web rebates- exe.datei gelöscht

#0
22.07.2006, 18:19
Member

Beiträge: 12
#1 ich habe web rebates!
mein virenscanner hat das erkannt und so habe ich die exe. datei gelöscht!
ist web rebates jetzt sicher weg?
Seitenanfang Seitenende
23.07.2006, 13:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 ueberpruefe, ob du noch folgendes findest:
http://virus-protect.org/artikel/spyware/webrebates.html

scroole nach unten zu: Web_Rebates - TopRebates
http://virus-protect.org/artikel/spyware/uninstall.html

und scanne mit Coounterspy (alles auf "remove" stellen und kopiere hier den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
23.07.2006, 16:29
Member

Themenstarter

Beiträge: 12
#3 wie kann ich das überprüfen(1.Punkt bei deiner antworrt)?
was soll ich dann tun wenn ich nach unten bis webrebates gescrolled habe?
Seitenanfang Seitenende
23.07.2006, 18:40
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 scanne einfach mit Counterspy und stelle alles auf "remove", was gefunden wird und kopiere hier den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.07.2006, 14:37
Member

Themenstarter

Beiträge: 12
#5 Spyware Scan Details
Start Date: 24.07.2006 14:09:39
End Date: 24.07.2006 14:32:25
Total Time: 22 mins 46 secs

Detected spyware

Altnet/Topsearch Browser Plug-in more information...
Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster.
Status: Deleted

Infected files detected
c:\windows\temp\altnet\adm.exe
c:\windows\temp\altnet\adm25.dll
c:\windows\temp\altnet\adm4.dll
c:\windows\temp\altnet\admdata.dll
c:\windows\temp\altnet\admdloader.dll
c:\windows\temp\altnet\admfdi.dll
c:\windows\temp\altnet\admprog.dll
c:\windows\temp\altnet\dmfiles.cab
c:\windows\temp\altnet\dminfo3.cab
c:\windows\temp\altnet\dminstall7.cab
c:\windows\temp\altnet\mysearch.cab
c:\windows\temp\altnet\pmexe.cab
c:\windows\temp\altnet\pmfiles.cab
c:\windows\temp\altnet\pminstall.cab
c:\windows\temp\altnet\setup.cab
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\asmfiles.cab
D:\Program Files\Altnet\Download Manager\asmps.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE
HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75}
HKEY_CLASSES_ROOT\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
HKEY_CLASSES_ROOT\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} Altnet Signing Module
HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\LocalServer32 D:\PROGRA~2\Altnet\DOWNLO~1\ASM.exe
HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ProgID SigningModule.SigningModule.1
HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\TypeLib {4DB801AD-34BF-4755-A43F-F7FC0F3A0009}
HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\VersionIndependentProgID SigningModule.SigningModule
HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} SigningModule Class
HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75}
HKEY_CLASSES_ROOT\SigningModule.SigningModule
HKEY_CLASSES_ROOT\SigningModule.SigningModule\CLSID {9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}
HKEY_CLASSES_ROOT\SigningModule.SigningModule\CurVer SigningModule.SigningModule.1
HKEY_CLASSES_ROOT\SigningModule.SigningModule SigningModule Class
HKEY_CLASSES_ROOT\SigningModule.SigningModule.1
HKEY_CLASSES_ROOT\SigningModule.SigningModule.1\CLSID {9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}
HKEY_CLASSES_ROOT\SigningModule.SigningModule.1 SigningModule Class


TopRebates.WebRebates Browser Plug-in more information...
Details: TopRebates is a browser toolbar that can display pop-up advertisements and monitor your Web browsing activities.
Status: Deleted

Infected files detected
c:\programme\webrebates4\w11150.exe
c:\programme\webrebates4\webrebates.dll
c:\programme\webrebates4\webrebates.exe
c:\programme\webrebates4\webrebates2.dll
c:\programme\webrebates4\webarebates\topr11150.dat
c:\programme\webrebates4\webarebates\toprp11184.dat
c:\programme\webrebates4\webdrebates\besitzer\f43a5c1e0f0d.dat
c:\programme\webrebates4\webdrebates\besitzer\p43a5c25e28f.dat
c:\programme\webrebates4\webdrebates\r43a5c1e3b1f.dat
c:\programme\webrebates4\webdrebates\webzrebates.dat
c:\programme\webrebates4\webdrebates\z43a5c1d3210.dat
c:\programme\webrebates4\websrebates\html\ftoprrpmp0.htm
c:\programme\webrebates4\websrebates\html\ftoprrpms0.htm
c:\programme\webrebates4\websrebates\html\ftoprupmp0.htm
c:\programme\webrebates4\websrebates\html\ftoprupms0.htm
c:\programme\webrebates4\websrebates\html\toprc0.htm
c:\programme\webrebates4\websrebates\html\toprp0.htm
c:\programme\webrebates4\websrebates\html\toprp1.htm
c:\programme\webrebates4\websrebates\html\toprr1.htm
c:\programme\webrebates4\websrebates\html\toprrpmf0.htm
c:\programme\webrebates4\websrebates\html\toprupmf0.htm
c:\programme\webrebates4\websrebates\html\toprxpmp0.htm
c:\programme\webrebates4\websrebates\html\toprxpms0.htm
c:\programme\webrebates4\websrebates\images\topr_blnk.gif
c:\programme\webrebates4\websrebates\images\topr_c_envelope.gif
c:\programme\webrebates4\websrebates\images\topr_c_footer.gif
c:\programme\webrebates4\websrebates\images\topr_c_hdr_autotrack_remove.gif
c:\programme\webrebates4\websrebates\images\topr_c_hdr_settings.gif
c:\programme\webrebates4\websrebates\images\topr_c_hdr_settings_toprebates.gif
c:\programme\webrebates4\websrebates\images\topr_c_pop_circles.gif
c:\programme\webrebates4\websrebates\images\topr_c_pop_circles_bg2.gif
c:\programme\webrebates4\websrebates\images\topr_c_warning.gif
c:\programme\webrebates4\websrebates\websrebates\weblrebates.dat
c:\programme\webrebates4\websrebates\websrebates\webprebates.dat
c:\programme\webrebates4\websrebates\websrebates\websrebates.dat
c:\programme\webrebates4\websrebates\webtrebates\ftoprrpmp0.htm
c:\programme\webrebates4\websrebates\webtrebates\ftoprrpms0.htm
c:\programme\webrebates4\websrebates\webtrebates\ftoprupmp0.htm
c:\programme\webrebates4\websrebates\webtrebates\ftoprupms0.htm
c:\programme\webrebates4\websrebates\webtrebates\log.txt
c:\programme\webrebates4\websrebates\webtrebates\toprc0.htm
c:\programme\webrebates4\websrebates\webtrebates\toprp1.htm
c:\programme\webrebates4\websrebates\webtrebates\toprr1.htm
c:\programme\webrebates4\websrebates\webtrebates\toprrpmf0.htm
c:\programme\webrebates4\websrebates\webtrebates\toprupmf0.htm
c:\programme\webrebates4\websrebates\webtrebates\toprxpmp0.htm
c:\programme\webrebates4\websrebates\webtrebates\toprxpms0.htm

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates. file://C:\Programme\WebRebates4\websrebates\webtrebates\toprC0.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates. Contexts 63


Bullguard Potentially Unwanted Program more information...
Details: Bullguard is a software suite that includes antivirus, firewall, spam filter and online backup.
Status: Deleted

Infected files detected
c:\windows\temp\bullguard\bulldownload.exe


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Deleted

Infected files detected
c:\programme\need2find\bar\history\search
c:\windows\temp\altnet\mysearch.cab

Infected registry entries detected
HKEY_CURRENT_USER\Software\Need2Find
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.54691)
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id A6BB9516-D939-4335-AD32-BF1252D87C93
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 102.10844
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CheckForConnection 0
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2005112313
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 122
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ColorButtons 1


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Infected files detected
c:\windows\downloaded program files\webp2pinstaller.dll
c:\windows\system32\p2p networking v126.cpl
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\p2psetup.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}
HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\LocalServer32 C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\ProgID JCDE_Stack.1
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}\VersionIndependentProgID JCDE_Stack
HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2} P2P Stack for Joltid Content Distribution Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CLASSES_ROOT\JCDE_Stack
HKEY_CLASSES_ROOT\JCDE_Stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
HKEY_CLASSES_ROOT\JCDE_Stack\CurVer JCDE_Stack.1
HKEY_CLASSES_ROOT\JCDE_Stack P2P Stack for Joltid Content Distribution Environment
HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}
HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\NumMethods 17
HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} JCDE_ISystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2 %SystemRoot%\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Kazaa 1
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Altnet TopSearch 1
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking C:\WINDOWS\system32\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\system32\P2P Networking\Cache C:\WINDOWS\system32\P2P Networking\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.eng C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking v126.cpl C:\WINDOWS\system32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\system32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 4021
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 37
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 5
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 32
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory -532213825
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -268436997
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1134475540
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ... .. . .. ....... . . ... . .. ..
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 195.3.113.147:3531
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory -532213825
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -268436997
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 4021
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 37
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 5
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 32
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel1001 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 4021
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 37
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 5
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 32
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory -532213825
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -268436997
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1134475540
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ... .. . .. ....... . . ... . .. ..
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 195.3.113.147:3531
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1134928180
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID 637860331
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1135074444
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent DLStats
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1134475540
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History ... .. . .. ....... . . ... . .. ..
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1134928180
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\software\p2p networking
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel1001 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 4021
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 37
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 5
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 32
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory -1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory -532213825
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory -268436997
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1134475540
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History ... .. . .. ....... . . ... . .. ..
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 195.3.113.147:3531
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\system32\P2P Networking\Cache\
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\system32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1134928180
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID 637860331
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1135074444
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent DLStats
HKEY_CLASSES_ROOT\JCDE_Stack.1
HKEY_CLASSES_ROOT\JCDE_Stack.1\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
HKEY_CLASSES_ROOT\JCDE_Stack.1 P2P Stack for Joltid Content Distribution Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking DisplayName P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking UninstallString C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /UNINSTALL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking DisplayIcon C:\WINDOWS\system32\P2P Networking\P2P Networking.exe


IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected files detected
c:\delus.bat


Altnet Download Manager Low Risk Adware more information...
Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network.
Status: Deleted

Infected files detected
c:\windows\temp\altnet\dmfiles.cab
c:\windows\temp\altnet\dminfo3.cab
c:\windows\temp\altnet\dminstall7.cab
C:\WINDOWS\Temp\Altnet\adm.exe
C:\WINDOWS\Temp\Altnet\adm25.dll
C:\WINDOWS\Temp\Altnet\adm4.dll
C:\WINDOWS\Temp\Altnet\admdata.dll
C:\WINDOWS\Temp\Altnet\admdloader.dll
C:\WINDOWS\Temp\Altnet\admfdi.dll
C:\WINDOWS\Temp\Altnet\admprog.dll


Accoona.Toolbar Toolbar more information...
Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\ASearchAssist.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch\CurVer ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch ADefaultSearch Class
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1\CLSID {944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\ASearchAssist.ADefaultSearch.1 ADefaultSearch Class
HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}
HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\InprocServer32 C:\Programme\Accoona\ASearchAssist.dll
HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\ProgID ASearchAssist.ADefaultSearch.1
HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952}
HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}\VersionIndependentProgID ASearchAssist.ADefaultSearch
HKEY_CLASSES_ROOT\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} ADefaultSearch Class
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E}
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E}
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} +
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Distribution ID 94467005850470196661244888
HKEY_CLASSES_ROOT\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E} Package ID 400055
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib {EA3956D2-EC38-41AB-B601-47AA281E4952}
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6C8AB177-7B09-4F5C-9E6D-82EAA765430C} IADefaultSearch
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\0\win32 C:\Programme\Accoona\ASearchAssist.dll
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0\HELPDIR C:\Programme\Accoona\
HKEY_CLASSES_ROOT\TypeLib\{EA3956D2-EC38-41AB-B601-47AA281E4952}\1.0 ASearchAssist 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant DisplayIcon C:\Programme\Accoona\icon-sa.ico,-0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant Comments Search Assistant, Search Engine using Artificial Intelligence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant Contact info@accoona.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant DisplayName Accoona Search Assistant 1.0.1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant DisplayVersion 1.0.1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant HelpLink www.accoona.com/help
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant Publisher Accoona Corporation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant UninstallString C:\Programme\Accoona\SARemove.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Accoona Search Assistant URLInfoAbout http://www.accoona.com


Cydoor Adware (General) more information...
Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\cd_clint.dll


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Infected files detected
C:\WINDOWS\NDNuninstall6_98.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net Changed 0


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa
HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableListFiles 1
HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BBDbLoc D:\Programme\Db\bb.db
HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc D:\Programme\broadband.gif
HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc2 D:\Programme\broadband2.gif
HKEY_CURRENT_USER\Software\Kazaa\Settings +
HKEY_CURRENT_USER\Software\Kazaa\Settings Date
HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer +
HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1
HKEY_CURRENT_USER\Software\Kazaa Tmp 0


Cydoor.TOPicks Adware (General) more information...
Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}
HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\NumMethods 6
HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} JCDE_IChannel
HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}
HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\NumMethods 3
HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} JCDE_IEventSink_Channel
HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}
HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\NumMethods 7
HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} JCDE_IMessageHandler
HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}
HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\NumMethods 24
HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} JCDE_IFile
HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}
HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\NumMethods 4
HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
HKEY_CLASSES_ROOT\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} JCDE_IEventSink_File


RXToolbar Toolbar more information...
Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\RX Toolbar
HKEY_CURRENT_USER\Software\RX Toolbar RegisterNow 1
HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\InprocServer32 C:\PROGRA~1\RXTOOL~1\sfcont.dll
HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\ProgID RXResult.RXResultTracker.1
HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\VersionIndependentProgID RXResult.RXResultTracker
HKEY_CLASSES_ROOT\clsid\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} RXResultTracker Class
HKEY_CLASSES_ROOT\RXResult.RXResultTracker
HKEY_CLASSES_ROOT\RXResult.RXResultTracker\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483}
HKEY_CLASSES_ROOT\RXResult.RXResultTracker RXResultTracker Class
HKEY_CLASSES_ROOT\RXResult.RXResultFilter
HKEY_CLASSES_ROOT\RXResult.RXResultFilter\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKEY_CLASSES_ROOT\RXResult.RXResultFilter RXResultFilter Class
HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1
HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 RXResultFilter Class
HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1
HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483}
HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 RXResultTracker Class


TopRebates.WebRebates Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\besitzer\cookies\besitzer@toprebates[2].txt
Seitenanfang Seitenende
24.07.2006, 16:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 1.
Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet.

2.
verzichte in Zukunft (wenn du einen sauberen Rechner willst, auf P2P Networking )
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.07.2006, 19:56
Member

Themenstarter

Beiträge: 12
#7 ist jetzt webrebates sicher weg von meinem rechner?
und P2P networking ist jetzt auch weg oder?
beim quarantäne ordner ist bei mir aber nichts drinnen weil ich ja alles auf remove gestellt habe
-->was meinst du daher mit "einen teil der dateien"?
bitte erklär mir das ein wenig genauer!
Seitenanfang Seitenende
24.07.2006, 20:56
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 scanne einfach noch mal und loesche , was gefunden wurde...bis der Counterspy nichts mehr anzeigt ;)

+
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.08.2006, 16:39
Member

Themenstarter

Beiträge: 12
#9 ich war leider jetzt 14 tage in urlaub daher ist counterspy expired!
ich kann daher nicht mehr suchen,solange bis alles weg ist !
was soll ich jetzt machen?
nur mit hijack this oder was?
Seitenanfang Seitenende
14.08.2006, 23:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 dummes Ding, mit den 14 Tagen Urlaub ;) und Counterspy ist futsch ;)
poste das log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.08.2006, 14:21
Member

Themenstarter

Beiträge: 12
#11 Logfile of HijackThis v1.99.1
Scan saved at 14:21:01, on 15.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Winamp\winampa.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
D:\Programme\Phone\Skype.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\IPod\bin\iPodService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
D:\Programme\firefox.exe
C:\Programme\HiJackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [webrebates] "C:\Programme\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Skype] "D:\Programme\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128798793233
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE0AA70-A383-446D-8249-A63ADA63F2D9}: NameServer = 195.3.96.67 195.3.96.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\IPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Seitenanfang Seitenende
15.08.2006, 15:30
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\WebRebates4" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.08.2006, 18:32
Member

Themenstarter

Beiträge: 12
#13 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 64CD-D89B

Verzeichnis von C:\Programme

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 64CD-D89B

Verzeichnis von C:\WINDOWS\Downloaded Program Files

09.02.2005 17:54 1.271 erma.inf
08.10.2005 18:00 88.136 HPGetDownloadManager.ocx
26.08.2005 15:57 495 LegitCheckControl.inf
29.06.2005 18:17 227 opuc.inf
27.03.2006 13:00 5.019 swflash.inf
26.05.2005 04:19 291 wuweb.inf
6 Datei(en) 95.439 Bytes
0 Verzeichnis(se), 19.018.215.424 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 64CD-D89B


edit (Sabina)
Seitenanfang Seitenende
15.08.2006, 18:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 laokon

1.
öffne das HijackThis -- Button "scan" -- vor Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [webrebates] "C:\Programme\WebRebates4\webrebates.exe"

Rechner neustarten

2.
scanne mit Panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.08.2006, 14:09
Member

Themenstarter

Beiträge: 12
#15 Incident Status Location

Potentially unwanted tool:application/altnet Not disinfected HKEY_CLASSES_ROOT\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193}
Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\xg8ygjld.default\cookies.txt[as1.falkag.de/]

edit (Sabina)

____________________________
außerdem habe ich den O4 Webrebates.... mit hijackthis fixed!und dann pc neu gestartet!
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »