TR/Vundo.Gen. krieg ihn nicht weg!! |
||
---|---|---|
#0
| ||
11.09.2006, 23:27
...neu hier
Beiträge: 9 |
||
|
||
12.09.2006, 14:02
Ehrenmitglied
Beiträge: 29434 |
#2
poste hier folgende logs
http://board.protecus.de/t23188.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.09.2006, 17:05
...neu hier
Themenstarter Beiträge: 9 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 17:05:00, on 12.09.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\PROMon.exe C:\WINDOWS\System32\igfxtray.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Christoph\Virenprogramme\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.council-of-nemesis.de/ O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe" O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [VoipBuster] "C:\Programme\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized O4 - Startup: ZDWLan Utility.lnk = C:\Programme\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe Combofix: Chris - 06-09-12 17:26:03.35 ComboFix 06.09.11B - Running from: C:\Christoph\Downloads Microsoft Windows XP [Version 5.1.2600] (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\Dokumente und Einstellungen\Chris\Eigene Dateien\ECURIT~1 ((((((((((((((((((((((((((((((( Files Created from 2006-08-12 to 2006-09-12 )))))))))))))))))))))))))))))))))) 2006-09-06 20:17 1,085,206 ---hs---- C:\WINDOWS\system32\qttss.bak2 2006-09-06 15:28 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2006-08-29 16:11 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-08-29 16:11 42,496 --a------ C:\WINDOWS\system32\swreg.exe 2006-08-29 16:11 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-08-29 16:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-08-29 11:22 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-08-28 13:49 632,065 ---hs---- C:\WINDOWS\system32\qttss.bak1 2006-08-28 13:48 573,492 --------- C:\WINDOWS\system32\ssttq.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-12 17:24 -------- d-------- C:\Programme\Mozilla Firefox 2006-09-12 17:21 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-09-11 17:30 -------- d-------- C:\Programme\CleanUp! 2006-09-11 15:54 -------- d-------- C:\Programme\ICQLite 2006-09-11 13:54 -------- d-------- C:\Programme\Zango 2006-09-11 09:59 20992 --a------ C:\WINDOWS\system32\NeroCheck.exe 2006-09-11 09:59 20992 --a------ C:\WINDOWS\system32\igfxtray.exe 2006-09-11 09:59 20992 --a------ C:\WINDOWS\system32\hkcmd.exe 2006-09-11 09:59 -------- d-------- C:\Programme\QuickTime 2006-09-11 09:59 -------- d-------- C:\Programme\MSN Messenger 2006-09-11 09:59 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic 2006-09-11 09:58 -------- d-------- C:\Programme\BearShare 2006-09-06 20:57 -------- d-------- C:\Programme\Shareaza 2006-09-06 20:55 -------- d-------- C:\Programme\MyGlobalSearch 2006-09-06 20:54 -------- d-------- C:\Programme\eMule.de 2006-09-06 20:51 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2006-09-06 15:12 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\VoipBuster 2006-09-06 14:18 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-09-06 14:18 -------- d-------- C:\Programme\WLAN Technology Corporation 2006-09-06 13:30 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\Adobe 2006-09-06 11:13 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\Skype 2006-08-29 15:39 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\Mozilla 2006-08-29 13:07 -------- d-------- C:\Programme\Ulead Systems 2006-08-28 13:43 -------- d-------- C:\Programme\Google 2006-08-28 11:14 -------- d-------- C:\Programme\ICQToolbar 2006-08-27 12:27 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\Google 2006-08-26 18:09 -------- d-------- C:\Dokumente und Einstellungen\Chris\Anwendungsdaten\teamspeak2 2006-06-13 16:42 80 -r-hs---- C:\WINDOWS\system32\C46E99B9FD.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" "updateMgr"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "VoipBuster"="\"C:\\Programme\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PROMon.exe"="PROMon.exe" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "Ulead AutoDetector"="C:\\Programme\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe" "Ulead Photo Express 5 SE Calendar Checker"="C:\\Programme\\Ulead Systems\\Ulead Photo Express 5 SE\\calcheck.exe" "NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "zango"="\"c:\\programme\\zango\\zango.exe\"" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,3e,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttq HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoo32 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: 06-09-12 17:26:34.04 ComboFix.txt ComboFix2.txt ComboFix3.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\WINDOWS\system32 06-09-12 17:30 1,085,939 qttss.ini 06-09-11 23:13 1,085,206 qttss.bak2 06-09-11 09:59 20,992 NeroCheck.exe 06-09-11 09:59 20,992 hkcmd.exe 06-09-11 09:59 20,992 igfxtray.exe 06-09-10 18:38 2,184 wpa.dbl 06-09-07 15:37 143 mcrh.tmp 06-08-29 13:10 3,318,377 qtF.tmp 06-08-29 13:06 2,926,393 qtB.tmp 06-08-28 13:49 632,065 qttss.bak1 06-08-28 13:48 573,492 ssttq.dll 06-06-13 16:42 80 C46E99B9FD.dll 06-06-02 11:04 57,384 avsda.dll 06-05-16 17:23 181,040 FNTCACHE.DAT 06-04-29 13:44 40,972 perfc009.dat 06-04-29 13:44 314,644 perfh009.dat 06-04-29 13:44 320,424 perfh007.dat 06-04-29 13:44 49,372 perfc007.dat 06-04-29 13:44 732,342 PerfStringBackup.INI 06-04-27 17:49 288,417 SrchSTS.exe 06-03-03 13:16 16,832 amcompat.tlb 06-03-03 13:16 23,392 nscompat.tlb 06-02-20 18:12 3,638 cficon.ico 06-02-20 18:12 3,638 smicon.ico 06-02-20 18:12 3,638 sdicon.ico 06-02-20 18:12 3,638 dficon.ico 06-02-20 18:12 3,638 msicon.ico 06-02-13 18:56 94,674 192.168.123.254 06-01-24 19:34 118,784 sirenacm.dll 06-01-09 10:36 40,960 swsc.exe 06-01-09 10:36 42,496 swreg.exe 05-11-03 15:01 176,167 rmoc3260.dll 05-11-03 15:00 5,632 pndx5032.dll 05-11-03 15:00 6,656 pndx5016.dll 05-11-03 15:00 278,528 pncrt.dll 05-09-02 11:39 1,140 qtplugin.log 05-08-10 00:14 692,224 divxdec.ax 05-08-10 00:13 4,276 divxsm.tlb 05-08-10 00:13 524,288 DivXsm.exe 05-08-10 00:13 692,736 DivX.dll 05-08-10 00:13 688,128 divx_xx07.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\DOKUME~1\Chris\LOKALE~1\Temp Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\WINDOWS 06-09-12 17:14 0 0.log 06-09-12 17:13 2,048 bootstat.dat 06-09-12 17:12 32,622 SchedLgU.Txt 06-09-11 17:15 321,328 ntbtlog.txt 06-09-11 17:02 174,308 setupact.log 06-09-11 13:58 116 NeroDigital.ini 06-09-09 14:59 1,014,359 setupapi.log 06-09-09 12:21 816 win.ini 06-09-08 10:11 50 wiaservc.log 06-09-08 10:11 159 wiadebug.log 06-09-07 17:15 101,433 wmsetup.log 06-09-06 20:51 2,560 _MSRSTRT.EXE 06-09-06 14:22 14,660 Windows Update.log 06-09-03 19:11 509 Ulead32.ini 06-09-03 14:04 50 cdplayer.ini 06-08-30 11:18 2,904 mozver.dat 06-08-29 15:39 0 nsreg.dat 06-08-25 18:08 71 pex.INI 06-06-12 16:23 2,573 DIFx.log 06-05-03 15:02 10,240 Thumbs.db 06-04-02 19:46 28,672 gscr.dll 06-03-03 13:16 236 wmsetup10.log 06-03-03 13:15 316,640 WMSysPr9.prx 06-02-24 12:45 151 PhotoSnapViewer.INI 06-01-14 12:27 440,887 DirectX.log 06-01-04 21:29 796,672 GPInstall.exe 06-01-02 20:41 631 avmcoins.log 05-12-10 12:12 155 winamp.ini 05-12-05 14:49 8,556 EPSTPLOG.TXT Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\ 06-09-12 17:35 0 sys.txt 06-09-12 17:35 6,019 system.txt 06-09-12 17:34 133 systemtemp.txt 06-09-12 17:34 98,932 system32.txt 06-09-12 17:26 7,685 ComboFix.txt 06-09-12 17:25 135 ComboFix2.txt 06-09-12 17:21 8,089 ComboFix3.txt 06-09-12 17:13 792,723,456 pagefile.sys 06-09-11 23:19 706 VundoFix.txt 06-09-11 17:02 1,057 rapport.txt 06-08-24 18:00 232 sqmdata01.sqm 06-08-24 18:00 244 sqmnoopt01.sqm 06-08-23 18:01 268 sqmdata00.sqm 06-08-23 18:01 244 sqmnoopt00.sqm 05-09-28 19:57 47,580 NTDETECT.COM 05-09-28 19:57 235,296 ntldr 05-08-29 18:33 206,496 persist.dat 05-05-25 14:50 0 IO.SYS 05-05-25 14:50 0 CONFIG.SYS 05-05-25 14:50 0 AUTOEXEC.BAT 05-05-25 14:50 0 MSDOS.SYS 05-05-25 14:45 194 boot.ini 01-08-18 14:00 4,952 bootfont.bin 23 Datei(en) 793,341,718 Bytes 0 Verzeichnis(se), 19,347,296,256 Bytes frei 10)DPF???? Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\WINDOWS\Downloaded Program Files 06-04-18 15:59 1,173,616 ClientAX.dll 06-03-02 15:40 1,271 erma.inf 00-01-20 15:25 1,162 Microsoft XML Parser for Java.osd 03-12-19 15:43 241 popcaploader.inf 06-06-22 11:41 5,032 swflash.inf 03-06-30 22:41 1,689 WMV9VCM.inf 05-04-29 18:24 155,648 zylomgamesplayer.dll 05-03-25 18:17 244 ZylomGamesPlayer.inf 8 Datei(en) 1,338,903 Bytes Anzahl der angezeigten Dateien: 8 Datei(en) 1,338,903 Bytes 0 Verzeichnis(se), 19,347,279,872 Bytes frei Dieser Beitrag wurde am 12.09.2006 um 17:39 Uhr von Stoph editiert.
|
|
|
||
13.09.2006, 00:31
Ehrenmitglied
Beiträge: 29434 |
#4
Stoph
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\C46E99B9FD.dll poste die reporte -------------------------------------------------------------- Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint ** scanne mit Counterspy, stelle nach dem scan alles auf remove und poste den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.09.2006, 10:18
...neu hier
Themenstarter Beiträge: 9 |
#5
complete scanning result of "NeroCheck.exe", received in VirusTotal at 09.13.2006, 09:58:37 (CET).
Antivirus Version Update Result AntiVir 7.1.1.16 09.13.2006 HEUR/Malware Authentium 4.93.8 09.13.2006 no virus found Avast 4.7.844.0 09.11.2006 no virus found AVG 386 09.12.2006 Downloader.Agent.FJQ BitDefender 7.2 09.13.2006 Trojan.LowZones.DH CAT-QuickHeal 8.00 09.12.2006 TrojanDownloader.Agent.awf ClamAV devel-20060426 09.13.2006 no virus found DrWeb 4.33 09.13.2006 Trojan.LowZones.178 eTrust-InoculateIT 23.72.123 09.13.2006 no virus found eTrust-Vet 30.3.3073 09.12.2006 no virus found Ewido 4.0 09.12.2006 Downloader.Agent.awf Fortinet 2.77.0.0 09.13.2006 suspicious F-Prot 3.16f 09.13.2006 no virus found F-Prot4 4.2.1.29 09.13.2006 no virus found Ikarus 0.2.65.0 09.12.2006 no virus found Kaspersky 4.0.2.24 09.13.2006 Trojan-Downloader.Win32.Agent.awf McAfee 4850 09.12.2006 no virus found Microsoft 1.1560 09.13.2006 no virus found NOD32v2 1.1753 09.12.2006 no virus found Norman 5.90.23 09.12.2006 W32/Agent.AKJS Panda 9.0.0.4 09.12.2006 Trj/Lowzones.ST Sophos 4.09.0 09.13.2006 no virus found Symantec 8.0 09.13.2006 Trojan.LowZones TheHacker 5.9.8.210 09.13.2006 no virus found UNA 1.83 09.11.2006 TrojanDownloader.Win32.Agent.3259 VBA32 3.11.1 09.12.2006 Trojan.LowZones.178 VirusBuster 4.3.7:9 09.12.2006 no virus found Aditional Information File size: 20992 bytes MD5: c3ad4eefe1e4e0c5896909600dd86191 SHA1: c772c8b9bb7fe356a7d12817b2b4fca2f0a4b5b5 packers: UPX complete scanning result of "C46E99B9FD.dll", received in VirusTotal at 09.13.2006, 09:59:16 (CET). Antivirus Version Update Result AntiVir 7.1.1.16 09.13.2006 no virus found Authentium 4.93.8 09.13.2006 no virus found Avast 4.7.844.0 09.11.2006 no virus found AVG 386 09.12.2006 no virus found BitDefender 7.2 09.13.2006 no virus found CAT-QuickHeal 8.00 09.12.2006 no virus found ClamAV devel-20060426 09.13.2006 no virus found DrWeb 4.33 09.13.2006 no virus found eTrust-InoculateIT 23.72.123 09.13.2006 no virus found eTrust-Vet 30.3.3073 09.12.2006 no virus found Ewido 4.0 09.12.2006 no virus found Fortinet 2.77.0.0 09.13.2006 no virus found F-Prot 3.16f 09.13.2006 no virus found F-Prot4 4.2.1.29 09.13.2006 no virus found Ikarus 0.2.65.0 09.12.2006 no virus found Kaspersky 4.0.2.24 09.13.2006 no virus found McAfee 4850 09.12.2006 no virus found Microsoft 1.1560 09.13.2006 no virus found NOD32v2 1.1753 09.12.2006 no virus found Norman 5.90.23 09.12.2006 no virus found Panda 9.0.0.4 09.12.2006 no virus found Sophos 4.09.0 09.13.2006 no virus found Symantec 8.0 09.13.2006 no virus found TheHacker 5.9.8.210 09.13.2006 no virus found UNA 1.83 09.11.2006 no virus found VBA32 3.11.1 09.12.2006 no virus found VirusBuster 4.3.7:9 09.12.2006 no virus found Aditional Information File size: 80 bytes MD5: c4d780fb0d7586044fa33a853f274f52 SHA1: f01355202740c27ee4240a4df08cb5a282582991 ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CURRENT_USER\SOFTWARE\zango ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\saqqudlp ******************* Script file located at: \??\C:\Program Files\ndxjttmx.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Programme\Mozilla Firefox\plugins\npclntax.dll deleted successfully. File C:\WINDOWS\system32\qttss.ini deleted successfully. File C:\WINDOWS\system32\qttss.bak2 deleted successfully. File C:\WINDOWS\system32\mcrh.tmp deleted successfully. File C:\WINDOWS\system32\qtF.tmp deleted successfully. File C:\WINDOWS\system32\qtB.tmp deleted successfully. File C:\WINDOWS\system32\qttss.bak1 deleted successfully. File C:\WINDOWS\system32\ssttq.dll deleted successfully. File C:\WINDOWS\system32\C46E99B9FD.dll deleted successfully. File C:\WINDOWS\system32\amcompat.tlb deleted successfully. File C:\WINDOWS\system32\nscompat.tlb deleted successfully. File C:\WINDOWS\system32\cficon.ico deleted successfully. File C:\WINDOWS\system32\smicon.ico deleted successfully. File C:\WINDOWS\system32\sdicon.ico deleted successfully. File C:\WINDOWS\system32\dficon.ico deleted successfully. File C:\WINDOWS\system32\msicon.ico deleted successfully. File C:\WINDOWS\Downloaded Program Files\ClientAX.dll deleted successfully. File C:\Programme\BearShare\BearShareZangoInstaller.exe deleted successfully. File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Go to Library.url deleted successfully. File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Uninstall Zango Instructions.lnk deleted successfully. File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Zango Customer Support.url deleted successfully. Folder C:\Programme\Zango deleted successfully. Folder C:\Programme\BearShare deleted successfully. Folder C:\Programme\MyGlobalSearch deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttq deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhoo32 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\zango deleted successfully. Completed script processing. ******************* Finished! Terminate. Spyware Scan Details Start Date: 06-09-13 10:32:44 End Date: 06-09-13 11:13:09 Total Time: 40 mins 25 secs Detected spyware Hotbar Toolbar more information... Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer. Status: Deleted Infected files detected c:\programme\hbtools\hbtools.log C:\Christoph\Virenprogramme\hijackthis_199\backups\backup-20060829-160349-220.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll .Owner {8C875948-9C60-4381-9248-0DF180542D53} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll {8C875948-9C60-4381-9248-0DF180542D53} HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 C:\Programme\ShopperReports\Bin\1.0.5.0\ShprRprt.dll HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\ProgID ShprRprts.HbCommBand.1 HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2} HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\VersionIndependentProgID ShprRprts.HbCommBand HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} ShopperReports – Price Comparison HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA} HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA} IHbSkinsManager HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF} HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF} IHbStats HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87} HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87} IDynamicProp HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464} HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464} IHbLicense HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD} HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD} IHbLfg2 HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404} HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404} IHbMapiAddrBook HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226} HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226} IHbHttpClient HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B} HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B} IHbXip HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\0\win32 C:\Programme\HbTools\Bin\4.6.4.0\HbtCoreSrv.dll HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\HELPDIR C:\Programme\HbTools\Bin\4.6.4.0\ HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0 HbCoreSrv 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\HbTools HKEY_LOCAL_MACHINE\SOFTWARE\HbTools\HbTools\PI\3.2 PID00 HKEY_LOCAL_MACHINE\SOFTWARE\HbTools\Hotbar\Install StartInstall 1309218 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} Hotbar Information Window HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {E77EDA01-3C56-4a96-8D08-02B42891C169} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\HbInstIE.dll 1 Zango.SearchAssistant Adware (General) more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run zango KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected c:\dokumente und einstellungen\chris\desktop\my shared folder.lnk BearShare P2P Program more information... Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected c:\dokumente und einstellungen\all users\startmenü\programme\bearshare.lnk c:\dokumente und einstellungen\chris\desktop\bearshare.lnk Infected registry entries detected HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.5.6DE HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer avifile.dll HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 avifil32.dll HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} IAVIStream & IAVIFile Proxy HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hTBJOaq HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} wevsllgbk x@fQcLu{Ji_XPG|li@aq HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} pqYUoxwd NRmo{oDt]`M^Fy|@k HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qumi TcyToBnDlYyq^YidKVIrNTABl HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} bHhp Q\@H\m}cE^rHrQuN_^ceFcfRd@jQq HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} QyagQJ YLKPfFF@~Hi{X_eiU@XTJRzDryr HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} gdyKweoSeHZkt iraD|HdpgPmmkivjj~j[innBjWD[t HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kXvv NUeTZ`CxAgN~{^jcV_lt@`lUnfD^Uzr HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} cmeup HWvBgXFvVua\BANT\aKqSRE`^bdgUtk HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kenf XMzZEbg}kirVCumzXF HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ijxwsdou H]NrtpjWNpS{uMsIRIxd[ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} FhprPaov NwDJtaZxQKNBHwLiEVBnkqnj\veRxfh HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} RBtxubfKgeWf ]AIVkwgRlmZSnPIQnJGmYh[\W[z[Hk HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} FNblz mDahx|kPpxwoPHgd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,5,6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale DE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare Changed 0 Backdoor.Win32.Agent.vc Backdoor more information... Details: Backdoor.Win32.Agent.vc is a program that creates a backdoor on the infected machine, allowing an attacker to control the machine for malicious purposes. Status: Deleted Infected files detected C:\VundoFix Backups\services.dll IST.ISTbar Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist exe_start 2 HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never Zango.CommonElements Adware (General) more information... Details: Zango.CommonElements is a collection of traces that are found in multiple adware programs from 180solutions / Zango. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\zango HKEY_CURRENT_USER\Software\zango clientAXPath C:\DOKUME~1\Chris\LOKALE~1\Temp\180B.tmp HKEY_CURRENT_USER\Software\zango last_conn_h 29807992 HKEY_CURRENT_USER\Software\zango last_conn_l 572757868 HKEY_CURRENT_USER\Software\zango we 2 HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVct m%2b%2bHrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw %2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY516 %2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC HKEY_CURRENT_USER\Software\zango TimeOffset -25202 HKEY_CURRENT_USER\Software\zango geourl_current_version 12 HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12 HKEY_CURRENT_USER\Software\zango actionurl_current_version 576 HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 576 HKEY_CURRENT_USER\Software\zango recent_shown HKEY_CURRENT_USER\Software\zango key_int_high 29807933 HKEY_CURRENT_USER\Software\zango key_int_low -1961170214 HKEY_CURRENT_USER\Software\zango keyword_current_version 987 HKEY_CURRENT_USER\Software\zango keyword_last_full_version 987 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayName Zango Search Assistant HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango UninstallString c:\programme\zango\zango.exe /uninst_simple_init=y HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayIcon c:\programme\zango\zango.exe,5 HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\ HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} IClientInstaller2 HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} IRequiredComponent HKEY_CLASSES_ROOT\ClientAX.RequiredComponent HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CurVer ClientAX.ZangoClientAX.1 HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX ZangoClientAX Class HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 ZangoClientAX Class HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID ClientAX.ZangoClientAX.1 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID ClientAX.ZangoClientAX HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} ZangoClientAX Class HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} ISeekmoClientAX HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} IZangoClientAX HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.ClientInstaller HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID LMgr180.WMDRMAx.1 HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID LMgr180.WMDRMAx HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} WMDRMAx Class HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} ILicenseInstaller HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} IWMDRMAx HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} IInstantiator HKEY_CLASSES_ROOT\LMgr180.WMDRMAx HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CurVer LMgr180.WMDRMAx.1 HKEY_CLASSES_ROOT\LMgr180.WMDRMAx WMDRMAx Class HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 WMDRMAx Class Download Accelerator Plus Low Risk Adware more information... Details: Download Accelerator Plus (DAP) is an advertising-supported download manager program from SpeedBit.com. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df} HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}\TypeLib {82351433-9094-11D1-A24B-00A0C932C7DF} HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df}\TypeLib Version 1.5 HKEY_CLASSES_ROOT\interface\{82351440-9094-11d1-a24b-00a0c932c7df} IAniGIF HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000} HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}\TypeLib {82351433-9094-11D1-A24B-00A0C932C7DF} HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000}\TypeLib Version 1.5 HKEY_CLASSES_ROOT\interface\{5252ac41-94bb-11d1-b2e7-444553540000} IAniGIFEvents WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\runmsc.loader.1\clsid HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\clsid HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\curver HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1 HKEY_CLASSES_ROOT\wusn.1 HKEY_CLASSES_ROOT\wusn.1 WUSN_Id HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_CLASSES_ROOT\wuse.1 HKEY_CLASSES_ROOT\wuse.1 WUSE_Id HKEY_CURRENT_USER\Software\WhenU WhenU.WhenUSearch Low Risk Adware more information... Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\WUSE.1 HKEY_CLASSES_ROOT\WUSE.1 WUSE_Id HKEY_CLASSES_ROOT\WUSN.1 HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id IST.XXXToolbar Toolbar more information... Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\IST HKEY_CURRENT_USER\Software\IST exe_start 2 IST.PowerScan Adware (General) more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist exe_start 2 Hotbar.ShopperReports Low Risk Adware more information... Details: Part of Hotbar recent installation via shopperreports.com. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\ShprRprts.HbCommBand.1 HKEY_CLASSES_ROOT\ShprRprts.HbCommBand.1\CLSID {A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} HKEY_CLASSES_ROOT\ShprRprts.HbCommBand.1 ShopperReports – Price Comparison HKEY_CLASSES_ROOT\ShprRprts.HbCommBand HKEY_CLASSES_ROOT\ShprRprts.HbCommBand\CLSID {A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} HKEY_CLASSES_ROOT\ShprRprts.HbCommBand\CurVer ShprRprts.HbCommBand.1 HKEY_CLASSES_ROOT\ShprRprts.HbCommBand ShopperReports – Price Comparison HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 C:\Programme\ShopperReports\Bin\1.0.5.0\ShprRprt.dll HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\ProgID ShprRprts.HbCommBand.1 HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\TypeLib {842D315A-7E1E-448B-96E8-9E76D1820BE2} HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\VersionIndependentProgID ShprRprts.HbCommBand HKEY_CLASSES_ROOT\clsid\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} ShopperReports – Price Comparison HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping {946B3E9E-E21A-49c8-9F63-900533FAFE14} My Way Speedbar Potentially Unwanted Program more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} MyGlobalSearch.Toolbar Potentially Unwanted Program more information... Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404} My Global Search Bar BHO HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404} My Global Search Bar HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\ProgID MyGlobalSearchBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\VersionIndependentProgID MyGlobalSearchBar.SettingsPlugin HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404} My Global Search Bar Settings HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404} IMyGlobalSearchSettings HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404} _IMyGlobalSearchSettingsEvents HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin\CLSID {37B85A2B-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin\CurVer MyGlobalSearchBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin My Global Search Bar Settings Plugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1\CLSID {37B85A2B-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1 My Global Search Bar Settings Plugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945} HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CurVer MyGlobalSearchBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin MyGlobalSearch Toolbar Plugin HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945} HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 MyGlobalSearch Toolbar Plugin HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404} HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0\win32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\HELPDIR C:\Programme\MyGlobalSearch\bar\1.bin\ HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0 Toolbar 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404} My Global Search Bar BHO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall DisplayName My Global Search Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall HelpLink http://help.myglobalsearch.com/searchbar.html HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall Publisher My Global Search Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall UninstallString rundll32 C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll,O HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall UrlInfoAbout http://www.myglobalbsearch.com/jsp/softwareterms.jsp HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Maximized 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar PluginPath C:\Programme\MyGlobalSearch\bar\1.bin\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id 6CDE9E9D-2E1E-44C1-9E16-0A172C4C3E72 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigRevision 5 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigRevisionURL http://cfg.myglobalsearch.com/barcfg.jsp?s=gs&p=IK HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006090615 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar NextConfigRequest sN630TPXxgE- HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar LastConfigRequest sKZqrBrXxgE- HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530 Trojan.WinlogonHook.Delf.A Trojan more information... Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 256751635 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 779 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 187 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 40 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV SpywareQuake Rogue Security Program more information... Details: SpywareQuake is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23} HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib {5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9} HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23} IThreatEvents Ipwins Adware (General) more information... Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\IpWins HKEY_CURRENT_USER\Software\IpWins remove ok Dieser Beitrag wurde am 13.09.2006 um 11:17 Uhr von Stoph editiert.
|
|
|
||
13.09.2006, 11:28
Ehrenmitglied
Beiträge: 29434 |
#6
Stoph
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe ----------------------------------------------------- ** kopiere in den avenger Zitat Files to delete:** Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\** scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.09.2006, 11:59
...neu hier
Themenstarter Beiträge: 9 |
#7
Complete scanning result of "hkcmd.exe", received in VirusTotal at 09.13.2006, 11:51:29 (CET).
Antivirus Version Update Result AntiVir 7.1.1.16 09.13.2006 HEUR/Malware Authentium 4.93.8 09.13.2006 no virus found Avast 4.7.844.0 09.11.2006 no virus found AVG 386 09.12.2006 Downloader.Agent.FJQ BitDefender 7.2 09.13.2006 Trojan.LowZones.DH CAT-QuickHeal 8.00 09.12.2006 TrojanDownloader.Agent.awf ClamAV devel-20060426 09.13.2006 no virus found DrWeb 4.33 09.13.2006 Trojan.LowZones.178 eTrust-InoculateIT 23.72.123 09.13.2006 no virus found eTrust-Vet 30.3.3073 09.12.2006 no virus found Ewido 4.0 09.13.2006 Downloader.Agent.awf Fortinet 2.77.0.0 09.13.2006 suspicious F-Prot 3.16f 09.13.2006 no virus found F-Prot4 4.2.1.29 09.13.2006 no virus found Ikarus 0.2.65.0 09.12.2006 no virus found Kaspersky 4.0.2.24 09.13.2006 Trojan-Downloader.Win32.Agent.awf McAfee 4850 09.12.2006 no virus found Microsoft 1.1560 09.13.2006 no virus found NOD32v2 1.1753 09.12.2006 no virus found Norman 5.90.23 09.12.2006 W32/Agent.AKJS Panda 9.0.0.4 09.12.2006 Trj/Lowzones.ST Sophos 4.09.0 09.13.2006 Troj/Agent-DFJ Symantec 8.0 09.13.2006 Trojan.LowZones TheHacker 5.9.8.210 09.13.2006 no virus found UNA 1.83 09.11.2006 TrojanDownloader.Win32.Agent.3259 VBA32 3.11.1 09.12.2006 Trojan.LowZones.178 VirusBuster 4.3.7:9 09.12.2006 no virus found Aditional Information File size: 20992 bytes MD5: c3ad4eefe1e4e0c5896909600dd86191 SHA1: c772c8b9bb7fe356a7d12817b2b4fca2f0a4b5b5 packers: UPX Complete scanning result of "igfxtray.exe", received in VirusTotal at 09.13.2006, 11:51:43 (CET). Antivirus Version Update Result AntiVir 7.1.1.16 09.13.2006 HEUR/Malware Authentium 4.93.8 09.13.2006 no virus found Avast 4.7.844.0 09.11.2006 no virus found AVG 386 09.12.2006 Downloader.Agent.FJQ BitDefender 7.2 09.13.2006 Trojan.LowZones.DH CAT-QuickHeal 8.00 09.12.2006 TrojanDownloader.Agent.awf ClamAV devel-20060426 09.13.2006 no virus found DrWeb 4.33 09.13.2006 Trojan.LowZones.178 eTrust-InoculateIT 23.72.123 09.13.2006 no virus found eTrust-Vet 30.3.3073 09.12.2006 no virus found Ewido 4.0 09.13.2006 Downloader.Agent.awf Fortinet 2.77.0.0 09.13.2006 suspicious F-Prot 3.16f 09.13.2006 no virus found F-Prot4 4.2.1.29 09.13.2006 no virus found Ikarus 0.2.65.0 09.12.2006 no virus found Kaspersky 4.0.2.24 09.13.2006 Trojan-Downloader.Win32.Agent.awf McAfee 4850 09.12.2006 no virus found Microsoft 1.1560 09.13.2006 no virus found NOD32v2 1.1753 09.12.2006 no virus found Norman 5.90.23 09.12.2006 W32/Agent.AKJS Panda 9.0.0.4 09.12.2006 Trj/Lowzones.ST Sophos 4.09.0 09.13.2006 Troj/Agent-DFJ Symantec 8.0 09.13.2006 Trojan.LowZones TheHacker 5.9.8.210 09.13.2006 no virus found UNA 1.83 09.11.2006 TrojanDownloader.Win32.Agent.3259 VBA32 3.11.1 09.12.2006 Trojan.LowZones.178 VirusBuster 4.3.7:9 09.12.2006 no virus found Aditional Information File size: 20992 bytes MD5: c3ad4eefe1e4e0c5896909600dd86191 SHA1: c772c8b9bb7fe356a7d12817b2b4fca2f0a4b5b5 packers: UPX |
|
|
||
13.09.2006, 12:03
Ehrenmitglied
Beiträge: 29434 |
#8
avenger
Zitat Files to delete:dann poste die anderen logs __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.09.2006, 12:06
...neu hier
Themenstarter Beiträge: 9 |
#9
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB Verzeichnis von C:\Windows\System32\Com 05-09-28 19:59 <DIR> . 05-09-28 19:59 <DIR> .. 02-08-29 03:43 186,880 comadmin.dll 01-08-18 14:00 61,440 comempty.dat 01-08-18 14:00 77,348 comexp.msc 01-08-18 14:00 8,192 comrepl.exe 01-08-18 14:00 5,120 comrereg.exe 01-08-18 14:00 19,456 mtsadmin.tlb 6 Datei(en) 358,436 Bytes 2 Verzeichnis(se), 19,134,595,072 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\WINDOWS\system32 Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\WINDOWS\Downloaded Program Files 06-03-02 15:40 1,271 erma.inf 00-01-20 15:25 1,162 Microsoft XML Parser for Java.osd 03-12-19 15:43 241 popcaploader.inf 06-06-22 11:41 5,032 swflash.inf 03-06-30 22:41 1,689 WMV9VCM.inf 05-04-29 18:24 155,648 zylomgamesplayer.dll 05-03-25 18:17 244 ZylomGamesPlayer.inf 7 Datei(en) 165,287 Bytes 0 Verzeichnis(se), 19,134,590,976 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\Programme Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\Dokumente und Einstellungen\Chris 06-09-11 13:58 <DIR> . 06-09-11 13:58 <DIR> .. 05-06-24 17:35 <DIR> Application Data 06-08-23 18:19 <DIR> Contacts 06-09-11 13:58 92 default.pls 06-09-13 12:05 <DIR> Desktop 06-09-12 17:21 <DIR> Eigene Dateien 06-08-29 15:35 <DIR> Favoriten 06-08-29 12:09 <DIR> Startmen 05-05-25 15:50 <DIR> WINDOWS 1 Datei(en) 92 Bytes 9 Verzeichnis(se), 19,134,590,976 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\Program Files 06-09-13 10:20 <DIR> . 06-09-13 10:20 <DIR> .. 06-06-21 16:44 <DIR> EA SPORTS 06-05-29 13:20 <DIR> ICQLite 0 Datei(en) 0 Bytes 4 Verzeichnis(se), 19,134,590,976 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\Dokumente und Einstellungen\Chris\Lokale Einstellungen\Temp 06-09-13 12:05 <DIR> . 06-09-13 12:05 <DIR> .. 06-09-07 02:28 247 1F1205F7.TMP 06-09-12 17:21 <DIR> 20N48IS9 06-09-13 12:05 8 abc123.dat 06-09-13 12:02 4 abc123.pid 06-09-12 17:21 <DIR> AutoRun 06-09-12 17:21 <DIR> Default 06-09-12 17:21 <DIR> Epao 06-08-29 15:39 <DIR> ff_temp 06-09-12 17:21 <DIR> GGS32.tmp 05-05-25 15:13 <DIR> ich 06-09-12 17:21 <DIR> MessengerCache 06-09-12 17:21 <DIR> Nero7.tmp 05-12-07 20:10 <DIR> nro.log 06-09-12 17:21 <DIR> nro.tmp 06-09-12 17:21 <DIR> nsa35C.tmp 06-09-12 17:21 <DIR> nsk9.tmp 06-09-12 17:21 <DIR> nsp5DA.tmp 06-09-12 17:21 <DIR> nsq5.tmp 06-09-12 17:21 <DIR> nsqDAC.tmp 06-09-12 17:21 <DIR> nsu10.tmp 06-09-12 17:21 <DIR> outlook logging 06-09-12 17:21 <DIR> pft321~tmp 06-09-12 17:21 <DIR> pft346~tmp 06-09-12 17:21 <DIR> pft6~tmp 06-09-12 17:21 <DIR> Setup 06-09-12 17:21 <DIR> SigmaTel 06-09-13 11:40 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}27718.html 06-09-13 11:52 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}32703.html 06-09-12 17:21 <DIR> USB 06-09-12 17:21 <DIR> VBE 06-09-12 17:21 <DIR> WER2.tmp.dir00 06-09-12 17:21 <DIR> WER2D.tmp.dir00 06-09-12 17:21 <DIR> WER3.tmp.dir00 06-09-12 17:21 <DIR> WER37A.tmp.dir00 06-09-12 17:21 <DIR> WER3B.tmp.dir00 06-09-12 17:21 <DIR> WER3B7.tmp.dir00 06-09-12 17:21 <DIR> WER3B8.tmp.dir00 06-09-12 17:21 <DIR> WER3C.tmp.dir00 06-09-12 17:21 <DIR> WER3D.tmp.dir00 06-09-12 17:21 <DIR> WER5.tmp.dir00 06-09-12 17:21 <DIR> WER6.tmp.dir00 06-09-12 17:21 <DIR> WER630.tmp.dir00 06-09-12 17:21 <DIR> WER7.tmp.dir00 06-09-12 17:21 <DIR> WER8.tmp.dir00 06-09-12 17:21 <DIR> WERA.tmp.dir00 06-09-12 17:21 <DIR> WERB.tmp.dir00 06-09-12 17:21 <DIR> WERD3.tmp.dir00 06-09-12 17:21 <DIR> WERD4.tmp.dir00 06-09-12 17:21 <DIR> WERD5.tmp.dir00 06-09-12 17:21 <DIR> WERD6.tmp.dir00 06-09-12 17:21 <DIR> Word8.0 06-09-12 17:21 <DIR> {135A78D6-B893-4A50-A780-44F9A952005C} 05-11-04 12:52 <DIR> {82033549-DE14-419C-9DEA-FA3A53DBE2FB} 06-09-12 20:50 16,384 ~DF1A82.tmp 06-09-13 10:28 16,384 ~DF2131.tmp 06-09-12 20:49 16,384 ~DF4623.tmp 06-09-12 20:49 16,384 ~DF4D0F.tmp 06-09-13 09:54 16,384 ~DF4D26.tmp 06-09-13 10:29 32,768 ~DF51CE.tmp 06-09-13 09:54 16,384 ~DF5C0A.tmp 06-09-13 10:21 16,384 ~DF5F66.tmp 06-09-13 10:21 16,384 ~DF8A00.tmp 06-09-12 17:59 16,384 ~DF99E0.tmp 06-09-12 17:59 16,384 ~DFA84D.tmp 06-09-13 12:03 32,768 ~DFB4DB.tmp 06-09-13 10:32 1,212,416 ~DFCE15.tmp 06-09-13 12:03 16,384 ~DFE00F.tmp 06-09-13 12:03 512 ~DFE01A.tmp 06-09-13 12:03 16,384 ~DFE132.tmp 06-09-12 20:50 16,384 ~DFE28.tmp 06-09-13 12:04 16,384 ~DFE646.tmp 06-09-13 10:29 1,015,808 ~DFFFCF.tmp 06-09-12 17:21 <DIR> ~rnsetup 06-09-12 17:21 <DIR> ~T22F.tmp 24 Datei(en) 2,525,868 Bytes 52 Verzeichnis(se), 19,134,586,880 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\WINDOWS\Temp 06-09-12 17:21 <DIR> . 06-09-12 17:21 <DIR> .. 06-09-12 17:21 <DIR> _ISTMP1.DIR 06-09-12 17:21 <DIR> _ISTMP2.DIR 06-09-12 17:21 <DIR> _ISTMP3.DIR 06-09-12 17:21 <DIR> _ISTMP4.DIR 06-09-12 17:21 <DIR> _ISTMP5.DIR 0 Datei(en) 0 Bytes 7 Verzeichnis(se), 19,134,586,880 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\Temp 06-05-25 12:39 <DIR> . 06-05-25 12:39 <DIR> .. 05-06-03 17:38 162 features.txt 06-05-25 12:45 592,754 WMALog.txt 2 Datei(en) 592,916 Bytes 2 Verzeichnis(se), 19,134,586,880 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\rjitxnvw ******************* Script file located at: \??\C:\WINDOWS\System32\kcpgmrfn.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\NeroCheck.exe not found! Deletion of file C:\WINDOWS\system32\NeroCheck.exe failed! Could not process line: C:\WINDOWS\system32\NeroCheck.exe Status: 0xc0000034 File C:\WINDOWS\system32\hkcmd.exe deleted successfully. File C:\WINDOWS\system32\igfxtray.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. Dieser Beitrag wurde am 13.09.2006 um 12:10 Uhr von Stoph editiert.
|
|
|
||
13.09.2006, 12:15
Ehrenmitglied
Beiträge: 29434 |
||
|
||
13.09.2006, 12:18
...neu hier
Themenstarter Beiträge: 9 |
#11
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5054-28AB Verzeichnis von C:\WINDOWS\system32 06-09-10 18:38 2,184 wpa.dbl 06-06-02 11:04 57,384 avsda.dll 06-05-16 17:23 181,040 FNTCACHE.DAT 06-04-29 13:44 314,644 perfh009.dat 06-04-29 13:44 40,972 perfc009.dat 06-04-29 13:44 49,372 perfc007.dat 06-04-29 13:44 320,424 perfh007.dat 06-04-29 13:44 732,342 PerfStringBackup.INI 06-04-27 17:49 288,417 SrchSTS.exe 06-02-13 18:56 94,674 192.168.123.254 06-01-24 19:34 118,784 sirenacm.dll 06-01-09 10:36 40,960 swsc.exe 06-01-09 10:36 42,496 swreg.exe 05-11-03 15:01 176,167 rmoc3260.dll 05-11-03 15:00 5,632 pndx5032.dll 05-11-03 15:00 6,656 pndx5016.dll 05-11-03 15:00 278,528 pncrt.dll 05-10-20 15:37 40,960 SDelete.dll 05-10-20 15:37 24,924 openports.dll 05-09-02 11:39 1,140 qtplugin.log 05-08-10 00:14 692,224 divxdec.ax 05-08-10 00:13 4,276 divxsm.tlb 05-08-10 00:13 524,288 DivXsm.exe 05-08-10 00:13 692,736 DivX.dll 05-08-10 00:13 688,128 divx_xx07.dll 05-08-10 00:13 10,775 dsm_ja.qm 05-08-10 00:13 15,351 dsm_de.qm 05-08-10 00:13 15,153 dsm_fr.qm 05-08-10 00:13 688,128 divx_xx0c.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\DOKUME~1\Chris\LOKALE~1\Temp 06-09-13 12:10 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}2138.html 06-09-13 12:09 32,768 ~DFA14D.tmp 06-09-13 12:08 16,384 ~DF8B35.tmp 06-09-13 12:08 512 ~DF74E0.tmp 06-09-13 12:08 16,384 ~DF74D3.tmp 06-09-13 12:08 16,384 ~DFDDBB.tmp 06-09-13 12:08 4 abc123.pid 06-09-13 12:04 16,384 ~DFE646.tmp 06-09-13 12:03 16,384 ~DFE00F.tmp 06-09-13 12:03 32,768 ~DFB4DB.tmp 06-09-13 12:03 16,384 ~DFE132.tmp 06-09-13 11:40 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}27718.html 06-09-13 10:32 1,212,416 ~DFCE15.tmp 06-09-13 10:29 1,015,808 ~DFFFCF.tmp 06-09-13 10:29 32,768 ~DF51CE.tmp 06-09-13 10:28 16,384 ~DF2131.tmp 06-09-13 10:21 16,384 ~DF8A00.tmp 06-09-13 10:21 16,384 ~DF5F66.tmp 06-09-13 09:54 16,384 ~DF5C0A.tmp 06-09-13 09:54 16,384 ~DF4D26.tmp 06-09-12 20:50 16,384 ~DF1A82.tmp 06-09-12 20:50 16,384 ~DFE28.tmp 06-09-12 20:49 16,384 ~DF4D0F.tmp 06-09-12 20:49 16,384 ~DF4623.tmp 06-09-12 17:59 16,384 ~DFA84D.tmp 06-09-12 17:59 16,384 ~DF99E0.tmp 06-09-07 02:28 247 1F1205F7.TMP 27 Datei(en) 2,607,780 Bytes 0 Verzeichnis(se), 19,131,715,584 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\WINDOWS 06-09-13 12:08 0 0.log 06-09-13 12:08 2,048 bootstat.dat 06-09-13 12:07 32,622 SchedLgU.Txt 06-09-11 17:15 321,328 ntbtlog.txt 06-09-11 17:02 174,308 setupact.log 06-09-11 13:58 116 NeroDigital.ini 06-09-09 14:59 1,014,359 setupapi.log 06-09-09 12:21 816 win.ini 06-09-08 10:11 50 wiaservc.log 06-09-08 10:11 159 wiadebug.log 06-09-07 17:15 101,433 wmsetup.log 06-09-06 20:51 2,560 _MSRSTRT.EXE 06-09-06 14:22 14,660 Windows Update.log 06-09-03 19:11 509 Ulead32.ini 06-09-03 14:04 50 cdplayer.ini 06-08-30 11:18 2,904 mozver.dat 06-08-29 15:39 0 nsreg.dat 06-08-25 18:08 71 pex.INI 06-06-12 16:23 2,573 DIFx.log 06-05-03 15:02 10,240 Thumbs.db 06-04-02 19:46 28,672 gscr.dll 06-03-03 13:16 236 wmsetup10.log 06-03-03 13:15 316,640 WMSysPr9.prx 06-02-24 12:45 151 PhotoSnapViewer.INI 06-01-14 12:27 440,887 DirectX.log 06-01-04 21:29 796,672 GPInstall.exe 06-01-02 20:41 631 avmcoins.log 05-12-10 12:12 155 winamp.ini 05-12-05 14:49 8,556 EPSTPLOG.TXT 05-09-28 20:05 1,165 OEWABLog.txt 05-09-28 20:02 17,757 comsetup.log 05-09-28 20:02 54,189 iis6.log 05-09-28 20:02 8,984 ntdtcsetup.log 05-09-28 20:02 12,985 tsoc.log 05-09-28 20:02 185,549 svcpack.log 05-09-28 20:02 1,374 imsins.log 05-09-28 20:02 297 tabletoc.log 05-09-28 20:01 15,902 ocgen.log 05-09-28 20:01 1,128 msgsocm.log 05-09-28 20:01 1,277 ocmsn.log 05-09-28 20:01 1,083 netfxocm.log 05-09-28 20:01 17,721 FaxSetup.log 05-09-28 20:01 11,884 msmqinst.log Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 5054-28AB Verzeichnis von C:\ 06-09-13 12:17 0 sys.txt 06-09-13 12:17 6,019 system.txt 06-09-13 12:17 1,608 systemtemp.txt 06-09-13 12:17 98,430 system32.txt 06-09-13 12:08 792,723,456 pagefile.sys 06-09-13 12:07 1,610 avenger.txt 06-09-13 12:05 13,563 files.txt 06-09-12 17:38 2 DirDPFCns.txt 06-09-12 17:38 768 DirDPF.txt 06-09-12 17:26 7,685 ComboFix.txt 06-09-12 17:25 135 ComboFix2.txt 06-09-12 17:21 8,089 ComboFix3.txt 06-09-11 23:19 706 VundoFix.txt 06-09-11 17:02 1,057 rapport.txt 06-08-24 18:00 232 sqmdata01.sqm 06-08-24 18:00 244 sqmnoopt01.sqm 06-08-23 18:01 244 sqmnoopt00.sqm 06-08-23 18:01 268 sqmdata00.sqm 05-09-28 19:57 47,580 NTDETECT.COM 05-09-28 19:57 235,296 ntldr 05-08-29 18:33 206,496 persist.dat 05-05-25 14:50 0 IO.SYS 05-05-25 14:50 0 CONFIG.SYS 05-05-25 14:50 0 AUTOEXEC.BAT 05-05-25 14:50 0 MSDOS.SYS 05-05-25 14:45 194 boot.ini 01-08-18 14:00 4,952 bootfont.bin 27 Datei(en) 793,358,634 Bytes 0 Verzeichnis(se), 19,131,715,584 Bytes frei |
|
|
||
13.09.2006, 12:20
Ehrenmitglied
Beiträge: 29434 |
#12
das ist nun in Ordnung,
scanne und poste den report http://virus-protect.org/cureit.html scanne mit panda und mit kaspersky und poste die scanreporte http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.09.2006, 12:45
...neu hier
Themenstarter Beiträge: 9 |
#13
was kannst du mir denn so als firewall empfehlen??
|
|
|
||
13.09.2006, 13:01
Ehrenmitglied
Beiträge: 29434 |
#14
poste erst mal die scanreporte, dann sehen wir weiter
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.09.2006, 13:52
...neu hier
Themenstarter Beiträge: 9 |
#15
qttask.exe C:\Programme\QuickTime Trojan.LowZones.178 Deleted.
realsched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB Trojan.LowZones.178 Deleted. Monitor.exe C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic Trojan.LowZones.178 Deleted. calcheck.exe C:\Programme\Ulead Systems\Ulead Photo Express 5 SE Trojan.LowZones.178 Deleted. avgnt.exe C:\Programme\AntiVir PersonalEdition Classic Trojan.LowZones.178 Deleted. AdobeUpdateManager.exe C:\Programme\Adobe\Acrobat 7.0\Reader Trojan.LowZones.178 Deleted. Process.exe C:\Christoph\Virenprogramme\SmitfraudFix\SmitfraudFix Tool.Prockill restart.exe C:\Christoph\Virenprogramme\SmitfraudFix\SmitfraudFix Tool.ShutDown.11 NPMyGlSh.dll C:\Programme\Mozilla Firefox\plugins Adware.Msearch Process.exe C:\RECYCLER\S-1-5-21-1078081533-1715567821-725345543-1003\Dc2\SmitfraudFix Tool.Prockill restart.exe C:\RECYCLER\S-1-5-21-1078081533-1715567821-725345543-1003\Dc2\SmitfraudFix Tool.ShutDown.11 A0053967.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP116 Adware.TryMedia A0053968.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP116 Adware.TryMedia A0053970.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP116 Adware.TryMedia A0057391.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP137 Adware.FastSearch A0057393.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP137 Trojan.Popuper Deleted. A0057418.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP137 Adware.ClickSpring A0057547.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP137 Adware.Zango A0057594.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP139 Adware.Zango A0058253.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP147 BackDoor.Emule.44 Deleted. A0059479.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP148 Adware.Zango A0059481.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP148 Adware.Zango A0059595.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP149 Trojan.LowZones.178 Deleted. A0059638.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP149 Trojan.LowZones.178 Deleted. A0059901.DLL C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Adware.Msearch A0059903.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Adware.Zango A0059909.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Adware.Zango A0059910.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Trojan.LowZones.178 Deleted. A0059911.dll C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP150 Adware.Zango A0059952.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059969.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059970.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059983.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059984.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059985.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059986.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059987.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059988.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Trojan.LowZones.178 Deleted. A0059990.exe C:\System Volume Information\_restore{EE6D4420-07E6-48A7-A248-4F74785898E7}\RP152 Tool.Prockill |
|
|
||
weiß nicht wie ich den löschen kann.