TR/Vundo.Gen. krieg ihn nicht weg!!

#0
11.09.2006, 23:27
...neu hier

Beiträge: 9
#1 habe schon seit ein paar tagen dauernd die meldung von Antivir den trojaner TR/Vundo.Gen
weiß nicht wie ich den löschen kann.
Seitenanfang Seitenende
12.09.2006, 14:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 poste hier folgende logs
http://board.protecus.de/t23188.htm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.09.2006, 17:05
...neu hier

Themenstarter

Beiträge: 9
#3 Logfile of HijackThis v1.99.1
Scan saved at 17:05:00, on 12.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\PROMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Christoph\Virenprogramme\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.council-of-nemesis.de/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [VoipBuster] "C:\Programme\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - Startup: ZDWLan Utility.lnk = C:\Programme\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

Combofix:

Chris - 06-09-12 17:26:03.35
ComboFix 06.09.11B - Running from: C:\Christoph\Downloads

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Dokumente und Einstellungen\Chris\Eigene Dateien\ECURIT~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-12 to 2006-09-12 ))))))))))))))))))))))))))))))))))


2006-09-06 20:17 1,085,206 ---hs---- C:\WINDOWS\system32\qttss.bak2
2006-09-06 15:28 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-29 16:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-08-29 16:11 42,496 --a------ C:\WINDOWS\system32\swreg.exe
2006-08-29 16:11 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-08-29 16:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-08-29 11:22 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-08-28 13:49 632,065 ---hs---- C:\WINDOWS\system32\qttss.bak1
2006-08-28 13:48 573,492 --------- C:\WINDOWS\system32\ssttq.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-12 17:24 -------- d-------- C:\Programme\Mozilla Firefox
2006-09-12 17:21 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-11 17:30 -------- d-------- C:\Programme\CleanUp!
2006-09-11 15:54 -------- d-------- C:\Programme\ICQLite
2006-09-11 13:54 -------- d-------- C:\Programme\Zango
2006-09-11 09:59 20992 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-11 09:59 20992 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-09-11 09:59 20992 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-09-11 09:59 -------- d-------- C:\Programme\QuickTime
2006-09-11 09:59 -------- d-------- C:\Programme\MSN Messenger
2006-09-11 09:59 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-09-11 09:58 -------- d-------- C:\Programme\BearShare
2006-09-06 20:57 -------- d-------- C:\Programme\Shareaza
2006-09-06 20:55 -------- d-------- C:\Programme\MyGlobalSearch
2006-09-06 20:54 -------- d-------- C:\Programme\eMule.de
2006-09-06 20:51 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-06 15:12 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\VoipBuster
2006-09-06 14:18 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-06 14:18 -------- d-------- C:\Programme\WLAN Technology Corporation
2006-09-06 13:30 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\Adobe
2006-09-06 11:13 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\Skype
2006-08-29 15:39 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\Mozilla
2006-08-29 13:07 -------- d-------- C:\Programme\Ulead Systems
2006-08-28 13:43 -------- d-------- C:\Programme\Google
2006-08-28 11:14 -------- d-------- C:\Programme\ICQToolbar
2006-08-27 12:27 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\Google
2006-08-26 18:09 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\teamspeak2
2006-06-13 16:42 80 -r-hs---- C:\WINDOWS\system32\C46E99B9FD.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"updateMgr"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"VoipBuster"="\"C:\\Programme\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Ulead AutoDetector"="C:\\Programme\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"Ulead Photo Express 5 SE Calendar Checker"="C:\\Programme\\Ulead Systems\\Ulead Photo Express 5 SE\\calcheck.exe"
"NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"zango"="\"c:\\programme\\zango\\zango.exe\""
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,3e,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoo32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-09-12 17:26:34.04
ComboFix.txt
ComboFix2.txt
ComboFix3.txt



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\WINDOWS\system32

06-09-12 17:30 1,085,939 qttss.ini
06-09-11 23:13 1,085,206 qttss.bak2

06-09-11 09:59 20,992 NeroCheck.exe
06-09-11 09:59 20,992 hkcmd.exe
06-09-11 09:59 20,992 igfxtray.exe

06-09-10 18:38 2,184 wpa.dbl
06-09-07 15:37 143 mcrh.tmp
06-08-29 13:10 3,318,377 qtF.tmp
06-08-29 13:06 2,926,393 qtB.tmp
06-08-28 13:49 632,065 qttss.bak1
06-08-28 13:48 573,492 ssttq.dll

06-06-13 16:42 80 C46E99B9FD.dll
06-06-02 11:04 57,384 avsda.dll
06-05-16 17:23 181,040 FNTCACHE.DAT
06-04-29 13:44 40,972 perfc009.dat
06-04-29 13:44 314,644 perfh009.dat
06-04-29 13:44 320,424 perfh007.dat
06-04-29 13:44 49,372 perfc007.dat
06-04-29 13:44 732,342 PerfStringBackup.INI
06-04-27 17:49 288,417 SrchSTS.exe
06-03-03 13:16 16,832 amcompat.tlb
06-03-03 13:16 23,392 nscompat.tlb
06-02-20 18:12 3,638 cficon.ico
06-02-20 18:12 3,638 smicon.ico
06-02-20 18:12 3,638 sdicon.ico
06-02-20 18:12 3,638 dficon.ico
06-02-20 18:12 3,638 msicon.ico

06-02-13 18:56 94,674 192.168.123.254
06-01-24 19:34 118,784 sirenacm.dll
06-01-09 10:36 40,960 swsc.exe
06-01-09 10:36 42,496 swreg.exe
05-11-03 15:01 176,167 rmoc3260.dll
05-11-03 15:00 5,632 pndx5032.dll
05-11-03 15:00 6,656 pndx5016.dll
05-11-03 15:00 278,528 pncrt.dll
05-09-02 11:39 1,140 qtplugin.log
05-08-10 00:14 692,224 divxdec.ax
05-08-10 00:13 4,276 divxsm.tlb
05-08-10 00:13 524,288 DivXsm.exe
05-08-10 00:13 692,736 DivX.dll
05-08-10 00:13 688,128 divx_xx07.dll



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\DOKUME~1\Chris\LOKALE~1\Temp




