Soft Codec bzw. Registry SearchThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
09.10.2006, 10:27
Member
Beiträge: 13 |
||
 
|
|
|
|
09.10.2006, 10:40
Ehrenmitglied
 Beiträge: 29434 |
#2
poste bitte dieses log
http://virus-protect.org/artikel/tools/combofix.html was die regdatei betrifft, so war deine nicht korrekt..ich bringe as in Ordnung  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.10.2006, 10:41
Member
Themenstarter Beiträge: 13 |
#3
Hier ist zusätzlich noch der Log-File, den mir "Combofix" ausgespuckt hat:
Friedel - 06-10-09 10:43:05,26 Service Pack 2 ComboFix 06.09.28 - Running from: "D:\Philipp" ((((((((((((((((((((((((((((((( Files Created from 2006-09-09 to 2006-10-09 )))))))))))))))))))))))))))))))))) 2006-10-08 13:14 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2006-10-08 13:14 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2006-10-08 09:55 147,456 --a------ C:\WINDOWS\system32\gqagksr.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-08 22:09 -------- d-------- C:\Programme\MyWebSearch 2006-10-08 16:09 -------- d-------- C:\Programme\MSN Messenger 2006-10-08 16:09 -------- d-------- C:\Programme\BearShare 2006-10-08 15:56 -------- d-------- C:\Programme\Trend Micro 2006-10-08 15:51 -------- d-------- C:\Programme\SoftCodec 2006-10-08 13:15 -------- d-------- C:\Programme\Spyware Doctor 2006-10-08 13:14 -------- d-------- C:\Dokumente und Einstellungen\Friedel\Anwendungsdaten\PC Tools 2006-10-08 12:59 -------- d-------- C:\Programme\xp-AntiSpy 2006-10-08 11:15 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-10-08 11:15 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield 2006-10-08 11:04 -------- d-------- C:\Programme\MalwareWipe.com 2006-10-08 10:01 -------- d-------- C:\Programme\VirusBurster 2006-10-04 01:13 -------- d-------- C:\Programme\DoctorSource 2 2006-09-28 22:08 -------- d-------- C:\Programme\TuneUp Utilities 2006 2006-09-28 22:08 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2006-09-28 22:08 -------- d-------- C:\Dokumente und Einstellungen\Friedel\Anwendungsdaten\TuneUp Software 2006-09-27 19:39 -------- d-------- C:\Programme\audiograbber 2006-08-22 21:28 -------- d-------- C:\Programme\HammerHead 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-18 01:47 -------- d-------- C:\Dokumente und Einstellungen\Friedel\Anwendungsdaten\ICQLite 2006-08-17 22:11 -------- d-------- C:\Programme\Miranda IM 2006-08-14 12:28 -------- d-------- C:\Programme\MAGIX Online Druck Service 2006-08-14 12:21 -------- d-------- C:\Programme\Gemeinsame Dateien\MAGIX Shared 2006-08-14 12:21 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-08-12 03:00 -------- d-------- C:\Programme\Internet Explorer 2006-08-10 11:56 -------- d-------- C:\Programme\IPPS 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Spyware Doctor"="C:\\PROGRA~1\\SPYWAR~1\\swdoctor.exe /Q" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KAVPersonal50"="C:\\Programme\\Steganos AntiVirus 7\\kav.exe /minimize" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,9e,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "SSS7"="\"C:\\Programme\\Steganos Security Suite 7\\SSS7.exe\" -firstboot" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "SSS7"="\"C:\\Programme\\Steganos Security Suite 7\\SSS7.exe\" -firstboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoLowDiskSpaceChecks"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\SoftCodec\\isamonitor.exe" "pmsngr.exe"="C:\\Programme\\SoftCodec\\pmsngr.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "W32v32"="{2475CEB2-5F43-4AA9-B914-DD947482E6A4}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-] "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Friedel^Startmenü^Programme^Autostart^Adobe Gamma.lnk] "path"="C:\\Dokumente und Einstellungen\\Friedel\\Startmenü\\Programme\\Autostart\\Adobe Gamma.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Friedel^Startmenü^Programme^Autostart^VirtualExpander.lnk] "path"="C:\\Dokumente und Einstellungen\\Friedel\\Startmenü\\Programme\\Autostart\\VirtualExpander.lnk" "backup"="C:\\WINDOWS\\pss\\VirtualExpander.lnkStartup" "location"="Startup" "command"="C:\\WINDOWS\\system32\\VIRTUA~1\\VIRTUA~1.EXE " "item"="VirtualExpander" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"D:\\Philipp\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 09.10.2006 10:44:40.32 ComboFix.txt Ich hoffe, dass ihr damit was anfangen könnt ;-) |
