web rebates- exe.datei gelöscht |
||
---|---|---|
#0
| ||
22.07.2006, 18:19
Member
Beiträge: 12 |
||
|
||
23.07.2006, 13:21
Ehrenmitglied
Beiträge: 29434 |
#2
ueberpruefe, ob du noch folgendes findest:
http://virus-protect.org/artikel/spyware/webrebates.html scroole nach unten zu: Web_Rebates - TopRebates http://virus-protect.org/artikel/spyware/uninstall.html und scanne mit Coounterspy (alles auf "remove" stellen und kopiere hier den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
23.07.2006, 16:29
Member
Themenstarter Beiträge: 12 |
#3
wie kann ich das überprüfen(1.Punkt bei deiner antworrt)?
was soll ich dann tun wenn ich nach unten bis webrebates gescrolled habe? |
|
|
||
23.07.2006, 18:40
Ehrenmitglied
Beiträge: 29434 |
#4
scanne einfach mit Counterspy und stelle alles auf "remove", was gefunden wird und kopiere hier den scanreport
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.07.2006, 14:37
Member
Themenstarter Beiträge: 12 |
#5
Spyware Scan Details
Start Date: 24.07.2006 14:09:39 End Date: 24.07.2006 14:32:25 Total Time: 22 mins 46 secs Detected spyware Altnet/Topsearch Browser Plug-in more information... Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster. Status: Deleted Infected files detected c:\windows\temp\altnet\adm.exe c:\windows\temp\altnet\adm25.dll c:\windows\temp\altnet\adm4.dll c:\windows\temp\altnet\admdata.dll c:\windows\temp\altnet\admdloader.dll c:\windows\temp\altnet\admfdi.dll c:\windows\temp\altnet\admprog.dll c:\windows\temp\altnet\dmfiles.cab c:\windows\temp\altnet\dminfo3.cab c:\windows\temp\altnet\dminstall7.cab c:\windows\temp\altnet\mysearch.cab c:\windows\temp\altnet\pmexe.cab c:\windows\temp\altnet\pmfiles.cab c:\windows\temp\altnet\pminstall.cab c:\windows\temp\altnet\setup.cab C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\asmfiles.cab D:\Program Files\Altnet\Download Manager\asmps.dll Infected registry entries detected HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75} HKEY_CLASSES_ROOT\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} HKEY_CLASSES_ROOT\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} Altnet Signing Module HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\LocalServer32 D:\PROGRA~2\Altnet\DOWNLO~1\ASM.exe HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ProgID SigningModule.SigningModule.1 HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\TypeLib {4DB801AD-34BF-4755-A43F-F7FC0F3A0009} HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\VersionIndependentProgID SigningModule.SigningModule HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} SigningModule Class HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75} HKEY_CLASSES_ROOT\SigningModule.SigningModule HKEY_CLASSES_ROOT\SigningModule.SigningModule\CLSID {9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8} HKEY_CLASSES_ROOT\SigningModule.SigningModule\CurVer SigningModule.SigningModule.1 HKEY_CLASSES_ROOT\SigningModule.SigningModule SigningModule Class HKEY_CLASSES_ROOT\SigningModule.SigningModule.1 HKEY_CLASSES_ROOT\SigningModule.SigningModule.1\CLSID {9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8} HKEY_CLASSES_ROOT\SigningModule.SigningModule.1 SigningModule Class TopRebates.WebRebates Browser Plug-in more information... Details: TopRebates is a browser toolbar that can display pop-up advertisements and monitor your Web browsing activities. Status: Deleted Infected files detected c:\programme\webrebates4\w11150.exe c:\programme\webrebates4\webrebates.dll c:\programme\webrebates4\webrebates.exe c:\programme\webrebates4\webrebates2.dll c:\programme\webrebates4\webarebates\topr11150.dat c:\programme\webrebates4\webarebates\toprp11184.dat c:\programme\webrebates4\webdrebates\besitzer\f43a5c1e0f0d.dat c:\programme\webrebates4\webdrebates\besitzer\p43a5c25e28f.dat c:\programme\webrebates4\webdrebates\r43a5c1e3b1f.dat c:\programme\webrebates4\webdrebates\webzrebates.dat c:\programme\webrebates4\webdrebates\z43a5c1d3210.dat c:\programme\webrebates4\websrebates\html\ftoprrpmp0.htm c:\programme\webrebates4\websrebates\html\ftoprrpms0.htm c:\programme\webrebates4\websrebates\html\ftoprupmp0.htm c:\programme\webrebates4\websrebates\html\ftoprupms0.htm c:\programme\webrebates4\websrebates\html\toprc0.htm c:\programme\webrebates4\websrebates\html\toprp0.htm c:\programme\webrebates4\websrebates\html\toprp1.htm c:\programme\webrebates4\websrebates\html\toprr1.htm c:\programme\webrebates4\websrebates\html\toprrpmf0.htm c:\programme\webrebates4\websrebates\html\toprupmf0.htm c:\programme\webrebates4\websrebates\html\toprxpmp0.htm c:\programme\webrebates4\websrebates\html\toprxpms0.htm c:\programme\webrebates4\websrebates\images\topr_blnk.gif c:\programme\webrebates4\websrebates\images\topr_c_envelope.gif c:\programme\webrebates4\websrebates\images\topr_c_footer.gif c:\programme\webrebates4\websrebates\images\topr_c_hdr_autotrack_remove.gif c:\programme\webrebates4\websrebates\images\topr_c_hdr_settings.gif c:\programme\webrebates4\websrebates\images\topr_c_hdr_settings_toprebates.gif c:\programme\webrebates4\websrebates\images\topr_c_pop_circles.gif c:\programme\webrebates4\websrebates\images\topr_c_pop_circles_bg2.gif c:\programme\webrebates4\websrebates\images\topr_c_warning.gif c:\programme\webrebates4\websrebates\websrebates\weblrebates.dat c:\programme\webrebates4\websrebates\websrebates\webprebates.dat c:\programme\webrebates4\websrebates\websrebates\websrebates.dat c:\programme\webrebates4\websrebates\webtrebates\ftoprrpmp0.htm c:\programme\webrebates4\websrebates\webtrebates\ftoprrpms0.htm c:\programme\webrebates4\websrebates\webtrebates\ftoprupmp0.htm c:\programme\webrebates4\websrebates\webtrebates\ftoprupms0.htm c:\programme\webrebates4\websrebates\webtrebates\log.txt c:\programme\webrebates4\websrebates\webtrebates\toprc0.htm c:\programme\webrebates4\websrebates\webtrebates\toprp1.htm c:\programme\webrebates4\websrebates\webtrebates\toprr1.htm c:\programme\webrebates4\websrebates\webtrebates\toprrpmf0.htm c:\programme\webrebates4\websrebates\webtrebates\toprupmf0.htm c:\programme\webrebates4\websrebates\webtrebates\toprxpmp0.htm c:\programme\webrebates4\websrebates\webtrebates\toprxpms0.htm Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates. file://C:\Programme\WebRebates4\websrebates\webtrebates\toprC0.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates. Contexts 63 Bullguard Potentially Unwanted Program more information... Details: Bullguard is a software suite that includes antivirus, firewall, spam filter and online backup. Status: Deleted Infected files detected c:\windows\temp\bullguard\bulldownload.exe Need2FindBar Potentially Unwanted Program more information... Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function. Status: Deleted Infected files detected c:\programme\need2find\bar\history\search c:\windows\temp\altnet\mysearch.cab Infected registry entries detected HKEY_CURRENT_USER\Software\Need2Find HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.54691) HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id A6BB9516-D939-4335-AD32-BF1252D87C93 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 102.10844 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CheckForConnection 0 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2005112313 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 122 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ColorButtons 1 Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Deleted Infected files detected c:\windows\downloaded program files\webp2pinstaller.dll c:\windows\system32\p2p networking v126.cpl C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\p2psetup.exe Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\LocalServer32 C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\ProgID JCDE_Stack.1 HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\VersionIndependentProgID JCDE_Stack HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CLASSES_ROOT\JCDE_Stack HKEY_CLASSES_ROOT\JCDE_Stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\JCDE_Stack\CurVer JCDE_Stack.1 HKEY_CLASSES_ROOT\JCDE_Stack P2P Stack for Joltid Content Distribution Environment HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\NumMethods 17 HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} JCDE_ISystem HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2 %SystemRoot%\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Kazaa 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Altnet TopSearch 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 4021 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 37 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 5 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 32 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory -532213825 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -268436997 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1134475540 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ... .. . .. ....... . . ... . .. .. HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 195.3.113.147:3531 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory -532213825 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -268436997 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 4021 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 37 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 5 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 32 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel1001 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 4021 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 37 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 5 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 32 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory -532213825 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -268436997 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1134475540 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ... .. . .. ....... . . ... . .. .. HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 195.3.113.147:3531 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1134928180 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID 637860331 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1135074444 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent DLStats HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1134475540 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ... .. . .. ....... . . ... . .. .. HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1134928180 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\software\p2p networking HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel1001 Image HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 4021 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 37 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 5 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 32 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory -1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory -532213825 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory -268436997 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1134475540 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History ... .. . .. ....... . . ... . .. .. HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 195.3.113.147:3531 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1134928180 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID 637860331 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1135074444 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent DLStats HKEY_CLASSES_ROOT\JCDE_Stack.1 HKEY_CLASSES_ROOT\JCDE_Stack.1\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_CLASSES_ROOT\JCDE_Stack.1 P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking DisplayName P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking UninstallString C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /UNINSTALL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking DisplayIcon C:\WINDOWS\system32\P2P Networking\P2P Networking.exe IST.ISTbar Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar. Status: Deleted Infected files detected c:\delus.bat Altnet Download Manager Low Risk Adware more information... Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network. Status: Deleted Infected files detected c:\windows\temp\altnet\dmfiles.cab c:\windows\temp\altnet\dminfo3.cab c:\windows\temp\altnet\dminstall7.cab C:\WINDOWS\Temp\Altnet\adm.exe C:\WINDOWS\Temp\Altnet\adm25.dll C:\WINDOWS\Temp\Altnet\adm4.dll C:\WINDOWS\Temp\Altnet\admdata.dll C:\WINDOWS\Temp\Altnet\admdloader.dll C:\WINDOWS\Temp\Altnet\admfdi.dll C:\WINDOWS\Temp\Altnet\admprog.dll Accoona.Toolbar Toolbar more information... Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\ASearchAssist.dll Infected registry entries detected HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CurVer ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch ADefaultSearch Class HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\InprocServer32 C:\Programme\Accoona\ASearchAssist.dll HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\ProgID ASearchAssist.ADefaultSearch.1 HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\VersionIndependentProgID ASearchAssist.ADefaultSearch HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} ADefaultSearch Class HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} + HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Distribution ID 94467005850470196661244888 HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Package ID 400055 HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} IADefaultSearch HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952} HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\0\win32 C:\Programme\Accoona\ASearchAssist.dll HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\HELPDIR C:\Programme\Accoona\ HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0 ASearchAssist 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant DisplayIcon C:\Programme\Accoona\icon-sa.ico,-0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant Comments Search Assistant, Search Engine using Artificial Intelligence HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant Contact info@accoona.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant DisplayName Accoona Search Assistant 1.0.1.2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant DisplayVersion 1.0.1.2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant HelpLink www.accoona.com/help HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant Publisher Accoona Corporation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant UninstallString C:\Programme\Accoona\SARemove.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant URLInfoAbout http://www.accoona.com Cydoor Adware (General) more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\cd_clint.dll NewDotNet Browser Plug-in more information... Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. Status: Deleted Infected files detected C:\WINDOWS\NDNuninstall6_98.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net Changed 0 KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableListFiles 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BBDbLoc D:\Programme\Db\bb.db HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc D:\Programme\broadband.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc2 D:\Programme\broadband2.gif HKEY_CURRENT_USER\Software\Kazaa\Settings + HKEY_CURRENT_USER\Software\Kazaa\Settings Date HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer + HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1 HKEY_CURRENT_USER\Software\Kazaa Tmp 0 Cydoor.TOPicks Adware (General) more information... Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\NumMethods 6 HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} JCDE_IChannel HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\NumMethods 3 HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} JCDE_IEventSink_Channel HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\NumMethods 7 HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} JCDE_IMessageHandler HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\NumMethods 24 HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} JCDE_IFile HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\NumMethods 4 HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0} HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} JCDE_IEventSink_File RXToolbar Toolbar more information... Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\RX Toolbar HKEY_CURRENT_USER\Software\RX Toolbar RegisterNow 1 HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\InprocServer32 C:\PROGRA~1\RXTOOL~1\sfcont.dll HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\ProgID RXResult.RXResultTracker.1 HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\VersionIndependentProgID RXResult.RXResultTracker HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} RXResultTracker Class HKEY_CLASSES_ROOT\RXResult.RXResultTracker HKEY_CLASSES_ROOT\RXResult.RXResultTracker\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\RXResult.RXResultTracker RXResultTracker Class HKEY_CLASSES_ROOT\RXResult.RXResultFilter HKEY_CLASSES_ROOT\RXResult.RXResultFilter\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_CLASSES_ROOT\RXResult.RXResultFilter RXResultFilter Class HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 RXResultFilter Class HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 RXResultTracker Class TopRebates.WebRebates Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\besitzer\cookies\besitzer@toprebates[2].txt |
|
|
||
24.07.2006, 16:15
Ehrenmitglied
Beiträge: 29434 |
#6
1.
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet. 2. verzichte in Zukunft (wenn du einen sauberen Rechner willst, auf P2P Networking ) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
24.07.2006, 19:56
Member
Themenstarter Beiträge: 12 |
#7
ist jetzt webrebates sicher weg von meinem rechner?
und P2P networking ist jetzt auch weg oder? beim quarantäne ordner ist bei mir aber nichts drinnen weil ich ja alles auf remove gestellt habe -->was meinst du daher mit "einen teil der dateien"? bitte erklär mir das ein wenig genauer! |
|
|
||
24.07.2006, 20:56
Ehrenmitglied
Beiträge: 29434 |
#8
scanne einfach noch mal und loesche , was gefunden wurde...bis der Counterspy nichts mehr anzeigt
+ Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
14.08.2006, 16:39
Member
Themenstarter Beiträge: 12 |
#9
ich war leider jetzt 14 tage in urlaub daher ist counterspy expired!
ich kann daher nicht mehr suchen,solange bis alles weg ist ! was soll ich jetzt machen? nur mit hijack this oder was? |
|
|
||
14.08.2006, 23:00
Ehrenmitglied
Beiträge: 29434 |
#10
dummes Ding, mit den 14 Tagen Urlaub und Counterspy ist futsch
poste das log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.08.2006, 14:21
Member
Themenstarter Beiträge: 12 |
#11
Logfile of HijackThis v1.99.1
Scan saved at 14:21:01, on 15.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Winamp\winampa.exe C:\Programme\QuickTime\qttask.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Spybot - Search & Destroy\TeaTimer.exe D:\Programme\Phone\Skype.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\Stardock\ObjectDock\ObjectDock.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\IPod\bin\iPodService.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe D:\Programme\firefox.exe C:\Programme\HiJackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;<local> R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [webrebates] "C:\Programme\WebRebates4\webrebates.exe" O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [Skype] "D:\Programme\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128798793233 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE0AA70-A383-446D-8249-A63ADA63F2D9}: NameServer = 195.3.96.67 195.3.96.68 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\IPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe |
|
|
||
15.08.2006, 15:30
Ehrenmitglied
Beiträge: 29434 |
#12
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint
Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.08.2006, 18:32
Member
Themenstarter Beiträge: 12 |
#13
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 64CD-D89B Verzeichnis von C:\Programme Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 64CD-D89B Verzeichnis von C:\WINDOWS\Downloaded Program Files 09.02.2005 17:54 1.271 erma.inf 08.10.2005 18:00 88.136 HPGetDownloadManager.ocx 26.08.2005 15:57 495 LegitCheckControl.inf 29.06.2005 18:17 227 opuc.inf 27.03.2006 13:00 5.019 swflash.inf 26.05.2005 04:19 291 wuweb.inf 6 Datei(en) 95.439 Bytes 0 Verzeichnis(se), 19.018.215.424 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 64CD-D89B edit (Sabina) |
|
|
||
15.08.2006, 18:37
Ehrenmitglied
Beiträge: 29434 |
#14
laokon
1. öffne das HijackThis -- Button "scan" -- vor Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [webrebates] "C:\Programme\WebRebates4\webrebates.exe" Rechner neustarten 2. scanne mit Panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.08.2006, 14:09
Member
Themenstarter Beiträge: 12 |
#15
Incident Status Location
Potentially unwanted tool:application/altnet Not disinfected HKEY_CLASSES_ROOT\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193} Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xg8ygjld.default\cookies.txt[as1.falkag.de/] edit (Sabina) ____________________________ außerdem habe ich den O4 Webrebates.... mit hijackthis fixed!und dann pc neu gestartet! |
|
|
||
mein virenscanner hat das erkannt und so habe ich die exe. datei gelöscht!
ist web rebates jetzt sicher weg?