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\WINDOWS

06-09-12 17:14 0 0.log
06-09-12 17:13 2,048 bootstat.dat
06-09-12 17:12 32,622 SchedLgU.Txt
06-09-11 17:15 321,328 ntbtlog.txt
06-09-11 17:02 174,308 setupact.log
06-09-11 13:58 116 NeroDigital.ini
06-09-09 14:59 1,014,359 setupapi.log
06-09-09 12:21 816 win.ini
06-09-08 10:11 50 wiaservc.log
06-09-08 10:11 159 wiadebug.log
06-09-07 17:15 101,433 wmsetup.log
06-09-06 20:51 2,560 _MSRSTRT.EXE
06-09-06 14:22 14,660 Windows Update.log
06-09-03 19:11 509 Ulead32.ini
06-09-03 14:04 50 cdplayer.ini
06-08-30 11:18 2,904 mozver.dat
06-08-29 15:39 0 nsreg.dat
06-08-25 18:08 71 pex.INI
06-06-12 16:23 2,573 DIFx.log
06-05-03 15:02 10,240 Thumbs.db
06-04-02 19:46 28,672 gscr.dll
06-03-03 13:16 236 wmsetup10.log
06-03-03 13:15 316,640 WMSysPr9.prx
06-02-24 12:45 151 PhotoSnapViewer.INI
06-01-14 12:27 440,887 DirectX.log
06-01-04 21:29 796,672 GPInstall.exe
06-01-02 20:41 631 avmcoins.log
05-12-10 12:12 155 winamp.ini
05-12-05 14:49 8,556 EPSTPLOG.TXT




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\

06-09-12 17:35 0 sys.txt
06-09-12 17:35 6,019 system.txt
06-09-12 17:34 133 systemtemp.txt
06-09-12 17:34 98,932 system32.txt
06-09-12 17:26 7,685 ComboFix.txt
06-09-12 17:25 135 ComboFix2.txt
06-09-12 17:21 8,089 ComboFix3.txt
06-09-12 17:13 792,723,456 pagefile.sys
06-09-11 23:19 706 VundoFix.txt
06-09-11 17:02 1,057 rapport.txt
06-08-24 18:00 232 sqmdata01.sqm
06-08-24 18:00 244 sqmnoopt01.sqm
06-08-23 18:01 268 sqmdata00.sqm
06-08-23 18:01 244 sqmnoopt00.sqm
05-09-28 19:57 47,580 NTDETECT.COM
05-09-28 19:57 235,296 ntldr
05-08-29 18:33 206,496 persist.dat
05-05-25 14:50 0 IO.SYS
05-05-25 14:50 0 CONFIG.SYS
05-05-25 14:50 0 AUTOEXEC.BAT
05-05-25 14:50 0 MSDOS.SYS
05-05-25 14:45 194 boot.ini
01-08-18 14:00 4,952 bootfont.bin
23 Datei(en) 793,341,718 Bytes
0 Verzeichnis(se), 19,347,296,256 Bytes frei



10)DPF????
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06-04-18 15:59 1,173,616 ClientAX.dll
06-03-02 15:40 1,271 erma.inf
00-01-20 15:25 1,162 Microsoft XML Parser for Java.osd
03-12-19 15:43 241 popcaploader.inf
06-06-22 11:41 5,032 swflash.inf
03-06-30 22:41 1,689 WMV9VCM.inf
05-04-29 18:24 155,648 zylomgamesplayer.dll
05-03-25 18:17 244 ZylomGamesPlayer.inf
8 Datei(en) 1,338,903 Bytes

Anzahl der angezeigten Dateien:
8 Datei(en) 1,338,903 Bytes
0 Verzeichnis(se), 19,347,279,872 Bytes frei
Dieser Beitrag wurde am 12.09.2006 um 17:39 Uhr von Stoph editiert.
Seitenanfang Seitenende
13.09.2006, 00:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Stoph

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\C46E99B9FD.dll


poste die reporte

--------------------------------------------------------------

Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoo32
HKEY_LOCAL_MACHINE\SOFTWARE\zango
HKEY_CURRENT_USER\SOFTWARE\zango

Files to delete:
C:\Programme\Mozilla Firefox\plugins\npclntax.dll
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qtF.tmp
C:\WINDOWS\system32\qtB.tmp
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\C46E99B9FD.dll
C:\WINDOWS\system32\amcompat.tlb
C:\WINDOWS\system32\nscompat.tlb
C:\WINDOWS\system32\cficon.ico
C:\WINDOWS\system32\smicon.ico
C:\WINDOWS\system32\sdicon.ico
C:\WINDOWS\system32\dficon.ico
C:\WINDOWS\system32\msicon.ico
C:\WINDOWS\Downloaded Program Files\ClientAX.dll
C:\Programme\BearShare\BearShareZangoInstaller.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Go to Library.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Uninstall Zango Instructions.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Zango Customer Support.url

Folders to delete:
C:\Programme\Zango
C:\Programme\BearShare
C:\Programme\MyGlobalSearch
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was nach neustart erscheint

**
scanne mit Counterspy, stelle nach dem scan alles auf remove und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.09.2006, 10:18
...neu hier

Themenstarter

Beiträge: 9
#5 complete scanning result of "NeroCheck.exe", received in VirusTotal at 09.13.2006, 09:58:37 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.16 09.13.2006 HEUR/Malware
Authentium 4.93.8 09.13.2006 no virus found
Avast 4.7.844.0 09.11.2006 no virus found
AVG 386 09.12.2006 Downloader.Agent.FJQ
BitDefender 7.2 09.13.2006 Trojan.LowZones.DH
CAT-QuickHeal 8.00 09.12.2006 TrojanDownloader.Agent.awf