|
|
|
|
|
|
09.10.2006, 10:48
Ehrenmitglied
Beiträge: 29434 |
#4
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT42. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log, was vom avenger erscheint ** scanne mit smitfraudfix (Option 1 und 2) http://virus-protect.org/artikel/tools/smitfrautfix.html poste beide scanreporte _______ fixe , soweit es noch vorhanden ist: öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\SoftCodec\isaddon.dll** stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html ** Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.10.2006, 11:10
Member
Themenstarter Beiträge: 13 |
#5
So, hier erst mal das Avenger log:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\lrvwusha ******************* Script file located at: \??\C:\Program Files\pjchxcik.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Temp\vb_distrib.exe not found! Deletion of file C:\Temp\vb_distrib.exe failed! Could not process line: C:\Temp\vb_distrib.exe Status: 0xc0000034 File C:\Temp\vb_distrib(2).exe not found! Deletion of file C:\Temp\vb_distrib(2).exe failed! Could not process line: C:\Temp\vb_distrib(2).exe Status: 0xc0000034 File C:\WINDOWS\system32\gqagksr.dll deleted successfully. File C:\WINDOWS\system32\logterm.dll deleted successfully. Folder C:\Programme\MyWebSearch deleted successfully. Folder C:\Programme\BearShare deleted successfully. Folder C:\Programme\SoftCodec deleted successfully. Folder C:\Programme\MalwareWipe.com deleted successfully. Folder C:\Programme\VirusBurster deleted successfully. Completed script processing. ******************* Finished! Terminate. Jetzt der Rapport von Smitfraud (Option1) SmitFraudFix v2.106 Scan done at 11:12:47,67, 09.10.2006 Run from D:\Philipp\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Friedel »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Friedel\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Friedel\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Jetzt Rapport 2 (Option 2): SmitFraudFix v2.106 Scan done at 11:13:38,79, 09.10.2006 Run from D:\Philipp\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ok jetzt gehe ich weiter vor, wie du gesagt hast, danke schon mal :-D |
|
|
|
|
|
|
09.10.2006, 11:14
Ehrenmitglied
Beiträge: 29434 |
#6
««
poste die logs, die noch fehlen «« zum Schluss: scanne mit Counterspy, stelle ALLES auf remove und poste den report http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.10.2006, 11:29
Member
Themenstarter Beiträge: 13 |
#7
System 32:
------------- 16.09.2006 20:25 17.687 Wortliste 12.09.2006 18:57 19.137 Polyphonie.sib 23.08.2006 21:06 4.830 tipp0511.zip 23.08.2006 20:55 37.376 wave.zip 22.08.2006 20:08 2.194.069 Astn_2102_win.zip 22.08.2006 19:21 1.971 tipp0155.zip 14.08.2006 18:12 35.830 Elektro.gpk 14.08.2006 17:51 830.664 Elektro_MB3.mp3 14.08.2006 17:48 9.173.098 Elektro.WAV 13.08.2006 16:14 2.156 Boellmann_4St_4.mid 13.08.2006 16:10 1.613 machaut-Iste.mid 13.08.2006 16:09 786 fink6403.mid 13.08.2006 16:07 5.602 voluntary_C.mid 12.08.2006 10:25 83.456 Musikgeschichte III.doc 11.08.2006 23:11 29.328 elektroscheiáe.gpk 11.08.2006 21:52 7.508.308 elektroscheiáe.WAV 19.07.2006 22:28 4.225.152 bach - Coffee Cantata.mp3 02.07.2006 17:56 3.935.726 spinning_wheel.mp3 So das sind die logs, die mir datfind ausgespuckt hat, jetzt scanne ich noch mit counterspy und stelle alles auf remove und poste gleich danach den report |
|
|
|
|
|
|
09.10.2006, 12:11
Ehrenmitglied
Beiträge: 29434 |
#8
sehr interessant - alles die gleichen logs, weil du sie nicht dort entpackt hast, wo windows drauf ist auf C:\ ...damit kann ich nichts anfangen
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.10.2006, 12:55
Member
Themenstarter Beiträge: 13 |
#9
Also gut, dann noch einmal, diesmal für C: (sorry hab nicht aufgepasst, eigentlich isses ja echt voll der quatsch, haste ja recht ;-))
system32: --------- 09.10.2006 11:44 2.422 wpa.dbl 09.10.2006 11:23 126.247 ikhcore.log 08.10.2006 15:56 2.158 tmmute.ini 28.09.2006 22:17 311.740 perfh009.dat 28.09.2006 22:17 48.354 perfc007.dat 28.09.2006 22:17 316.924 perfh007.dat 28.09.2006 22:17 40.128 perfc009.dat 28.09.2006 22:17 722.222 PerfStringBackup.INI 11.09.2006 19:37 8.960.936 MRT.exe 27.08.2006 14:51 40.960 SHELL32.oca 27.08.2006 14:50 91.136 MSHFLXGD.oca 27.08.2006 14:50 36.352 MSADODC.oca 27.08.2006 14:50 66.560 MSDATGRD.oca 27.08.2006 14:50 267.264 MSCOMCTL.oca 27.08.2006 14:50 44.032 TABCTL32.oca 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe 18.08.2006 03:56 284.520 FNTCACHE.DAT 28.07.2006 22:53 76.672.665 kavsvc.dmp 28.07.2006 22:53 244 kavsvc.exception.log 28.07.2006 13:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 25.07.2006 22:33 615.936 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 05.07.2006 12:55 1.057.792 kernel32.dll 05.07.2006 12:55 129.411 dbutil32.dll system: ------------ 09.10.2006 11:24 0 0.log 09.10.2006 11:24 1.998.481 WindowsUpdate.log 09.10.2006 11:24 159 wiadebug.log 09.10.2006 11:24 50 wiaservc.log 09.10.2006 11:24 2.048 bootstat.dat 09.10.2006 11:22 32.592 SchedLgU.Txt 09.10.2006 11:15 180 setupact.log 09.10.2006 11:13 0 setuperr.log 04.10.2006 08:20 49 NeroDigital.ini 04.10.2006 01:10 29 CDSLangu.ini 29.09.2006 16:29 36.363 CSTBox.INI 28.09.2006 22:17 78.445 iis6.log 28.09.2006 22:17 108.665 ntdtcsetup.log 28.09.2006 22:17 201.758 tsoc.log 28.09.2006 22:17 28.700 ocmsn.log 28.09.2006 22:17 26.099 msgsocm.log 28.09.2006 22:17 521.253 FaxSetup.log 28.09.2006 12:12 0 SwSys1.bmp 28.09.2006 12:12 0 SwSys2.bmp 27.09.2006 23:16 1.374 imsins.BAK 27.09.2006 23:16 10.488 KB925486.log 27.09.2006 19:43 34 cdplayer.ini 23.09.2006 20:48 136 w32demo8.ini 23.09.2006 20:48 264 w32dasm8.ini 13.09.2006 09:08 13.031 KB920685.log 13.09.2006 09:08 15.028 KB920872.log 13.09.2006 09:07 13.178 KB919007.log 13.09.2006 09:07 9.171 KB922582.log 13.09.2006 09:07 34.607 updspapi.log 31.08.2006 18:46 87 vbaddin.ini 20.08.2006 14:19 1.274 ODBC.INI 18.08.2006 11:18 227 system.ini 18.08.2006 11:18 854 win.ini 17.08.2006 20:45 1.174 OEWABLog.txt 14.08.2006 19:55 316 beatbox.INI 14.08.2006 19:55 215 musicmaker.INI 14.08.2006 19:42 28 robota.INI 14.08.2006 19:27 307 sampler.INI 14.08.2006 12:18 239 magix.ini 12.08.2006 03:01 16.007 KB920214.log 12.08.2006 03:01 16.001 KB922616.log 12.08.2006 03:01 16.403 KB921398.log 12.08.2006 03:01 19.614 KB918899.log 12.08.2006 03:00 11.865 KB920670.log 12.08.2006 03:00 12.027 KB917422.log 12.08.2006 03:00 12.235 KB920683.log 11.08.2006 21:52 213 AudStu.INI 10.08.2006 10:55 11.102 KB921883.log 07.08.2006 03:00 6.087 WgaNotify.log 03.08.2006 12:59 42 Beastie Boys.pls 03.08.2006 12:59 132 winamp.ini 03.08.2006 12:25 42 mdv736.pls 03.08.2006 04:08 82 wavepool.ini 31.07.2006 13:51 1.469.174 ntbtlog.txt 19.07.2006 23:54 0 PROTOCOL.INI 19.07.2006 18:23 844 KB835732.log 19.07.2006 18:23 547 xpsp1hfm.log 11.07.2006 23:23 11.835 KB917159.log 11.07.2006 23:23 12.345 KB914388.log 11.07.2006 23:23 10.464 KB916595.log tmp: -------------- 09.10.2006 11:44 409 WGANotify.settings 09.10.2006 11:44 255 WGAErrLog.txt 2 Datei(en) 664 Bytes 0 Verzeichnis(se), 26.848.419.840 Bytes frei down: --------------- 27.08.2005 13:30 5.065 swflash.inf 14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx 24.07.2005 23:59 65 desktop.ini 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf 03.06.2005 04:49 752 jinstall-1_5_0_04.inf 09.02.2005 16:54 1.271 erma.inf 6 Datei(en) 121.044 Bytes 0 Verzeichnis(se), 26.848.428.032 Bytes frei sys: --------- 09.10.2006 12:59 0 sys.txt 09.10.2006 12:59 588 down.txt 09.10.2006 12:59 334 tmp.txt 09.10.2006 12:59 10.523 system.txt 09.10.2006 12:59 491 systemtemp.txt 09.10.2006 12:59 121.079 system32.txt 09.10.2006 11:24 536.399.872 hiberfil.sys 09.10.2006 11:24 805.306.368 pagefile.sys 09.10.2006 11:14 980 rapport.txt 09.10.2006 11:05 2.442 avenger.txt 09.10.2006 10:44 9.486 ComboFix.txt 04.10.2006 09:23 668 datFind.bat 18.08.2006 11:18 211 boot.ini 17.08.2006 22:10 102 shutdown.log 10.08.2006 22:49 1.184 INSTALL.LOG 09.02.2006 20:10 85 Neu WinRAR-Archiv.rar 19.11.2005 15:43 925.780 stueck.mp3 03.09.2005 14:46 0 itouch_config_crash_info.txt 03.09.2005 13:31 171 itouch.log 03.09.2005 13:30 0 itouch_crash_info.txt 23.08.2005 19:02 746 midi studio g7 deluxe.Key 07.08.2005 21:08 0 logwmemory.bin 30.07.2005 18:16 886 resolve.log 25.07.2005 00:00 0 IO.SYS 25.07.2005 00:00 0 CONFIG.SYS 25.07.2005 00:00 0 AUTOEXEC.BAT 25.07.2005 00:00 0 MSDOS.SYS so un als abschluss noch der report von Counterspy: ------------------------------------------------ Spyware Scan Details Start Date: 09.10.2006 11:49:28 End Date: 09.10.2006 12:30:38 Total Time: 41 mins 10 secs Detected spyware FunWebProducts Potentially Unwanted Program more information... Details: Fun Web Products bundles adware software in its products. Status: Deleted Infected files detected c:\windows\system32\f3pssavr.scr D:\WINDOWS\system32\f3PSSavr.scr Infected registry entries detected HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver ImagesFile 02276AF6.urr HKEY_CURRENT_USER\SOFTWARE\Fun Web Products HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\CursorLoader CursorFile 0017E84C.dat HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver ImagesFile 02276AF6.urr HKEY_CURRENT_USER\SOFTWARE\FunWebProducts HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionCount 24 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionTimestamp 39687 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings UID D2CDD07D-B8B6-4535-9A9A-9E57D5FCACC4 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam234 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam105 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam101 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam129 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam111 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam112 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam113 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam114 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam115 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam116 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam117 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam118 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam119 HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam120 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform FunWebProducts DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Deleted Infected files detected C:\!KillBox\SoftCodec\ot.ico C:\!KillBox\SoftCodec\ts.ico Trojan-Downloader.BAT.Ftp.ab Trojan Downloader more information... Status: Deleted Infected files detected D:\Philipp\SmitfraudFix\Reboot.exe My Way Speedbar Potentially Unwanted Program more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\runmsc.loader.1\clsid HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\clsid HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\curver HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg Changed 0 SpyGraphica Professional Commercial Key Logger more information... Details: SpyGraphica secretly monitors the PC and then delivers detailed remote activity reports to any e-mail address, as often as every 15 minutes. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\TypeLib\{A94ECBD4-7C0B-11D3-8031-0050048483BB} HKEY_CLASSES_ROOT\TypeLib\{A94ECBD4-7C0B-11D3-8031-0050048483BB}\1.1\0\win32 C:\WINDOWS\system32\GLABCORE.dll HKEY_CLASSES_ROOT\TypeLib\{A94ECBD4-7C0B-11D3-8031-0050048483BB}\1.1\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{A94ECBD4-7C0B-11D3-8031-0050048483BB}\1.1\HELPDIR C:\WINDOWS\system32\ HKEY_CLASSES_ROOT\TypeLib\{A94ECBD4-7C0B-11D3-8031-0050048483BB}\1.1 GroupLab Core Components 1.1 KeyLogger (Kaksoft) Key Logger more information... Details: KeyLogger is an easy-to-use tool to monitor every keystroke on your own computer Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\KakSoftStudio MyWebSearch Toolbar Potentially Unwanted Program more information... Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17} HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID MyWebSearch.HTMLPanel.1 HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib {3E720450-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID MyWebSearch.HTMLPanel HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} MyWebSearch HTML HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 C:\Programme\MyWebSearch\bar\4.bin\MWSBAR.DLL HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID MyWebSearchToolBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID MyWebSearchToolBar.ToolbarPlugin HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} MyWebSearch Toolbar Plugin HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID FunWebProducts.DataControl.1 HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib {C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID FunWebProducts.DataControl HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} DataCtrl Class HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID MyWebSearch.PseudoTransparentPlugin.1 HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID MyWebSearch.PseudoTransparentPlugin HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} MyWebSearch Pseudo Transparent Plugin HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} MyWebSearch Popup Menu Plugin HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17} HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179} HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib {0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} HttpControl Class HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} IMyWebSearchSettings HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} _IMyWebSearchSettingsEvents HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} ICookie HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390} HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390} IHistoryKiller HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib {C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} _IDataCtrlEvents HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728} HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib {C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728} IDataCtrl HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} IKillerObjManager HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} IScreenSaverInstaller HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} IMonitorEvents HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} IF3HTMLMenu HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} IIECookiesManager HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib {3E720450-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} IMyWebSearchHTMLPanel HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib {3E720450-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906} _IMyWebSearchHTMLPanelEvents HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} IFunWebProductsPopSwatterSettings HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} _IFunWebProductsPopSwatterSettingsEvents HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} IF3IMPlugin HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchSkinSettings HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchPseudoTransparent HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchPopupMenu HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchSkinWindow HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} IHistoryKillerScheduler HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69} HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69} ICookiesCollection HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} _IIECookiesManagerEvents HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} ILargeStringDisp HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} IF3AIMContainer HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib {0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} IHttpControl HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib {0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} IHttpControlEvents HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} _IHistorySchedulerEvents HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CLSID {3E720452-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CurVer MyWebSearch.HTMLPanel.1 HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel MyWebSearch HTML Panel HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1 HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 MyWebSearch Pseudo Transparent Plugin HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin\CLSID {53CED2D0-5E9A-4761-9005-648404E6F7E5} HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin\CurVer MyWebSearchToolBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin MyWebSearch Toolbar Plugin HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1\CLSID {53CED2D0-5E9A-4761-9005-648404E6F7E5} HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 MyWebSearch Toolbar Plugin HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1\CLSID {3E720452-B472-4954-B7AA-33069EB53906} HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 MyWebSearch HTML Panel BearShare P2P Program more information... Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\AutoConvertTo {0002CE02-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\NotInsertable HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID Equation.2 HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Microsoft Equation 2.0 HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} fiPza ]JG]qN{r_d@EuGkVuYRJbQFr HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} iYrlUn qhYYzaeUSYmZhDt]fynmMuIhB HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} EtwjjEtsaql K}VnRsjER~kDmqhwl^x@k^WJWxT HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} iqvzktjwSulo LGo{WZcV|Zpyb[JZuQN|SV}T]WdU{cje HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vktv Lkxm}N[PiXiZPHtd@~Vtr{p HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} IdpqDQTts c{OrWxJdc\TgSf^qS`M_QS HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jorqcLcBewHdH |htodHmKch\kkNXo{TlAS HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vgkhtx @uA`QwuUHFntPrVjGskkWxBtTjpO_Qvf HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} yayrnqXgum civdLv@iuhkhgTZ}dpugscIdS HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ushjxIstnfk F|_Zb[[d`SvTVU@glK HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ujFyvB sSBaYRnbpP~|m_XnzV{ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} nxazWwPcnyblJ FrapF\yKORPWjc|FRnTM@mz HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} xvUsyywaypnK pNU_ndZwTZtxOm@dMYdHnTaEqELhYo HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} uqAf u}` HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hlvShhYqbT ]JG]qN{r_d@EuGkVuYRJ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} bpaeGzTekm bQFqhYYzaeUSYmZhDt]fynmMuIhBK HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} xIyvnUZiFuz }VnRsjER~kDmqhwl^x@k HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hzolwpiFdyp ^WJWxTLGo{WZcV|Zpy HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} gwLzrpw b\OmtQBpOVaPAPlQ{co HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} sUEAKjbnUtdM PM\xqlMN[MIYS[pPwd`OaiUo HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} FhvrBfuTydyM r~|Z@WoGSbkDcNv_B HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} cltaCc NPllLC}XjOyvq\ol_|SN HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} gxCcArurYtrph EXrolVFsuvH]vrLzGNybsfFDr[rm HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} fxbJwdcxdNZFl dBPTvwFjMfFctQxKigtB HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} cfdTtL k{|oKz|eWafrc|TQAd^X HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} gdxuGgkA R{Yyw^BIfDp{kSvPrL HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} yjbqkh iNy{FP~T_hnzV{EKa@F HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} tzzzYo \yKL\XGvc|FRnTM@mzpNU_ndZwTZt HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} xdEryayKvkUm xOm@dMYdHn|unuqELjtVYLl Zango.SearchAssistant Adware (General) more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\zangohook.SABHO HKEY_CLASSES_ROOT\zangohook.SABHO\CurVer zangohook.SABHO.1 HKEY_CLASSES_ROOT\zangohook.SABHO Zango Search Assistant Helper Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717}\iexplore Count 235 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{202A961F-23AE-42B1-9505-FFE3C818D717}\iexplore Time Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\friedel\cookies\friedel@doubleclick[2].txt --------------------------------------------- ---------------------------------------------- so das wärs*gg* |
|
|
|
|
|
|
09.10.2006, 13:03
Ehrenmitglied
Beiträge: 29434 |
#10
nun muesste wieder alles sauber sein..kommen noch popups ?
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
09.10.2006, 13:09
Member
Themenstarter Beiträge: 13 |
#11
nein, es kommen keine pop-ups mehr, meine startseite ist wieder normal und nciht so ne seltsame "safetypage", pc läuft wieder besser (schneller?). Es ist wieder alles i.O. Danke sehr für deine großzügige Hilfe, echt klasse dieses Forum. Vielleicht kannst du mir mal bei Gelegenheit (auf deutsch, also nicht im PC-Slang*gg*) erklären, was ich jetzt genau getan habe, einiges habe ich nachvollziehen können, anderes wieder nciht. naja, deshalb bist du ja auch der fachmann. Auf jeden fall freu ich mich wien sau darüber, dass alles wieder glatt läuft, echt lieb von dir!
MfG Harti |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Obwohl ich mich in letzter Zeit oft mit Sassern, Würmern, Trojanern etc. rumgeschlagen habe raubt mir diese Sache doch ziemlich den letzten Nerv.
Ich habe gesehen, dass "Krusty" genau das gleiche, doer fast gleiche Problem hat wie ich und habe mir auch eure Beiträge sorgfältig durchgelesen, habe mir Registry Search heruntergeladen (Avenger lad ich gleich noch runter), aber irgendwie funktioniert es nich t so wie ich es gerne hätte.
Hier ist erstmal mein HighJackthis!-Log:
C:\Programme\Trend Micro\Tmas\Tmas.exe
C:\Programme\SoftCodec\isamini.exe
C:\Programme\SoftCodec\pmmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
D:\Philipp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://192.168.0.30:3128/ken.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Philipp\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\SoftCodec\isaddon.dll
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Philipp\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Steganos AntiVirus 7\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Programme\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Philipp\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed029YYDE_ZCxdm766YYDE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Philipp\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Philipp\Programme\ICQLite\ICQLite.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://192.168.0.30:3128/ken.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: W32v32 - {2475CEB2-5F43-4AA9-B914-DD947482E6A4} - C:\WINDOWS\system32\logterm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Programme\Steganos AntiVirus 7\kavsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Ich bin mit dem RegistrySearch so vorgegangen wie es "Sabina" vorgeschlagen hatte, habe und habe folgenden Text im Editor unter fixme.reg auf dem Desktop abgespeichert:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\SoftCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\SoftCodec\\pmsngr.exe"
Danach doppelklick auf die Dattei, dann wollte ich sie der Registrierung hinzufügen, plötzlich kam aber folgende Fehlermeldung:
C:.......Die angegebene Datei ist keine Registrierungsdatei. Registrierungsdateien können nur innerhalb des Registrierungseditors importiert werden.
Wie muss ich das verstehen, bzw. wo liegt mein Fehler? Muss ich den ganzen Text, der bei RegSearch erscheint in den editor kopieren und als fixme.reg speichern oder habe ich zuviel kopiert?
Würd mich freuen, wenn mir jmnd dabei helfen könnte, damit ich in Zukunft weiß, wie ich mit diesem Problem umzugehen habe.
MfG
Harti