 49.152 ~DF8DC.tmp 11.06.2006 15:57 412 jusched.log 11.06.2006 15:57 32.768 ~DFAB33.tmp 11.06.2006 15:57 16.384 ~DF8354.tmp 11.06.2006 15:13 1.212.416 ~DF417C.tmp 11.06.2006 15:11 49.152 ~DFE1E7.tmp 11.06.2006 15:11 32.768 ~DFE8F2.tmp 11.06.2006 15:11 16.384 ~DF6F97.tmp 11.06.2006 13:09 49.152 ~DFFF01.tmp 11.06.2006 13:09 32.768 ~DF8694.tmp 11.06.2006 13:08 16.384 ~DF1C7C.tmp 23.01.2006 15:36 429 datFind.bat 15 Datei(en) 1.568.133 Bytes 0 Verzeichnis(se), 8.170.319.872 Bytes frei --------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 90EB-53ED Verzeichnis von C:\WINDOWS 11.06.2006 16:03 696 win.ini 11.06.2006 15:57 0 0.log 11.06.2006 15:57 157 wiadebug.log 11.06.2006 15:57 313 wiaservc.log 11.06.2006 15:57 2.048 bootstat.dat 11.06.2006 15:56 452 SchedLgU.Txt 11.06.2006 15:56 57.276 WindowsUpdate.log 11.06.2006 15:06 176.153 setupact.log 11.06.2006 00:00 32 pavsig.txt 10.06.2006 23:45 51.412 setupapi.log 10.06.2006 18:53 2.359.350 Firefox Wallpaper.bmp 10.06.2006 17:31 116 NeroDigital.ini 07.06.2006 19:37 1.671.062 computer art.scr 06.06.2006 22:06 11.910 cdplayer.ini 26.05.2006 13:29 48.804 wmsetup.log 21.05.2006 19:53 3.932.214 SlowView Wallpaper.bmp 28.04.2006 23:36 95 winamp.ini 05.03.2006 01:14 64 RTHDCPL_DB.dbt 05.03.2006 01:04 1.372 tabletoc.log 05.03.2006 01:04 23.832 comsetup.log 05.03.2006 01:04 13.756 ntdtcsetup.log 05.03.2006 01:04 102.440 iis6.log 05.03.2006 01:04 1.355 imsins.log 05.03.2006 01:04 2.634 ocmsn.log 05.03.2006 01:04 23.992 tsoc.log 05.03.2006 01:04 5.263 KB888111.log 05.03.2006 01:04 33.079 ocgen.log 05.03.2006 01:04 4.640 netfxocm.log 05.03.2006 01:04 4.120 medctroc.Log 05.03.2006 01:04 2.309 msgsocm.log 05.03.2006 01:04 34.935 FaxSetup.log 05.03.2006 01:04 23.578 msmqinst.log 05.03.2006 00:49 1.757.425 setupapi.log.0.old 10.02.2006 16:06 647 GEARInstall.log --------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 90EB-53ED Verzeichnis von C:\ 11.06.2006 16:30 0 sys.txt 11.06.2006 16:29 6.299 system.txt 11.06.2006 16:29 981 systemtemp.txt 11.06.2006 16:29 104.922 system32.txt 11.06.2006 15:57 1.610.612.736 pagefile.sys 10.06.2006 12:41 0 avenger.txt 10.06.2006 12:39 1.006 xgpsokcn.txt 09.04.2006 19:15 826 lxcescan.log 07.01.2006 17:18 1.938.173 07-01-2006 16;18;44.pdf 06.01.2006 15:31 3.198.124 06-01-2006 14;31;23.pdf 01.01.2006 18:21 1.584.124 01-01-2006 17;21;56.pdf 01.01.2006 17:22 6.357.154 01-01-2006 16;22;37.pdf 01.01.2006 17:15 6.336.414 01-01-2006 16;15;39.pdf 26.12.2005 00:01 388 lxce.log 23.12.2005 03:50 423 CDFE.log 22.12.2005 21:22 416 LXCEINST.csv 22.12.2005 21:21 0 lxcefire.csv 22.12.2005 19:00 0 CONFIG.SYS 22.12.2005 19:00 0 MSDOS.SYS 22.12.2005 19:00 0 AUTOEXEC.BAT 22.12.2005 19:00 0 IO.SYS 31.10.2005 17:56 700.416 StubInstaller.exe 22 Datei(en) 1.630.842.402 Bytes 0 Verzeichnis(se), 8.169.979.904 Bytes frei ------------------------------------------------------------- 10)DPF???? Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 90EB-53ED Verzeichnis von C:\WINDOWS\Downloaded Program Files 11.04.2006 17:10 135.168 asinst.dll 03.04.2006 11:00 537 asinst.inf 20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd 09.10.2003 11:32 144 QTPlugin.inf 27.08.2005 14:30 5.065 swflash.inf 5 Datei(en) 142.076 Bytes Anzahl der angezeigten Dateien: 5 Datei(en) 142.076 Bytes 0 Verzeichnis(se), 8.170.192.896 Bytes frei ------------------------------------------------------------------- "Silent Runners.vbs", revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "msnmsgr" = ""C:\Programme\MSN Messenger\msnmsgr.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Adobe Version Cue CS2" = ""C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"" ["Adobe Sytems Incorporated"] "Acrobat Assistant 7.0" = ""C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."] "(Default)" = (empty string) "BDMCon" = "C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" ["SOFTWIN S.R.L."] "BDOESRV" = ""C:\Programme\Softwin\BitDefender9\bdoesrv.exe"" ["SOFTWIN SRL"] "BDNewsAgent" = ""c:\progra~1\softwin\bitdef~1\bdnagent.exe"" ["SOFTWIN S.R.L"] "BDSwitchAgent" = ""c:\progra~1\softwin\bitdef~1\bdswitch.exe"" [null data] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "LXCECATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16" [MS] "lxcemon.exe" = ""C:\Programme\Lexmark 4300 Series\lxcemon.exe"" ["Lexmark International, Inc."] "EzPrint" = ""C:\Programme\Lexmark 4300 Series\ezprint.exe"" ["Lexmark International Inc."] "FaxCenterServer" = ""C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s" [null data] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_03\bin\jusched.exe" ["Sun Microsystems, Inc."] "WinampAgent" = ""C:\Programme\Winamp\Winampa.exe"" [null data] "SunServer" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEToolbarHelper Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{aeabe83d-672b-4717-9154-45bd6283c610}" = "aporocactus" -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\posem.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{076394AD-7FDD-44EF-A075-32C68DBAB99B}" = "*g" (unwritable string) -> {HKLM...CLSID} = "GIANT AntiSpyware Service Hook" \InProcServer32\(Default) = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" ["Sunbelt Software"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! "AppInit_DLLs" = "sockspy.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Programme\PowerArchiver\PASHLEXT.DLL" ["ConeXware, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssflwbox.scr" [MS] Startup items in "Ferhat" & "All Users" startup folders: -------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Acrobat - Schnellstart" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe" [null data] "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Enabled Scheduled Tasks: ------------------------ "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ Missing lines (compared with English-language version): HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BitDefender Communicator, XCOMM, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"] BitDefender Desktop Update Service, LIVESRV, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."] BitDefender Scan Server, bdss, ""C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data] BitDefender Virus Shield, VSSERV, ""C:\Programme\Softwin\BitDefender9\vsserv.exe" /service" ["SOFTWIN S.R.L."] iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] lxce_device, lxce_device, "C:\WINDOWS\system32\lxcecoms.exe -service" ["Lexmark International, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ 4300 Series Port\Driver = "lxcelmpm.DLL" ["Lexmark International, Inc."] Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [null data] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 35 seconds, including 14 seconds for message boxes) |
|
|
|
|
|
|
11.06.2006, 17:05
Ehrenmitglied
Beiträge: 29434 |
#14
1.
gehe in die Registry Start - Ausfuehren - regedit bearbeiten - suchen - posem.dll HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{aeabe83d-672b-4717-9154-45bd6283c610}-> loeschen 2. KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: .... C:\WINDOWS\system32\posem.dll C:\WINDOWS\system32\bdod.bin C:\WINDOWS\system32\getfile.dat PC neustarten ** 3. poste noch mal das erste Log von datfindbat zur Ueberpruefung __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
11.06.2006, 17:19
Member
Themenstarter Beiträge: 34 |
#15
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 90EB-53ED Verzeichnis von C:\WINDOWS\system32 11.06.2006 17:16 29.204 nvapps.xml 11.06.2006 00:00 2.550 Uninstall.ico 11.06.2006 00:00 1.406 Help.ico 11.06.2006 00:00 30.590 pavas.ico 10.06.2006 23:48 0 asfiles.txt 09.06.2006 20:56 2.206 wpa.dbl 06.06.2006 14:09 176.128 posem.dll 24.05.2006 17:00 311.740 perfh009.dat 24.05.2006 17:00 40.128 perfc009.dat 24.05.2006 17:00 316.924 perfh007.dat 24.05.2006 17:00 48.354 perfc007.dat 24.05.2006 17:00 723.744 PerfStringBackup.INI 24.05.2006 15:20 854.266 Devil Inside Screensaver.scr 21.04.2006 14:08 320.056 FNTCACHE.DAT 06.04.2006 10:54 73.728 asuninst.exe 03.04.2006 10:59 128 xposer.cfg 03.04.2006 10:59 128 asinst.cfg 13.03.2006 17:12 3.534 jupdate-1.5.0_03-b07.log 05.03.2006 01:14 146.650 BuzzingBee.wav 05.03.2006 01:14 940.794 LoopyMusic.wav 20.02.2006 19:25 73.728 sockspy.dll |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
vor 2 tagen hatte ich dieses Virus Alert! probleme gehabt und es hat schon wieder angefangen noch gestern als es weg war. Hatte ich mich schnell gefreut aber als ich heute mein PC aufgemacht habe hat es wieder angefangen zu blinken. Ich weis wirklich wie sich dieses misling wieder eingefangen hat. Bitte euch wieder zu hilfe danke. Plus habe auch noch diese "Trojan.Zlob.AJ" auch noch eingefangen ich weis nicht wie............
Logfile of HijackThis v1.99.1
Scan saved at 21:08:40, on 09.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Lexmark 4300 Series\lxcemon.exe
C:\Programme\Lexmark 4300 Series\ezprint.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\Programme\Winamp\Winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Dokumente und Einstellungen\Ferhat\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Programme\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programme\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programme\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
----------------------------------------------------------------
CleanUp! started on 06/09/06 21:12:02.
...
Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\Cache\_CACHE_001_ currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\Cache\_CACHE_002_ currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\Cache\_CACHE_003_ currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\Cache\_CACHE_MAP_ currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\history.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Ferhat\Anwendungsdaten\Mozilla\Firefox\Profiles\nxr5x1lw.default\cookies.txt.old - deleted
C:\Dokumente und Einstellungen\Ferhat\Recent\hijackthis.log.lnk - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\Adobelm_Cleanup.0001 - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\erdemir.mp3 - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\jusched.log - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\Sample © -- By Erdem ®.mp3 - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\Set16F.tmp - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\TWAIN.LOG - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\Twain001.Mtx - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\Twunk001.MTX - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\Twunk002.MTX - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\hsperfdata_Ferhat\ - deleted
C:\DOKUME~1\Ferhat\LOKALE~1\Temp\~nsu.tmp\ - deleted
C:\WINDOWS\temp\tmp00001d9d\tmp00000000 currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Ferhat\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Ferhat\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.1 recovered 92.1 MB of disk space from 659 files.
CleanUp! finished on 06/09/06 21:12:22.
hatte auch vorhin ein thread geöffnet wegen Virus Alert!.
Bin vorhin auch fündig geworden von "Trojan.Zlob.AJ" und "Trojan.Hoax.Renos.C
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 90EB-53ED
Verzeichnis von C:\WINDOWS\system32
09.06.2006 21:19 81.984 bdod.bin
09.06.2006 21:14 29.204 nvapps.xml
09.06.2006 21:14 7.168 simpole.tlb
09.06.2006 21:14 35.840 hp100.tmp
09.06.2006 21:10 5.024 stdole3.tlb
09.06.2006 21:03 31 getfile.dat
09.06.2006 20:56 2.206 wpa.dbl
06.06.2006 22:42 4.286 ot.ico
06.06.2006 22:42 4.286 ts.ico
06.06.2006 21:02 57.344 dcomcfg.exe
06.06.2006 14:20 34.829 ld101.tmp
06.06.2006 14:09 176.128 posem.dll
06.06.2006 14:09 10.468 atmclk.exe
30.05.2006 18:20 77.312 P2P Networking v126.cpl
24.05.2006 17:00 311.740 perfh009.dat
24.05.2006 17:00 40.128 perfc009.dat
24.05.2006 17:00 316.924 perfh007.dat
24.05.2006 17:00 48.354 perfc007.dat
24.05.2006 17:00 723.744 PerfStringBackup.INI
24.05.2006 15:20 854.266 Devil Inside Screensaver.scr