ClamAV devel-20060426 09.13.2006 no virus found
DrWeb 4.33 09.13.2006 Trojan.LowZones.178
eTrust-InoculateIT 23.72.123 09.13.2006 no virus found
eTrust-Vet 30.3.3073 09.12.2006 no virus found
Ewido 4.0 09.12.2006 Downloader.Agent.awf
Fortinet 2.77.0.0 09.13.2006 suspicious
F-Prot 3.16f 09.13.2006 no virus found
F-Prot4 4.2.1.29 09.13.2006 no virus found
Ikarus 0.2.65.0 09.12.2006 no virus found
Kaspersky 4.0.2.24 09.13.2006 Trojan-Downloader.Win32.Agent.awf
McAfee 4850 09.12.2006 no virus found
Microsoft 1.1560 09.13.2006 no virus found
NOD32v2 1.1753 09.12.2006 no virus found
Norman 5.90.23 09.12.2006 W32/Agent.AKJS
Panda 9.0.0.4 09.12.2006 Trj/Lowzones.ST
Sophos 4.09.0 09.13.2006 no virus found
Symantec 8.0 09.13.2006 Trojan.LowZones
TheHacker 5.9.8.210 09.13.2006 no virus found
UNA 1.83 09.11.2006 TrojanDownloader.Win32.Agent.3259
VBA32 3.11.1 09.12.2006 Trojan.LowZones.178
VirusBuster 4.3.7:9 09.12.2006 no virus found

Aditional Information
File size: 20992 bytes
MD5: c3ad4eefe1e4e0c5896909600dd86191
SHA1: c772c8b9bb7fe356a7d12817b2b4fca2f0a4b5b5
packers: UPX





complete scanning result of "C46E99B9FD.dll", received in VirusTotal at 09.13.2006, 09:59:16 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.16 09.13.2006 no virus found
Authentium 4.93.8 09.13.2006 no virus found
Avast 4.7.844.0 09.11.2006 no virus found
AVG 386 09.12.2006 no virus found
BitDefender 7.2 09.13.2006 no virus found
CAT-QuickHeal 8.00 09.12.2006 no virus found
ClamAV devel-20060426 09.13.2006 no virus found
DrWeb 4.33 09.13.2006 no virus found
eTrust-InoculateIT 23.72.123 09.13.2006 no virus found
eTrust-Vet 30.3.3073 09.12.2006 no virus found
Ewido 4.0 09.12.2006 no virus found
Fortinet 2.77.0.0 09.13.2006 no virus found
F-Prot 3.16f 09.13.2006 no virus found
F-Prot4 4.2.1.29 09.13.2006 no virus found
Ikarus 0.2.65.0 09.12.2006 no virus found
Kaspersky 4.0.2.24 09.13.2006 no virus found
McAfee 4850 09.12.2006 no virus found
Microsoft 1.1560 09.13.2006 no virus found
NOD32v2 1.1753 09.12.2006 no virus found
Norman 5.90.23 09.12.2006 no virus found
Panda 9.0.0.4 09.12.2006 no virus found
Sophos 4.09.0 09.13.2006 no virus found
Symantec 8.0 09.13.2006 no virus found
TheHacker 5.9.8.210 09.13.2006 no virus found
UNA 1.83 09.11.2006 no virus found
VBA32 3.11.1 09.12.2006 no virus found
VirusBuster 4.3.7:9 09.12.2006 no virus found

Aditional Information
File size: 80 bytes
MD5: c4d780fb0d7586044fa33a853f274f52
SHA1: f01355202740c27ee4240a4df08cb5a282582991



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CURRENT_USER\SOFTWARE\zango


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\saqqudlp

*******************

Script file located at: \??\C:\Program Files\ndxjttmx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programme\Mozilla Firefox\plugins\npclntax.dll deleted successfully.
File C:\WINDOWS\system32\qttss.ini deleted successfully.
File C:\WINDOWS\system32\qttss.bak2 deleted successfully.
File C:\WINDOWS\system32\mcrh.tmp deleted successfully.
File C:\WINDOWS\system32\qtF.tmp deleted successfully.
File C:\WINDOWS\system32\qtB.tmp deleted successfully.
File C:\WINDOWS\system32\qttss.bak1 deleted successfully.
File C:\WINDOWS\system32\ssttq.dll deleted successfully.
File C:\WINDOWS\system32\C46E99B9FD.dll deleted successfully.
File C:\WINDOWS\system32\amcompat.tlb deleted successfully.
File C:\WINDOWS\system32\nscompat.tlb deleted successfully.
File C:\WINDOWS\system32\cficon.ico deleted successfully.
File C:\WINDOWS\system32\smicon.ico deleted successfully.
File C:\WINDOWS\system32\sdicon.ico deleted successfully.
File C:\WINDOWS\system32\dficon.ico deleted successfully.
File C:\WINDOWS\system32\msicon.ico deleted successfully.
File C:\WINDOWS\Downloaded Program Files\ClientAX.dll deleted successfully.
File C:\Programme\BearShare\BearShareZangoInstaller.exe deleted successfully.
File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Go to Library.url deleted successfully.
File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Uninstall Zango Instructions.lnk deleted successfully.
File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Zango Customer Support.url deleted successfully.
Folder C:\Programme\Zango deleted successfully.
Folder C:\Programme\BearShare deleted successfully.
Folder C:\Programme\MyGlobalSearch deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttq deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoo32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\zango deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Spyware Scan Details
Start Date: 06-09-13 10:32:44
End Date: 06-09-13 11:13:09
Total Time: 40 mins 25 secs

Detected spyware

Hotbar Toolbar more information...
Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer.
Status: Deleted

Infected files detected
c:\programme\hbtools\hbtools.log
C:\Christoph\Virenprogramme\hijackthis_199\backups\backup-20060829-160349-220.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll .Owner {8C875948-9C60-4381-9248-0DF180542D53}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll {8C875948-9C60-4381-9248-0DF180542D53}
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 C:\Programme\ShopperReports\Bin\1.0.5.0\ShprRprt.dll
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\ProgID ShprRprts.HbCommBand.1
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\VersionIndependentProgID ShprRprts.HbCommBand
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} ShopperReports – Price Comparison
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA} IHbSkinsManager
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF} IHbStats
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87} IDynamicProp
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464} IHbLicense
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD} IHbLfg2
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404} IHbMapiAddrBook
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226} IHbHttpClient
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B} IHbXip
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\0\win32 C:\Programme\HbTools\Bin\4.6.4.0\HbtCoreSrv.dll
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\HELPDIR C:\Programme\HbTools\Bin\4.6.4.0\
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0 HbCoreSrv 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools\HbTools\PI\3.2 PID00
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools\Hotbar\Install StartInstall 1309218
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} Hotbar Information Window
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {E77EDA01-3C56-4a96-8D08-02B42891C169}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\HbInstIE.dll 1


Zango.SearchAssistant Adware (General) more information...
Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zango


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\chris\desktop\my shared folder.lnk


BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\bearshare.lnk
c:\dokumente und einstellungen\chris\desktop\bearshare.lnk

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.5.6DE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer avifile.dll
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 avifil32.dll
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} IAVIStream & IAVIFile Proxy
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hTBJOaq
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} wevsllgbk x@fQcLu{Ji_XPG|li@aq
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} pqYUoxwd NRmo{oDt]`M^Fy|@k
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qumi TcyToBnDlYyq^YidKVIrNTABl
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} bHhp Q\@H\m}cE^rHrQuN_^ceFcfRd@jQq
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} QyagQJ YLKPfFF@~Hi{X_eiU@XTJRzDryr
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} gdyKweoSeHZkt iraD|HdpgPmmkivjj~j[innBjWD[t
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kXvv NUeTZ`CxAgN~{^jcV_lt@`lUnfD^Uzr
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} cmeup HWvBgXFvVua\BANT\aKqSRE`^bdgUtk
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kenf XMzZEbg}kirVCumzXF
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ijxwsdou H]NrtpjWNpS{uMsIRIxd[
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} FhprPaov NwDJtaZxQKNBHwLiEVBnkqnj\veRxfh
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} RBtxubfKgeWf ]AIVkwgRlmZSnPIQnJGmYh[\W[z[Hk
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} FNblz mDahx|kPpxwoPHgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,5,6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale DE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare Changed 0


Backdoor.Win32.Agent.vc Backdoor more information...
Details: Backdoor.Win32.Agent.vc is a program that creates a backdoor on the infected machine, allowing an attacker to control the machine for malicious purposes.
Status: Deleted

Infected files detected
C:\VundoFix Backups\services.dll


IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist exe_start 2
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never


Zango.CommonElements Adware (General) more information...
Details: Zango.CommonElements is a collection of traces that are found in multiple adware programs from 180solutions / Zango.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\zango
HKEY_CURRENT_USER\Software\zango clientAXPath C:\DOKUME~1\Chris\LOKALE~1\Temp\180B.tmp
HKEY_CURRENT_USER\Software\zango last_conn_h 29807992
HKEY_CURRENT_USER\Software\zango last_conn_l 572757868
HKEY_CURRENT_USER\Software\zango we 2
HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVct
m%2b%2bHrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw
%2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY516
%2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC
HKEY_CURRENT_USER\Software\zango TimeOffset -25202
HKEY_CURRENT_USER\Software\zango geourl_current_version 12
HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12
HKEY_CURRENT_USER\Software\zango actionurl_current_version 576
HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 576
HKEY_CURRENT_USER\Software\zango recent_shown
HKEY_CURRENT_USER\Software\zango key_int_high 29807933
HKEY_CURRENT_USER\Software\zango key_int_low -1961170214
HKEY_CURRENT_USER\Software\zango keyword_current_version 987
HKEY_CURRENT_USER\Software\zango keyword_last_full_version 987
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayName Zango Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango UninstallString c:\programme\zango\zango.exe /uninst_simple_init=y
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayIcon c:\programme\zango\zango.exe,5
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} IClientInstaller2
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} IRequiredComponent
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CurVer ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX ZangoClientAX Class
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 ZangoClientAX Class
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID ClientAX.ZangoClientAX
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} ZangoClientAX Class
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} ISeekmoClientAX
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} IZangoClientAX
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID LMgr180.WMDRMAx
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} WMDRMAx Class
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} ILicenseInstaller
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} IWMDRMAx
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} IInstantiator
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CurVer LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx WMDRMAx Class
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 WMDRMAx Class


Download Accelerator Plus Low Risk Adware more information...
Details: Download Accelerator Plus (DAP) is an advertising-supported download manager program from SpeedBit.com.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}
HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}\TypeLib {82351433-9094-11D1-A24B-00A0C932C7DF}
HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}\TypeLib Version 1.5
HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df} IAniGIF
HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}
HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}\TypeLib {82351433-9094-11D1-A24B-00A0C932C7DF}
HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}\TypeLib Version 1.5
HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000} IAniGIFEvents


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\wuse.1
HKEY_CLASSES_ROOT\wuse.1 WUSE_Id
HKEY_CURRENT_USER\Software\WhenU


WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSE.1
HKEY_CLASSES_ROOT\WUSE.1 WUSE_Id
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id


IST.XXXToolbar Toolbar more information...
Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\IST exe_start 2


IST.PowerScan Adware (General) more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist exe_start 2


Hotbar.ShopperReports Low Risk Adware more information...
Details: Part of Hotbar recent installation via shopperreports.com.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand.1
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand.1\CLSID {A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand.1 ShopperReports – Price Comparison
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand\CLSID {A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand\CurVer ShprRprts.HbCommBand.1
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand ShopperReports – Price Comparison
HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 C:\Programme\ShopperReports\Bin\1.0.5.0\ShprRprt.dll
HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\ProgID ShprRprts.HbCommBand.1
HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\VersionIndependentProgID ShprRprts.HbCommBand
HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} ShopperReports – Price Comparison
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14}


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}


MyGlobalSearch.Toolbar Potentially Unwanted Program more information...
Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404} My Global Search Bar BHO
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404} My Global Search Bar
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\ProgID MyGlobalSearchBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\VersionIndependentProgID MyGlobalSearchBar.SettingsPlugin
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404} My Global Search Bar Settings
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404} IMyGlobalSearchSettings
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404} _IMyGlobalSearchSettingsEvents
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin\CLSID {37B85A2B-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin\CurVer MyGlobalSearchBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin My Global Search Bar Settings Plugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1\CLSID {37B85A2B-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1 My Global Search Bar Settings Plugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CurVer MyGlobalSearchBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin MyGlobalSearch Toolbar Plugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 MyGlobalSearch Toolbar Plugin
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0\win32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\HELPDIR C:\Programme\MyGlobalSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0 Toolbar 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404} My Global Search Bar BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall DisplayName My Global Search Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall HelpLink http://help.myglobalsearch.com/searchbar.html
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall Publisher My Global Search Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall UninstallString rundll32 C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll,O
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall UrlInfoAbout http://www.myglobalbsearch.com/jsp/softwareterms.jsp
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Maximized 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar PluginPath C:\Programme\MyGlobalSearch\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id 6CDE9E9D-2E1E-44C1-9E16-0A172C4C3E72
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigRevision 5
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigRevisionURL http://cfg.myglobalsearch.com/barcfg.jsp?s=gs&p=IK
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006090615
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar NextConfigRequest sN630TPXxgE-
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar LastConfigRequest sKZqrBrXxgE-
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530


Trojan.WinlogonHook.Delf.A Trojan more information...
Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 256751635
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 779
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 187
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV


SpywareQuake Rogue Security Program more information...
Details: SpywareQuake is a purported anti-spyware application to scan for and remove spyware from users' computers.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}
HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib {5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}
HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23} IThreatEvents


Ipwins Adware (General) more information...
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\IpWins
HKEY_CURRENT_USER\Software\IpWins remove ok
Dieser Beitrag wurde am 13.09.2006 um 11:17 Uhr von Stoph editiert.
Seitenanfang Seitenende
13.09.2006, 11:28
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Stoph

Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe


-----------------------------------------------------

**
kopiere in den avenger

Zitat

Files to delete:
C:\WINDOWS\system32\NeroCheck.exe
**
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt
**
scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.09.2006, 11:59
...neu hier

Themenstarter

Beiträge: 9
#7 Complete scanning result of "hkcmd.exe", received in VirusTotal at 09.13.2006, 11:51:29 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.16 09.13.2006 HEUR/Malware
Authentium 4.93.8 09.13.2006 no virus found
Avast 4.7.844.0 09.11.2006 no virus found
AVG 386 09.12.2006 Downloader.Agent.FJQ
BitDefender 7.2 09.13.2006 Trojan.LowZones.DH
CAT-QuickHeal 8.00 09.12.2006 TrojanDownloader.Agent.awf
ClamAV devel-20060426 09.13.2006 no virus found
DrWeb 4.33 09.13.2006 Trojan.LowZones.178
eTrust-InoculateIT 23.72.123 09.13.2006 no virus found
eTrust-Vet 30.3.3073 09.12.2006 no virus found
Ewido 4.0 09.13.2006 Downloader.Agent.awf
Fortinet 2.77.0.0 09.13.2006 suspicious
F-Prot 3.16f 09.13.2006 no virus found
F-Prot4 4.2.1.29 09.13.2006 no virus found
Ikarus 0.2.65.0 09.12.2006 no virus found
Kaspersky 4.0.2.24 09.13.2006 Trojan-Downloader.Win32.Agent.awf
McAfee 4850 09.12.2006 no virus found
Microsoft 1.1560 09.13.2006 no virus found
NOD32v2 1.1753 09.12.2006 no virus found
Norman 5.90.23 09.12.2006 W32/Agent.AKJS
Panda 9.0.0.4 09.12.2006 Trj/Lowzones.ST
Sophos 4.09.0 09.13.2006 Troj/Agent-DFJ
Symantec 8.0 09.13.2006 Trojan.LowZones
TheHacker 5.9.8.210 09.13.2006 no virus found
UNA 1.83 09.11.2006 TrojanDownloader.Win32.Agent.3259
VBA32 3.11.1 09.12.2006 Trojan.LowZones.178
VirusBuster 4.3.7:9 09.12.2006 no virus found

Aditional Information
File size: 20992 bytes
MD5: c3ad4eefe1e4e0c5896909600dd86191
SHA1: c772c8b9bb7fe356a7d12817b2b4fca2f0a4b5b5
packers: UPX


Complete scanning result of "igfxtray.exe", received in VirusTotal at 09.13.2006, 11:51:43 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.16 09.13.2006 HEUR/Malware
Authentium 4.93.8 09.13.2006 no virus found
Avast 4.7.844.0 09.11.2006 no virus found
AVG 386 09.12.2006 Downloader.Agent.FJQ
BitDefender 7.2 09.13.2006 Trojan.LowZones.DH
CAT-QuickHeal 8.00 09.12.2006 TrojanDownloader.Agent.awf
ClamAV devel-20060426 09.13.2006 no virus found
DrWeb 4.33 09.13.2006 Trojan.LowZones.178
eTrust-InoculateIT 23.72.123 09.13.2006 no virus found
eTrust-Vet 30.3.3073 09.12.2006 no virus found
Ewido 4.0 09.13.2006 Downloader.Agent.awf
Fortinet 2.77.0.0 09.13.2006 suspicious
F-Prot 3.16f 09.13.2006 no virus found
F-Prot4 4.2.1.29 09.13.2006 no virus found
Ikarus 0.2.65.0 09.12.2006 no virus found
Kaspersky 4.0.2.24 09.13.2006 Trojan-Downloader.Win32.Agent.awf
McAfee 4850 09.12.2006 no virus found
Microsoft 1.1560 09.13.2006 no virus found
NOD32v2 1.1753 09.12.2006 no virus found
Norman 5.90.23 09.12.2006 W32/Agent.AKJS
Panda 9.0.0.4 09.12.2006 Trj/Lowzones.ST
Sophos 4.09.0 09.13.2006 Troj/Agent-DFJ
Symantec 8.0 09.13.2006 Trojan.LowZones
TheHacker 5.9.8.210 09.13.2006 no virus found
UNA 1.83 09.11.2006 TrojanDownloader.Win32.Agent.3259
VBA32 3.11.1 09.12.2006 Trojan.LowZones.178
VirusBuster 4.3.7:9 09.12.2006 no virus found

Aditional Information
File size: 20992 bytes
MD5: c3ad4eefe1e4e0c5896909600dd86191
SHA1: c772c8b9bb7fe356a7d12817b2b4fca2f0a4b5b5
packers: UPX
Seitenanfang Seitenende
13.09.2006, 12:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 avenger

Zitat

Files to delete:
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
dann poste die anderen logs
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.09.2006, 12:06
...neu hier

Themenstarter

Beiträge: 9
#9 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\Windows\System32\Com

05-09-28 19:59 <DIR> .
05-09-28 19:59 <DIR> ..
02-08-29 03:43 186,880 comadmin.dll
01-08-18 14:00 61,440 comempty.dat
01-08-18 14:00 77,348 comexp.msc
01-08-18 14:00 8,192 comrepl.exe
01-08-18 14:00 5,120 comrereg.exe
01-08-18 14:00 19,456 mtsadmin.tlb
6 Datei(en) 358,436 Bytes
2 Verzeichnis(se), 19,134,595,072 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\WINDOWS\system32

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06-03-02 15:40 1,271 erma.inf
00-01-20 15:25 1,162 Microsoft XML Parser for Java.osd
03-12-19 15:43 241 popcaploader.inf
06-06-22 11:41 5,032 swflash.inf
03-06-30 22:41 1,689 WMV9VCM.inf
05-04-29 18:24 155,648 zylomgamesplayer.dll
05-03-25 18:17 244 ZylomGamesPlayer.inf
7 Datei(en) 165,287 Bytes
0 Verzeichnis(se), 19,134,590,976 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\Programme

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\Dokumente und Einstellungen\Chris

06-09-11 13:58 <DIR> .
06-09-11 13:58 <DIR> ..
05-06-24 17:35 <DIR> Application Data
06-08-23 18:19 <DIR> Contacts
06-09-11 13:58 92 default.pls
06-09-13 12:05 <DIR> Desktop
06-09-12 17:21 <DIR> Eigene Dateien
06-08-29 15:35 <DIR> Favoriten
06-08-29 12:09 <DIR> Startmen
05-05-25 15:50 <DIR> WINDOWS
1 Datei(en) 92 Bytes
9 Verzeichnis(se), 19,134,590,976 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\Program Files

06-09-13 10:20 <DIR> .
06-09-13 10:20 <DIR> ..
06-06-21 16:44 <DIR> EA SPORTS
06-05-29 13:20 <DIR> ICQLite
0 Datei(en) 0 Bytes
4 Verzeichnis(se), 19,134,590,976 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Temp

06-09-13 12:05 <DIR> .
06-09-13 12:05 <DIR> ..
06-09-07 02:28 247 1F1205F7.TMP
06-09-12 17:21 <DIR> 20N48IS9
06-09-13 12:05 8 abc123.dat
06-09-13 12:02 4 abc123.pid
06-09-12 17:21 <DIR> AutoRun
06-09-12 17:21 <DIR> Default
06-09-12 17:21 <DIR> Epao
06-08-29 15:39 <DIR> ff_temp
06-09-12 17:21 <DIR> GGS32.tmp
05-05-25 15:13 <DIR> ich
06-09-12 17:21 <DIR> MessengerCache
06-09-12 17:21 <DIR> Nero7.tmp
05-12-07 20:10 <DIR> nro.log
06-09-12 17:21 <DIR> nro.tmp
06-09-12 17:21 <DIR> nsa35C.tmp
06-09-12 17:21 <DIR> nsk9.tmp
06-09-12 17:21 <DIR> nsp5DA.tmp
06-09-12 17:21 <DIR> nsq5.tmp
06-09-12 17:21 <DIR> nsqDAC.tmp
06-09-12 17:21 <DIR> nsu10.tmp
06-09-12 17:21 <DIR> outlook logging
06-09-12 17:21 <DIR> pft321~tmp
06-09-12 17:21 <DIR> pft346~tmp
06-09-12 17:21 <DIR> pft6~tmp
06-09-12 17:21 <DIR> Setup
06-09-12 17:21 <DIR> SigmaTel
06-09-13 11:40 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}27718.html
06-09-13 11:52 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}32703.html
06-09-12 17:21 <DIR> USB
06-09-12 17:21 <DIR> VBE
06-09-12 17:21 <DIR> WER2.tmp.dir00
06-09-12 17:21 <DIR> WER2D.tmp.dir00
06-09-12 17:21 <DIR> WER3.tmp.dir00
06-09-12 17:21 <DIR> WER37A.tmp.dir00
06-09-12 17:21 <DIR> WER3B.tmp.dir00
06-09-12 17:21 <DIR> WER3B7.tmp.dir00
06-09-12 17:21 <DIR> WER3B8.tmp.dir00
06-09-12 17:21 <DIR> WER3C.tmp.dir00
06-09-12 17:21 <DIR> WER3D.tmp.dir00
06-09-12 17:21 <DIR> WER5.tmp.dir00
06-09-12 17:21 <DIR> WER6.tmp.dir00
06-09-12 17:21 <DIR> WER630.tmp.dir00
06-09-12 17:21 <DIR> WER7.tmp.dir00
06-09-12 17:21 <DIR> WER8.tmp.dir00
06-09-12 17:21 <DIR> WERA.tmp.dir00
06-09-12 17:21 <DIR> WERB.tmp.dir00
06-09-12 17:21 <DIR> WERD3.tmp.dir00
06-09-12 17:21 <DIR> WERD4.tmp.dir00
06-09-12 17:21 <DIR> WERD5.tmp.dir00
06-09-12 17:21 <DIR> WERD6.tmp.dir00
06-09-12 17:21 <DIR> Word8.0
06-09-12 17:21 <DIR> {135A78D6-B893-4A50-A780-44F9A952005C}
05-11-04 12:52 <DIR> {82033549-DE14-419C-9DEA-FA3A53DBE2FB}
06-09-12 20:50 16,384 ~DF1A82.tmp
06-09-13 10:28 16,384 ~DF2131.tmp
06-09-12 20:49 16,384 ~DF4623.tmp
06-09-12 20:49 16,384 ~DF4D0F.tmp
06-09-13 09:54 16,384 ~DF4D26.tmp
06-09-13 10:29 32,768 ~DF51CE.tmp
06-09-13 09:54 16,384 ~DF5C0A.tmp
06-09-13 10:21 16,384 ~DF5F66.tmp
06-09-13 10:21 16,384 ~DF8A00.tmp
06-09-12 17:59 16,384 ~DF99E0.tmp
06-09-12 17:59 16,384 ~DFA84D.tmp
06-09-13 12:03 32,768 ~DFB4DB.tmp
06-09-13 10:32 1,212,416 ~DFCE15.tmp
06-09-13 12:03 16,384 ~DFE00F.tmp
06-09-13 12:03 512 ~DFE01A.tmp
06-09-13 12:03 16,384 ~DFE132.tmp
06-09-12 20:50 16,384 ~DFE28.tmp
06-09-13 12:04 16,384 ~DFE646.tmp
06-09-13 10:29 1,015,808 ~DFFFCF.tmp
06-09-12 17:21 <DIR> ~rnsetup
06-09-12 17:21 <DIR> ~T22F.tmp
24 Datei(en) 2,525,868 Bytes
52 Verzeichnis(se), 19,134,586,880 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\WINDOWS\Temp

06-09-12 17:21 <DIR> .
06-09-12 17:21 <DIR> ..
06-09-12 17:21 <DIR> _ISTMP1.DIR
06-09-12 17:21 <DIR> _ISTMP2.DIR
06-09-12 17:21 <DIR> _ISTMP3.DIR
06-09-12 17:21 <DIR> _ISTMP4.DIR
06-09-12 17:21 <DIR> _ISTMP5.DIR
0 Datei(en) 0 Bytes
7 Verzeichnis(se), 19,134,586,880 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\Temp

06-05-25 12:39 <DIR> .
06-05-25 12:39 <DIR> ..
05-06-03 17:38 162 features.txt
06-05-25 12:45 592,754 WMALog.txt
2 Datei(en) 592,916 Bytes
2 Verzeichnis(se), 19,134,586,880 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rjitxnvw

*******************

Script file located at: \??\C:\WINDOWS\System32\kcpgmrfn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\NeroCheck.exe not found!
Deletion of file C:\WINDOWS\system32\NeroCheck.exe failed!

Could not process line:
C:\WINDOWS\system32\NeroCheck.exe
Status: 0xc0000034

File C:\WINDOWS\system32\hkcmd.exe deleted successfully.
File C:\WINDOWS\system32\igfxtray.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Dieser Beitrag wurde am 13.09.2006 um 12:10 Uhr von Stoph editiert.
Seitenanfang Seitenende
13.09.2006, 12:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 poste noch mal die 4 logs von datfindbat
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.09.2006, 12:18
...neu hier

Themenstarter

Beiträge: 9
#11 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\WINDOWS\system32

06-09-10 18:38 2,184 wpa.dbl
06-06-02 11:04 57,384 avsda.dll
06-05-16 17:23 181,040 FNTCACHE.DAT
06-04-29 13:44 314,644 perfh009.dat
06-04-29 13:44 40,972 perfc009.dat
06-04-29 13:44 49,372 perfc007.dat
06-04-29 13:44 320,424 perfh007.dat
06-04-29 13:44 732,342 PerfStringBackup.INI
06-04-27 17:49 288,417 SrchSTS.exe
06-02-13 18:56 94,674 192.168.123.254
06-01-24 19:34 118,784 sirenacm.dll
06-01-09 10:36 40,960 swsc.exe
06-01-09 10:36 42,496 swreg.exe
05-11-03 15:01 176,167 rmoc3260.dll
05-11-03 15:00 5,632 pndx5032.dll
05-11-03 15:00 6,656 pndx5016.dll
05-11-03 15:00 278,528 pncrt.dll
05-10-20 15:37 40,960 SDelete.dll
05-10-20 15:37 24,924 openports.dll
05-09-02 11:39 1,140 qtplugin.log
05-08-10 00:14 692,224 divxdec.ax
05-08-10 00:13 4,276 divxsm.tlb
05-08-10 00:13 524,288 DivXsm.exe
05-08-10 00:13 692,736 DivX.dll
05-08-10 00:13 688,128 divx_xx07.dll
05-08-10 00:13 10,775 dsm_ja.qm
05-08-10 00:13 15,351 dsm_de.qm
05-08-10 00:13 15,153 dsm_fr.qm
05-08-10 00:13 688,128 divx_xx0c.dll


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\DOKUME~1\Chris\LOKALE~1\Temp

06-09-13 12:10 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}2138.html
06-09-13 12:09 32,768 ~DFA14D.tmp
06-09-13 12:08 16,384 ~DF8B35.tmp
06-09-13 12:08 512 ~DF74E0.tmp
06-09-13 12:08 16,384 ~DF74D3.tmp
06-09-13 12:08 16,384 ~DFDDBB.tmp
06-09-13 12:08 4 abc123.pid
06-09-13 12:04 16,384 ~DFE646.tmp
06-09-13 12:03 16,384 ~DFE00F.tmp
06-09-13 12:03 32,768 ~DFB4DB.tmp
06-09-13 12:03 16,384 ~DFE132.tmp
06-09-13 11:40 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}27718.html
06-09-13 10:32 1,212,416 ~DFCE15.tmp
06-09-13 10:29 1,015,808 ~DFFFCF.tmp
06-09-13 10:29 32,768 ~DF51CE.tmp
06-09-13 10:28 16,384 ~DF2131.tmp
06-09-13 10:21 16,384 ~DF8A00.tmp
06-09-13 10:21 16,384 ~DF5F66.tmp
06-09-13 09:54 16,384 ~DF5C0A.tmp
06-09-13 09:54 16,384 ~DF4D26.tmp
06-09-12 20:50 16,384 ~DF1A82.tmp
06-09-12 20:50 16,384 ~DFE28.tmp
06-09-12 20:49 16,384 ~DF4D0F.tmp
06-09-12 20:49 16,384 ~DF4623.tmp
06-09-12 17:59 16,384 ~DFA84D.tmp
06-09-12 17:59 16,384 ~DF99E0.tmp
06-09-07 02:28 247 1F1205F7.TMP
27 Datei(en) 2,607,780 Bytes
0 Verzeichnis(se), 19,131,715,584 Bytes frei



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\WINDOWS

06-09-13 12:08 0 0.log
06-09-13 12:08 2,048 bootstat.dat
06-09-13 12:07 32,622 SchedLgU.Txt
06-09-11 17:15 321,328 ntbtlog.txt
06-09-11 17:02 174,308 setupact.log
06-09-11 13:58 116 NeroDigital.ini
06-09-09 14:59 1,014,359 setupapi.log
06-09-09 12:21 816 win.ini
06-09-08 10:11 50 wiaservc.log
06-09-08 10:11 159 wiadebug.log
06-09-07 17:15 101,433 wmsetup.log
06-09-06 20:51 2,560 _MSRSTRT.EXE
06-09-06 14:22 14,660 Windows Update.log
06-09-03 19:11 509 Ulead32.ini
06-09-03 14:04 50 cdplayer.ini
06-08-30 11:18 2,904 mozver.dat
06-08-29 15:39 0 nsreg.dat
06-08-25 18:08 71 pex.INI
06-06-12 16:23 2,573 DIFx.log
06-05-03 15:02 10,240 Thumbs.db
06-04-02 19:46 28,672 gscr.dll
06-03-03 13:16 236 wmsetup10.log
06-03-03 13:15 316,640 WMSysPr9.prx
06-02-24 12:45 151 PhotoSnapViewer.INI
06-01-14 12:27 440,887 DirectX.log
06-01-04 21:29 796,672 GPInstall.exe
06-01-02 20:41 631 avmcoins.log
05-12-10 12:12 155 winamp.ini
05-12-05 14:49 8,556 EPSTPLOG.TXT
05-09-28 20:05 1,165 OEWABLog.txt
05-09-28 20:02 17,757 comsetup.log
05-09-28 20:02 54,189 iis6.log
05-09-28 20:02 8,984 ntdtcsetup.log
05-09-28 20:02 12,985 tsoc.log
05-09-28 20:02 185,549 svcpack.log
05-09-28 20:02 1,374 imsins.log
05-09-28 20:02 297 tabletoc.log
05-09-28 20:01 15,902 ocgen.log
05-09-28 20:01 1,128 msgsocm.log
05-09-28 20:01 1,277 ocmsn.log
05-09-28 20:01 1,083 netfxocm.log
05-09-28 20:01 17,721 FaxSetup.log
05-09-28 20:01 11,884 msmqinst.log



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB

Verzeichnis von C:\

06-09-13 12:17 0 sys.txt
06-09-13 12:17 6,019 system.txt
06-09-13 12:17 1,608 systemtemp.txt
06-09-13 12:17 98,430 system32.txt
06-09-13 12:08 792,723,456 pagefile.sys
06-09-13 12:07 1,610 avenger.txt
06-09-13 12:05 13,563 files.txt
06-09-12 17:38 2 DirDPFCns.txt
06-09-12 17:38 768 DirDPF.txt
06-09-12 17:26 7,685 ComboFix.txt
06-09-12 17:25 135 ComboFix2.txt
06-09-12 17:21 8,089 ComboFix3.txt
06-09-11 23:19 706 VundoFix.txt
06-09-11 17:02 1,057 rapport.txt
06-08-24 18:00 232 sqmdata01.sqm
06-08-24 18:00 244 sqmnoopt01.sqm
06-08-23 18:01 244 sqmnoopt00.sqm
06-08-23 18:01 268 sqmdata00.sqm
05-09-28 19:57 47,580 NTDETECT.COM
05-09-28 19:57 235,296 ntldr
05-08-29 18:33 206,496 persist.dat
05-05-25 14:50 0 IO.SYS
05-05-25 14:50 0 CONFIG.SYS
05-05-25 14:50 0 AUTOEXEC.BAT
05-05-25 14:50 0 MSDOS.SYS
05-05-25 14:45 194 boot.ini
01-08-18 14:00 4,952 bootfont.bin
27 Datei(en) 793,358,634 Bytes
0 Verzeichnis(se), 19,131,715,584 Bytes frei
Seitenanfang Seitenende
13.09.2006, 12:20
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 das ist nun in Ordnung,

scanne und poste den report
http://virus-protect.org/cureit.html

scanne mit panda und mit kaspersky und poste die scanreporte
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.09.2006, 12:45
...neu hier

Themenstarter

Beiträge: 9
#13 was kannst du mir denn so als firewall empfehlen??
Seitenanfang Seitenende
13.09.2006, 13:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 poste erst mal die scanreporte, dann sehen wir weiter
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.09.2006, 13:52
...neu hier

Themenstarter

Beiträge: 9
#15 qttask.exe C:\Programme\QuickTime Trojan.LowZones.178 Deleted.
realsched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB Trojan.LowZones.178 Deleted.
Monitor.exe C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic Trojan.LowZones.178 Deleted.
calcheck.exe C:\Programme\Ulead Systems\Ulead Photo Express 5 SE Trojan.LowZones.178 Deleted.
avgnt.exe C:\Programme\AntiVir PersonalEdition Classic Trojan.LowZones.178 Deleted.
AdobeUpdateManager.exe C:\Programme\Adobe\Acrobat 7.0\Reader Trojan.LowZones.178 Deleted.
Process.exe C:\Christoph\Virenprogramme\SmitfraudFix\SmitfraudFix Tool.Prockill
restart.exe C:\Christoph\Virenprogramme\SmitfraudFix\SmitfraudFix Tool.ShutDown.11
NPMyGlSh.dll C:\Programme\Mozilla Firefox\plugins Adware.Msearch
Process.exe C:\RECYCLER\S-1-5-21-1078081533-1715567821-725345543-1003\Dc2\SmitfraudFix Tool.Prockill
restart.exe C:\RECYCLER\S-1-5-21-1078081533-1715567821-725345543-1003\Dc2\SmitfraudFix Tool.ShutDown.11
A0053967.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP116 Adware.TryMedia
A0053968.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP116 Adware.TryMedia
A0053970.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP116 Adware.TryMedia
A0057391.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP137 Adware.FastSearch
A0057393.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP137 Trojan.Popuper Deleted.
A0057418.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP137 Adware.ClickSpring
A0057547.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP137 Adware.Zango
A0057594.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP139 Adware.Zango
A0058253.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP147 BackDoor.Emule.44 Deleted.
A0059479.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP148 Adware.Zango
A0059481.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP148 Adware.Zango
A0059595.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP149 Trojan.LowZones.178 Deleted.
A0059638.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP149 Trojan.LowZones.178 Deleted.
A0059901.DLL C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Adware.Msearch
A0059903.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Adware.Zango
A0059909.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Adware.Zango
A0059910.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Trojan.LowZones.178 Deleted.
A0059911.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Adware.Zango
A0059952.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059969.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059970.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059983.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059984.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059985.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059986.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059987.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059988.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted.
A0059990.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Tool.Prockill
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: