TVoteCall Dialer?

#1 Hallo,
ich habe ein sehr großes Problem, aber leider keine Ahnung von der Thematik.
Besser gesagt hat meine Familie ein großes Problem.

Ich versuche mal die Situation zu schildern.
Also, seit 3Monaten schon beträgt unsere Telefon/Interne Rechung an die 250-300€
Ich konnte mir das die ganze Zeit nicht erklären und mit den Nummern auf der Telefonrechnung konnte ich auch nicht viel anfangen, also hab ich auf Besserung gehofft.

Jetzt nach der nächsten 300€ Rechung ist mir so langsam der Kragen geplatzt.
Also hab ich ein wenig nachgeforscht. Ein so genannter TVoteCall „Anbieter?“, hat mir den letzten Monat das Geld aus der Tasche gezogen.
Jetzt hab ich bei google, nach TVoteCall gesucht und bin bei einem anderen Forum in einem Theard gelandet.
Nur dieser Theard konnte mir nicht weiter helfen.
Ich hoffe das Reicht. Wenn ihr mehr Informationen braucht sagt es bitte, wie gesagt ich kenn mich absolut nicht aus.

Zu unsere Situation daheim.
Wir haben im gesamten 3 PCs und 1 Laptop, alle mit Internet Anschluss, alle mit einander vernetzt.

So jetzt weißt ich auch nicht weiter, ich bin der Verzweiflung nahe, den 300€ jeden Monat hab ich nicht. Ich hoffe hier kann mir einer Helfen

Gruß,
Daniel E.

#2 poste dieses log
http://virus-protect.org/winpfind.html

+
dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Daniel - 06-10-25 19:08:55.50 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))


2006-10-12 17:12 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-10-12 17:12 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-10-04 18:59 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2006-10-04 18:10 183,296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-10-04 18:04 991,232 --a------ C:\WINDOWS\system32\rk.exe
2006-10-04 18:04 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-04 18:04 50,688 --a-s---- C:\WINDOWS\NDNuninstall6_38.exe
2006-10-04 18:04 114,688 --a------ C:\WINDOWS\system32\rkinstaller.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-25 19:03 -------- d-------- C:\Programme\Steam
2006-10-25 19:03 -------- d-------- C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\Xfire
2006-10-25 18:57 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-25 17:03 -------- d-------- C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\Adobe
2006-10-25 04:12 -------- d-------- C:\Programme\QuickTime
2006-10-24 21:41 -------- d-------- C:\Programme\HLSW
2006-10-24 19:55 -------- d-------- C:\Programme\Incomplete
2006-10-24 19:48 -------- d-------- C:\Programme\FrostWire
2006-10-21 13:16 -------- d---s---- C:\Programme\Xfire
2006-10-16 15:53 -------- d-------- C:\Programme\AmoK
2006-10-16 15:52 -------- d-------- C:\Programme\Save
2006-10-14 18:46 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-14 14:09 -------- d-------- C:\Programme\internet explorer
2006-10-12 20:09 -------- d---s---- C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\Microsoft
2006-10-12 20:09 -------- d-------- C:\Programme\Outlook Express
2006-10-12 20:08 -------- d-------- C:\Programme\Movie Maker
2006-10-12 20:08 -------- d-------- C:\Programme\iTunes
2006-10-12 19:51 -------- d-------- C:\Programme\WinRAR
2006-10-12 19:51 -------- d-------- C:\Programme\Windows NT
2006-10-12 19:51 -------- d-------- C:\Programme\Windows Media Player
2006-10-12 19:51 -------- d-------- C:\Programme\Messenger
2006-10-12 19:51 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-10-12 19:46 2140928 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2006-10-12 19:46 2016768 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2006-10-12 19:46 -------- d-------- C:\Programme\YzShadow
2006-10-12 19:46 -------- d-------- C:\Programme\WinRoll
2006-10-12 19:46 -------- d-------- C:\Programme\UberIcon
2006-10-12 19:46 -------- d-------- C:\Programme\Tiger System Preferences v2
2006-10-12 19:46 -------- d-------- C:\Programme\MSN Messenger
2006-10-12 19:42 219648 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-12 19:31 -------- d-------- C:\Programme\RK Launcher
2006-10-12 19:31 -------- d-------- C:\Programme\ObjectDock
2006-10-12 19:31 -------- d-------- C:\Programme\iColorFolder
2006-10-12 17:11 -------- d-------- C:\Programme\directX
2006-10-12 17:02 -------- d-------- C:\Programme\Electronic Arts
2006-10-08 20:44 -------- d-------- C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\Real
2006-10-08 20:43 -------- d-------- C:\Programme\Google
2006-10-08 20:42 -------- d-------- C:\Programme\Real
2006-10-08 20:42 -------- d-------- C:\Programme\Gemeinsame Dateien\xing shared
2006-10-08 20:42 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2006-10-08 20:42 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-08 18:50 -------- d-------- C:\Programme\Stardock
2006-10-08 18:20 -------- d-------- C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\Ahead
2006-10-05 21:07 -------- d-------- C:\Programme\iPod
2006-10-05 21:07 -------- d-------- C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\Apple Computer
2006-10-05 21:06 -------- d-------- C:\Programme\Apple Software Update
2006-10-04 19:10 -------- d-a-s---- C:\Programme\NewDotNet
2006-10-04 18:05 -------- d-------- C:\Programme\VVSN
2006-10-04 18:04 -------- d-------- C:\Programme\filesubmit
2006-10-04 00:30 -------- d-------- C:\Programme\CSpace
2006-09-19 20:56 -------- d-------- C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\SpieleEntwicklungsKombinat
2006-09-19 15:24 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-09-16 06:46 -------- d-------- C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\FrostWire
2006-08-28 10:23 5906432 --a------ C:\WINDOWS\system32\ieframe.dll
2006-08-28 10:23 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-08-28 10:23 457728 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-08-28 10:23 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-28 10:23 358400 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-28 10:23 175616 --a------ C:\WINDOWS\system32\ieui.dll
2006-08-28 10:23 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-28 10:09 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-28 10:09 206336 --a------ C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-28 10:08 43008 --a------ C:\WINDOWS\system32\url.dll
2006-08-28 10:08 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-28 10:08 120832 --a------ C:\WINDOWS\system32\occache.dll
2006-08-28 10:07 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-28 10:05 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-28 10:05 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-28 10:05 275968 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-28 10:05 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-28 10:04 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-28 10:04 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-28 10:04 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-28 10:04 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-28 10:04 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-28 10:02 61440 --a------ C:\WINDOWS\system32\icardie.dll
2006-08-28 10:02 12288 --a------ C:\WINDOWS\system32\msfeedssync.exe
2006-08-28 10:01 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-28 10:01 262656 --a------ C:\WINDOWS\system32\iertutil.dll
2006-08-28 09:59 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-28 09:27 380928 --a------ C:\WINDOWS\system32\ieapfltr.dll
2006-08-28 09:25 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-28 09:22 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-10 19:45 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"Alt+Q Hotkey Tool"="C:\\WINDOWS\\Alt+Q Hotkey.exe"
"RK Launcher"="C:\\Programme\\RK Launcher\\RKLauncher.exe"
"UberIcon"="\"C:\\Programme\\UberIcon\\UberIcon Manager.exe\""
"WinRoll"="C:\\Programme\\WinRoll\\winroll.exe"
"Yz Shadow"="C:\\Programme\\YzShadow\\YzShadow.exe"
"Steam"="C:\\Programme\\Steam\\Steam.exe -silent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Smapp"="C:\\Programme\\Analog Devices\\SoundMAX\\SMTray.exe"
"zBrowser Launcher"="C:\\Programme\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="LOGI_MWX.EXE"
"Acronis True Image Monitor"="\"C:\\Programme\\Acronis\\TrueImage\\TrueImageMonitor.exe\""
"Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BearShare"="\"C:\\Programme\\BearShare\\BearShare.exe\" /pause"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"BootSkin Startup Jobs"="\"C:\\PROGRA~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"System Files Updater"="C:\\WINDOWS\\FlyakiteOSX\\Tools\\System Files Updater.exe /S"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,ea,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-10-25 19:11:09.26
C:\ComboFix.txt ... 06-10-25 19:11
C:\ComboFix2.txt ... 06-10-25 19:01


-------------------------


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 06-10-25 19:03:40
WinPFind v1.5.0 Folder = C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5700.7)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 05-03-18 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 05-05-26 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 05-07-22 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 05-12-05 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 06-02-03 08:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 06-03-31 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 01-08-23 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 06-01-26 20:36:02 574976 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 06-01-26 20:36:02 574976 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
WSUD 04-08-04 01:58:08 1532416 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 04-08-04 01:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 04-08-04 01:58:24 287744 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 04-08-04 01:57:34 1004544 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
WSUD 06-05-10 02:49:46 7757312 C:\WINDOWS\SYSTEM32\SET14C.tmp (Microsoft Corporation)
winsync 01-08-23 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
WSUD 06-05-10 02:49:46 7757312 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 04-08-03 23:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06-10-25 15:24:12 S 2048 C:\WINDOWS\bootstat.dat ()
06-10-04 18:04:48 S 50688 C:\WINDOWS\NDNuninstall6_38.exe ()
06-10-04 18:10:46 S 183296 C:\WINDOWS\NDNuninstall7_22.exe ()
06-10-25 15:24:14 S 64 C:\WINDOWS\CSC\00000001 ()
06-08-29 10:55:58 S 42004 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat ()
06-10-25 19:03:10 H 1024 C:\WINDOWS\system32\config\default.LOG ()
06-10-25 19:03:16 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
06-10-25 15:25:12 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
06-10-25 19:04:58 H 12288 C:\WINDOWS\system32\config\software.LOG ()
06-10-25 19:03:52 H 1024 C:\WINDOWS\system32\config\system.LOG ()
06-10-25 15:24:14 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
04-08-04 01:58:24 62464 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
04-08-04 01:58:24 749056 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
04-08-04 01:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
04-08-04 01:58:24 127488 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
04-08-04 01:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
04-08-04 01:58:24 415232 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
06-08-28 10:09:08 1553920 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
04-08-04 01:58:24 125440 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
04-08-04 01:58:24 300032 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
04-08-04 01:58:24 61952 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
06-05-03 02:56:54 41073 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
01-08-23 14:00:00 201216 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
04-08-04 01:58:24 738816 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
01-08-23 14:00:00 23552 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
04-08-04 01:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
04-08-04 01:58:24 287744 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
01-08-23 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
04-08-04 01:58:24 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
04-08-04 01:58:24 122880 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
04-08-04 01:58:24 384000 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
01-08-23 14:00:00 22016 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
04-08-04 01:58:24 266752 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
04-08-04 01:58:24 374272 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
04-08-04 01:58:24 134656 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
06-08-28 10:09:08 1553920 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
01-08-23 14:00:00 201216 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
01-08-23 14:00:00 23552 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
01-08-23 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
01-08-23 14:00:00 22016 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
{162247AF-26A7-44FC-A93A-69506EA244F3} - HWTest.HWTestControl - CodeBase = http://service.nightclub.de/de/systemcheck/HWTest.CAB
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E55FD215-A32E-43FE-A777-A7E8F165F551} - Flatcast Viewer 4.15 - CodeBase = http://data.flatcast.com/NpFv415.dll

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
06-02-08 23:17:46 1936 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk ()
06-02-08 20:25:50 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
06-07-15 19:06:00 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ()
06-02-08 20:07:36 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
06-07-17 19:38:50 1002 C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Startmenü\Programme\Autostart\Adobe Gamma.lnk ()
06-02-08 20:25:50 HS 84 C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Startmenü\Programme\Autostart\desktop.ini ()
06-10-15 15:41:56 634 C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Startmenü\Programme\Autostart\Xfire.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
06-02-08 20:07:36 HS 62 C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Anwendungsdaten\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
\\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL - http://go.microsoft.com/fwlink/?LinkId=54729
\\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.the-futurex.de/
\\Search Bar - http://google.icq.com/search/search_frame.php
\\Search Page - http://google.icq.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - URLLink = C:\Programme\NewDotNet\newdotnet7_22.dll (New.net, Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Programme\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\programme\google\googletoolbar2.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar = C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\programme\google\googletoolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} - &Links = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\programme\google\googletoolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8198
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Konsole
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 =
\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - 8195 = ICQ Lite
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 = Windows Messenger
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Konsole = C:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Konsole = C:\Programme\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Recherchieren =
\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - ButtonText: ICQ Lite = C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - MenuText: = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - CPL-Erweiterung für Anzeigeverschiebung = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shellerweiterungen für die Dateikomprimierung = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontextmenü für die Verschlüsselung = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Erweiterung für HyperTerminal-Icons = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskleiste und Startmenü = ()
\\{EFA24E61-B078-11d0-89E4-00C04FC9E26E} - Favorites Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Benutzerkonten = ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Programme\WinRAR\rarext.dll ()
\\{73B24247-042E-4EF5-ADC2-42F62E6FD654} - ICQ Lite Shell Extension = C:\Programme\ICQLite\ICQLiteShell.dll ()
\\{B8323370-FF27-11D2-97B6-204C4F4F5020} - SmartFTP Shell Extension DLL = C:\Programme\SmartFTP\smarthook.dll (SmartFTP)
\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\\{5E2121EE-0300-11D4-8D3B-444553540000} - Catalyst Context Menu extension = C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Programme\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Programme\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{ABC70703-32AF-11d4-90C4-D483A70F4825} - CMenuExtender = C:\Programme\iColorFolder\CMExt.dll (Revenger inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll ()
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\CMenuExtender - {ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\Programme\iColorFolder\CMExt.dll (Revenger inc.)
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Smapp - C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
zBrowser Launcher - C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.)
Logitech Utility - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
Acronis True Image Monitor - C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
Acronis Scheduler2 Service - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
BearShare - C:\Programme\BearShare\BearShare.exe ()
ICQ Lite - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
avgnt - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
ATICCC - C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
SunJavaUpdateSched - C:\Programme\Java\jre1.5.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
New.net Startup - rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL ()
BootSkin Startup Jobs - C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe ()
iTunesHelper - C:\Programme\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
TkBellExe - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
System Files Updater - C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe ()
QuickTime Task - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
Alt+Q Hotkey Tool - C:\WINDOWS\Alt+Q Hotkey.exe ()
RK Launcher - C:\Programme\RK Launcher\RKLauncher.exe (RaduKing)
UberIcon - C:\Programme\UberIcon\UberIcon Manager.exe ()
WinRoll - C:\Programme\WinRoll\winroll.exe ()
Yz Shadow - C:\Programme\YzShadow\YzShadow.exe (Y'z@Home)
Steam - C:\Programme\Steam\Steam.exe (Valve Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
ICQ Lite - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Startmenü\Programme\Autostart\Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Startmenü\Programme\Autostart\desktop.ini ()
C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Startmenü\Programme\Autostart\Xfire.lnk - C:\Programme\Xfire\Xfire.exe (Xfire Inc.)

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{553858A7-4922-4e7e-B1C1-97140C1C16EF} - IE Component Categories cache daemon = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{3634A602-C875-4C25-BCCC-FB73FA2165EA} - (Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45)
{863B6BAF-7489-47F6-9608-4FFE31A583D7} - (Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000004\\LibraryPath - C:\Programme\NewDotNet\newdotnet7_22.dll (New.net, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - CC:\Programme\NewDotNet\newdotnet7_22.dll ()
\000000000002\\PackedCatalogItem - CC:\Programme\NewDotNet\newdotnet7_22.dll ()
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - CC:\Programme\NewDotNet\newdotnet7_22.dll ()
\000000000017\\PackedCatalogItem - CC:\Programme\NewDotNet\newdotnet7_22.dll ()

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#4 Achso, soll ich das den bei allen PCs machen?
Das war jetzt nur meiner.

#5

Zitat

Sabina postete
jeder verseucht sich so gut er kann den Rechner mit P2P-Software, Dialer, Spyware inklusive

««
LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing"--Remove
- und loesche die newdotnet7_22.dll (eventuell musst du die dll von links nach rechts bringen)

««
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

__________
MfG Sabina

rund um die PC-Sicherheit

#6 Logfile of HijackThis v1.99.1
Scan saved at 19:24:19, on 25.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Programme\UberIcon\UberIcon Manager.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\YzShadow\YzShadow.exe
C:\Programme\Steam\Steam.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Eigene Dateien\Playe u. Treiber+zubehör\trojaner\hijackthis\HijackThis.exe
C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-futurex.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=54834
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programme\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [Steam] C:\Programme\Steam\Steam.exe -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} (HWTest.HWTestControl) - http://service.nightclub.de/de/systemcheck/HWTest.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://data.flatcast.com/NpFv415.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

Der Log war auch nur von meinem PC

#7 1.
LSPfix - wichtig
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing"--Remove
- und loesche die newdotnet7_22.dll (eventuell musst du die dll von links nach rechts bringen)

2.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

3..
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Files to delete:
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\system32\rk.exe
C:\WINDOWS\system32\sporder.dll
C:\WINDOWS\system32\rkinstaller.exe

Folders to delete:
C:\Programme\BearShare
C:\Programme\NewDotNet
C:\Programme\VVSN
C:\Programme\Save
C:\Programme\filesubmit

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
scanne, stelle alles auf remove und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#8 1. Erledigt
2. Erledigt
3. Erledigt - mit leichten schwierigkeiten. Nach dem neustart ging mein Internet nicht mehr und eine Fehler meldung kam nach dem Neustart


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ojwbojw^

*******************

Script file located at: \??\C:\ihhpayqs.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\NDNuninstall6_38.exe deleted successfully.
File C:\WINDOWS\NDNuninstall7_22.exe deleted successfully.
File C:\WINDOWS\system32\rk.exe deleted successfully.
File C:\WINDOWS\system32\sporder.dll deleted successfully.
File C:\WINDOWS\system32\rkinstaller.exe deleted successfully.


Folder C:\Programme\BearShare not found!
Deletion of folder C:\Programme\BearShare failed!

Could not process line:
C:\Programme\BearShare
Status: 0xc0000034

Folder C:\Programme\NewDotNet deleted successfully.
Folder C:\Programme\VVSN deleted successfully.
Folder C:\Programme\Save deleted successfully.
Folder C:\Programme\filesubmit deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

4.

Spyware Scan Details
Start Date: 25.10.2006 20:42:35
End Date: 25.10.2006 21:45:08
Total Time: 1 hrs 2 mins 33 secs

Detected spyware

iMesh P2P Program more information...
Details: iMesh is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\windows\system32\imesh_cache\b_338_0_0_108200.htm
c:\windows\system32\imesh_cache\b_338_0_0_108300.htm
c:\windows\system32\imesh_cache\b_338_0_0_111200.htm
c:\windows\system32\imesh_cache\b_338_1_0_449400.htm
c:\windows\system32\imesh_cache\b_338_1_0_449500.htm
c:\windows\system32\hsenj.ocx
C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\Playe u. Treiber+zubehör\trojaner\hijackthis\backups\backup-20050623-173958-198.dll
C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Eigene Dateien\Playe u. Treiber+zubehör\trojaner\hijackthis\backups\backup-20050623-173958-198.dll
C:\Programme\Uninstall iMeshBar.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\imesh
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar pid ms127
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar Dir C:\Programme\iMeshBar\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar CurInstall 2
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar Id B7588E6D-B2FA-42F9-B76C-0B6BF49BA7BA
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar Build 149.41935
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar CacheDir C:\Programme\iMeshBar\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar HistoryDir C:\Programme\iMeshBar\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar SettingsDir C:\Programme\iMeshBar\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\iMeshBar\bar Maximized 1


Trojan.DesktopHijack Trojan more information...
Details: Trojan.DesktopHijack modifies the home page and desktop settings on a compromised computer.
Status: Deleted

Infected files detected
c:\windows\desktop.html


Trojan.Vxgame Trojan more information...
Details: Trojan.Vxgame is a trojan program that silently downloads additional malware from the internet and lowers the system's security settings by disabling the Windows firewall.
Status: Deleted

Infected files detected
c:\windows\system32\vx.tll
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\1.dlb
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\5.dlb
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\6.dlb
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\7.dlb


Zango.SearchAssistant Adware (General) more information...
Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit.
Status: Deleted

Infected files detected
c:\programme\mozilla firefox\plugins\npclntax.dll


Marketscore.RelevantKnowledge Adware (General) more information...
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Daniel Ehrenhofer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F6TYC3AC\rkinstall[1].osa


FakeAlert Rogue Security Program more information...
Details: FakeAlert consists of files that cause false warnings of spyware on the computer. Usually the alerts are displayed in a balloon type pop-up from an icon in the system tray.
Status: Deleted

Infected files detected
C:\WINDOWS\desktop.html


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}
HKEY_CLASSES_ROOT\clsid\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}\InprocServer32 C:\Programme\NewDotNet\newdotnet7_22.dll
HKEY_CLASSES_ROOT\clsid\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}\ProgID Tldctl2.URLLink.1
HKEY_CLASSES_ROOT\clsid\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}\TypeLib {DD521A10-1F98-11D4-9676-00E018981B9E}
HKEY_CLASSES_ROOT\clsid\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}\VersionIndependentProgID Tldctl2.URLLink
HKEY_CLASSES_ROOT\clsid\{4a2aacf3-adf6-11d5-98a9-00e018981b9e} URLLink
HKEY_CLASSES_ROOT\tldctl2.urllink.1
HKEY_CLASSES_ROOT\tldctl2.urllink.1\CLSID {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_CLASSES_ROOT\tldctl2.urllink.1 URLLink
HKEY_CLASSES_ROOT\tldctl2.urllink
HKEY_CLASSES_ROOT\tldctl2.urllink\CLSID {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_CLASSES_ROOT\tldctl2.urllink\CurVer Tldctl2.URLLink.1
HKEY_CLASSES_ROOT\tldctl2.urllink URLLink
HKEY_CLASSES_ROOT\tldctl2.urllink\clsid
HKEY_CLASSES_ROOT\tldctl2.urllink\clsid {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4a2aacf3-adf6-11d5-98a9-00e018981b9e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayName New.net Domains 7.22
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net UninstallString C:\WINDOWS\NDNUNI~2.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayIcon C:\WINDOWS\NDNUNI~2.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayVersion 7.22
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net Publisher New.net, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net URLInfoAbout http://www.new.net/
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net HelpLink http://www.new.net/help_faq.tp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net URLUpdateInfo http://www.new.net/index.tp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net VersionMajor 7
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net VersionMinor 22
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net URLUpdateInfo http://www.new.net/index.tp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net HelpLink http://www.new.net/help_faq.tp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net URLInfoAbout http://www.new.net/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net Publisher New.net, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net LSPStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source
HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run New.net Startup
HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\Programmable
HKEY_LOCAL_MACHINE\software\new.net
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 458774
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet7_22.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=5edd068762d43ba053a5d678a5d625e7
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source NNWDAC~1
HKEY_LOCAL_MACHINE\software\new.net Prt NNWDAC638
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 0
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29817430
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo 349102832
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\software\new.net Activity 37698
HKEY_LOCAL_MACHINE\software\new.net XpiDone 1
HKEY_CURRENT_USER\Software\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net Changed 0


BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32\11.0.0.0 RuntimeVersion v1.1.4322
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32\11.0.0.0 Assembly Microsoft.Vbe.Interop, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32\11.0.0.0 Class Microsoft.Vbe.Interop.WindowsClass
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 Class Microsoft.Vbe.Interop.WindowsClass
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 RuntimeVersion v1.1.4322
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 Assembly Microsoft.Vbe.Interop, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ppQAlwUz lJ_]lflvaqAAeQvcub[JqcRcp
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} eXutyAatVwsz RQjRs`refkfQtDrpZ|x`UBbI{srJ|
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} rijl pFsDeyXPkiauik@g
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Qognr iVl_QmLosos\{vZ
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hkqiMztycrmhX pnDD[peSSsZgLieCC]pvSDE][~~crC
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} sLnkiGk zdDXO{{\TJfMefK{pAX]x@CUo_DlbWq
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} spdKniwjLKp A}fyBEgHut`NsGTgzfnmAcrriejj|
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qypmus GuU@_ZKoglfIpSgtF
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} xdfawihjkd w@kSuoxWG@eG@FQvLysyxqzY~baWl[
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} eeaQmkrkpsn KTR@]CQ]yxLUNlcJu_
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} QavQttx `X}BnLr|ZjgHtlbz\
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} eonSualvnnvpo vqkEnlvX|whbpefVklm
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} aWdehqyu ePgX[~{Ovvwyu^R}VdGZWASRO
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} oglIgjxv |h`KLNpoah@[lhym


Messenger Plus! Adware Bundler more information...
Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 SideBarColor 16777215
HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 SideBarColor2 16777215
HKEY_CURRENT_USER\SOFTWARE\Patchou
HKEY_CURRENT_USER\SOFTWARE\Patchou\MsgPlus2 SideBarColor 16777215
HKEY_CURRENT_USER\SOFTWARE\Patchou\MsgPlus2 SideBarColor2 16777215


Zango.CommonElements Adware (General) more information...
Details: Zango.CommonElements is a collection of traces that are found in multiple adware programs from 180solutions / Zango.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} IClientInstaller2
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} IRequiredComponent
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CurVer ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX ZangoClientAX Class
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 ZangoClientAX Class
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID ClientAX.ZangoClientAX
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} ZangoClientAX Class
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} ISeekmoClientAX
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} IZangoClientAX
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID LMgr180.WMDRMAx
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} WMDRMAx Class
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} ILicenseInstaller
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} IWMDRMAx
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} IInstantiator
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CurVer LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx WMDRMAx Class
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 WMDRMAx Class


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class


WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id


My Search Bar Potentially Unwanted Program more information...
Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1 Internet Exp1orer (Ver 1.23600)


Weatherbug Low Risk Adware more information...
Details: Weatherbug is an ad supported desktop weather applicaton that provides updates on weather conditions and displays real time temperatures in the taskbar icon.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1 Internet Exp1orer (Ver 1.23600)


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@ad.yieldmanager[2].txt


Cookie: PointRoll.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@ads.pointroll[2].txt


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@advertising[2].txt


Cookie: PriceBandit Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@apmebf[1].txt


Cookie: as-us.falkag Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@as-us.falkag[1].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@atdmt[2].txt


Cookie: BFast.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@bfast[1].txt


Cookie: Bravenet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@bravenet[2].txt


Cookie: BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@bs.serving-sys[2].txt
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@serving-sys[2].txt


Cookie: BurstNet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@burstnet[2].txt


Cookie: casalemedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@casalemedia[1].txt


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@com[1].txt


Cookie: hitslink.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@counter.hitslink[2].txt


Cookie: dedmazai.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@counter12.sextracker[2].txt
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@counter14.sextracker[2].txt
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@counter2.sextracker[1].txt
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@counter5.sextracker[2].txt
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@top.voyeur-russian[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@doubleclick[1].txt


Cookie: FastClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@fastclick[2].txt


Cookie: GeoCities Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@geocities[1].txt


Cookie: Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@hitbox[2].txt


Cookie: HotLog.ru Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@hotlog[2].txt


Cookie: ICOO Loader Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@icoonet[1].txt


Cookie: IndexTools.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@indextools[1].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@landing.domainsponsor[1].txt
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@tradedoubler[1].txt
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@yourmedia[1].txt


Cookie: Desktop Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@list[1].txt


Cookie: maxserving Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@maxserving[1].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@mediaplex[1].txt


Cookie: PayCounter.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@paycounter[2].txt


Cookie: RealMedia.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@realmedia[2].txt


Cookie: Revenue.net Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@revenue[2].txt


Cookie: SexList.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@sexlist[1].txt


Cookie: SexTracker.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@sextracker[2].txt


Cookie: SpyLog.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@spylog[1].txt


Cookie: Stat.Onestat Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@stat.onestat[2].txt


Cookie: statcounter.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@statcounter[2].txt


Cookie: Targetnet.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@targetnet[1].txt


Cookie: TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@tribalfusion[1].txt


Cookie: Tripod Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@tripod[1].txt


Cookie: ValueClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@valueclick[1].txt


Cookie: Weborama Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@weborama[2].txt


Cookie: www.frenchcum.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@www.frenchcum[1].txt


Cookie: Ajan 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@xiti[1].txt


Cookie: XXXCounter.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@xxxcounter[1].txt


Cookie: Zedo Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\daniel ehrenhofer\cookies\daniel@zedo[1].txt



zwichendurch hat antivir sich nochmal gemeldet:


Ps: Sorry das es so lang gedauert hat.

#9 wenn du das wichtigste ueberliest und die newdotnet7_22.dll nicht mit lspfix fixt, kann ich nichts dafuer, dass der Winsock korrupt ist... und du nicht mehr ins net kommst

Zitat

LSPfix - wichtig
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing"--Remove
- und loesche die newdotnet7_22.dll (eventuell musst du die dll von links nach rechts bringen)

fuehre das aus:
WinsockFix (Fuer alle Betriebssysteme)
http://www.winsockfix.nl/

««
Es ist also wichtig regelmaessig den Cache zu leeren!
http://virus-protect.org/artikel/tools/javasun.html
Sun Java
CCleaner
http://www.ccleaner.de/
__________
MfG Sabina

rund um die PC-Sicherheit

#10 Hab ich auch nie gesagt.

So hab alles gemacht, was genau ist jetzt passiert? Ist er weg?
Muss ich das ganze nochmal bei allen anderen Computern machen?

#11 Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#12 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A44F-8A34

Verzeichnis von C:\DOKUME~1\DANIEL~1\LOKALE~1\Temp

25.10.2006 22:07 16.384 Perflib_Perfdata_da0.dat
25.10.2006 22:07 16.384 Perflib_Perfdata_db0.dat
25.10.2006 22:07 16.384 Perflib_Perfdata_8c4.dat
25.10.2006 22:07 16.384 ~DF10C5.tmp
25.10.2006 22:07 49.152 ~DF7E43.tmp
25.10.2006 22:07 512 ~DF66D4.tmp
25.10.2006 22:07 16.384 ~DF6263.tmp
25.10.2006 22:07 32.768 ~DF440B.tmp
25.10.2006 22:07 16.384 ~DF9DD.tmp
9 Datei(en) 180.736 Bytes
0 Verzeichnis(se), 50.223.833.088 Bytes frei



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A44F-8A34

Verzeichnis von C:\WINDOWS\system32

25.10.2006 19:33 592 ctstrxjk.txt
23.10.2006 19:25 2.206 wpa.dbl
12.10.2006 19:51 251.568 FNTCACHE.DAT
12.10.2006 19:46 2.140.928 ntoskrnl.exe
12.10.2006 19:46 2.016.768 ntkrnlpa.exe
12.10.2006 19:42 219.648 uxtheme.dll
08.10.2006 20:42 181.736 rmoc3260.dll
08.10.2006 20:42 5.632 pndx5032.dll
08.10.2006 20:42 6.656 pndx5016.dll
08.10.2006 20:42 278.528 pncrt.dll
29.08.2006 10:52 1.052.672 ieframe.dll.mui
29.08.2006 10:51 12.288 advpack.dll.mui
28.08.2006 10:23 3.404.800 mshtml.dll
28.08.2006 10:23 189.440 iepeers.dll
28.08.2006 10:23 130.560 extmgr.dll
28.08.2006 10:23 1.149.440 urlmon.dll
28.08.2006 10:23 152.064 msls31.dll
28.08.2006 10:23 670.720 mstime.dll
28.08.2006 10:23 5.906.432 ieframe.dll
28.08.2006 10:23 472.576 mshtmled.dll
28.08.2006 10:23 457.728 msfeeds.dll
28.08.2006 10:23 26.624 jsproxy.dll
28.08.2006 10:23 50.688 msfeedsbs.dll
28.08.2006 10:23 358.400 webcheck.dll
28.08.2006 10:23 786.944 wininet.dll
28.08.2006 10:23 413.696 vbscript.dll
28.08.2006 10:23 175.616 ieui.dll
28.08.2006 10:09 443.904 html.iec
28.08.2006 10:09 78.336 ieencode.dll
28.08.2006 10:09 206.336 WinFXDocObj.exe
28.08.2006 10:09 1.553.920 inetcpl.cpl
28.08.2006 10:08 43.008 url.dll
28.08.2006 10:08 192.000 msrating.dll
28.08.2006 10:08 40.448 licmgr10.dll
28.08.2006 10:08 120.832 occache.dll
28.08.2006 10:07 16.896 corpol.dll
28.08.2006 10:05 378.368 iedkcs32.dll
28.08.2006 10:05 275.968 ieaksie.dll
28.08.2006 10:05 152.064 ieakeng.dll
28.08.2006 10:05 71.680 admparse.dll
28.08.2006 10:04 55.296 iesetup.dll
28.08.2006 10:04 92.672 inseng.dll
28.08.2006 10:04 11.776 ieudinit.exe
28.08.2006 10:04 43.008 iernonce.dll
28.08.2006 10:04 54.784 ie4uinit.exe
28.08.2006 10:04 122.880 advpack.dll
28.08.2006 10:04 487.424 jscript.dll
28.08.2006 10:02 12.288 msfeedssync.exe
28.08.2006 10:02 61.440 icardie.dll
28.08.2006 10:02 346.624 dxtmsft.dll
28.08.2006 10:02 44.032 pngfilt.dll
28.08.2006 10:01 35.328 imgutil.dll
28.08.2006 10:01 213.504 dxtrans.dll
28.08.2006 10:01 262.656 iertutil.dll
28.08.2006 09:59 45.568 mshta.exe
28.08.2006 09:59 66.560 tdc.ocx
28.08.2006 09:30 56.262 ieuinit.inf
28.08.2006 09:27 380.928 ieapfltr.dll
28.08.2006 09:25 48.128 mshtmler.dll
28.08.2006 09:22 161.792 ieakui.dll
28.08.2006 09:15 1.383.424 mshtml.tlb
22.08.2006 15:40 6.845 jupdate-1.5.0_07-b03.log
15.08.2006 19:32 1.549.312 shdocvw.dll
15.08.2006 19:32 474.624 shlwapi.dll
15.08.2006 19:32 1.014.784 browseui.dll
10.08.2006 19:45 8.798 icrav03.rat
10.08.2006 19:45 22.752 spupdsvc.exe
10.08.2006 19:45 15.584 spmsg.dll
10.08.2006 19:45 15.820 IE7Eula.rtf
10.08.2006 19:44 2.451.824 ieapfltr.dat
28.07.2006 09:30 236.824 xactengine2_3.dll
28.07.2006 09:30 62.744 xinput1_2.dll
14.07.2006 17:52 121.856 xmllite.dll
14.07.2006 14:51 108.144 GEARAspi.dll
29.06.2006 08:05 23.552 normaliz.dll
29.06.2006 08:05 26.112 idndl.dll
28.06.2006 17:59 24.576 nlsdl.dll
23.06.2006 13:09 16.832 amcompat.tlb
23.06.2006 13:09 23.392 nscompat.tlb
08.06.2006 12:06 39.284 normnfd.nls
08.06.2006 12:06 60.294 normnfkd.nls
08.06.2006 12:06 59.342 normidna.nls
08.06.2006 12:06 45.794 normnfc.nls
08.06.2006 12:06 66.384 normnfkc.nls
07.06.2006 23:09 260.096 ati2dvag.dll
07.06.2006 23:07 307.200 atiiiexx.dll
07.06.2006 23:04 114.688 atipdlxx.dll
07.06.2006 23:04 77.824 Oemdspif.dll
07.06.2006 23:04 26.112 Ati2mdxx.exe
07.06.2006 23:04 41.984 ati2edxx.dll
07.06.2006 23:04 61.440 ati2evxx.dll
07.06.2006 23:03 409.600 ati2evxx.exe
07.06.2006 23:02 53.248 ATIDDC.DLL
07.06.2006 22:56 2.754.784 ati3duag.dll
07.06.2006 22:51 1.751.488 ativvaxx.dll
07.06.2006 22:46 6.684.672 atioglx1.dll
07.06.2006 22:43 5.050.368 atioglxx.dll
07.06.2006 22:40 204.800 atikvmag.dll
07.06.2006 22:39 17.408 atitvo32.dll
07.06.2006 22:38 290.816 ATIDEMGR.dll
07.06.2006 22:35 286.720 ati2cqag.dll
07.06.2006 16:27 520.192 ati2sgag.exe
02.06.2006 11:04 57.384 avsda.dll
01.06.2006 19:28 129.112 atiicdxx.dat
01.06.2006 03:34 6.126 atifglpf.xml

#13 das sind nicht 6 logs, sondern nur 2 , meiner bescheidenen Rechnung nach
__________
MfG Sabina

rund um die PC-Sicherheit

#14 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A44F-8A34

Verzeichnis von C:\WINDOWS

25.10.2006 22:12 384.394 WindowsUpdate.log
25.10.2006 22:07 51 iTouch.ini
25.10.2006 22:06 2.048 bootstat.dat
25.10.2006 22:05 32.630 SchedLgU.Txt
25.10.2006 20:25 49 NeroDigital.ini
14.10.2006 14:01 467 system.ini
12.10.2006 19:46 15.026 RestoreFlyakiteOSX.txt
08.10.2006 20:42 4.120 mozver.dat
04.10.2006 18:09 599 win.ini
09.09.2006 05:46 23 BlendSettings.ini
15.07.2006 15:28 3.931 Ascd_tmp.ini
23.06.2006 01:40 316.640 WMSysPr9.prx
15.06.2006 20:14 400 ODBC.INI
25.02.2006 02:54 1.507.328 iTunes Multi-Plugin.exe
09.02.2006 18:20 276 game.ini
08.02.2006 23:32 3.622.840 EX-3 Regenesis ScreenSaver.scr
08.02.2006 22:51 0 nsreg.dat
08.02.2006 22:51 107.132 UninstallFirefox.exe
08.02.2006 20:28 8.192 REGLOCS.OLD
08.02.2006 20:25 0 control.ini
08.02.2006 20:25 299.552 WMSysPrx.prx
08.02.2006 20:25 4.161 ODBCINST.INI
08.02.2006 20:24 749 WindowsShell.Manifest
08.02.2006 20:23 36 vb.ini
08.02.2006 20:23 37 vbaddin.ini
18.12.2005 21:14 27.648 Alt+Q Hotkey.exe
04.08.2004 01:58 288.768 winhlp32.exe
04.08.2004 01:58 32.866 slrundll.exe
04.08.2004 01:58 210.944 regedit.exe
04.08.2004 01:58 70.144 notepad.exe
04.08.2004 01:57 10.752 hh.exe
04.08.2004 01:57 1.368.064 explorer.exe
04.08.2004 01:57 50.688 twain_32.dll
17.07.2004 12:40 19.528 002250_.tmp
18.06.2003 17:48 306.688 IsUninst.exe
12.05.2003 17:55 978.944 SynthCoreA.Dll
08.11.2002 12:50 19.968 LOGI_MWX.EXE
30.08.2002 14:59 380.928 SynCor.exe
23.08.2001 14:00 65.978 Seifenblase.bmp
23.08.2001 14:00 1.085.913 SET3.tmp
23.08.2001 14:00 13.898 SET7.tmp
23.08.2001 14:00 65.832 Santa Fe-Stuck.bmp
23.08.2001 14:00 1.405 msdfmap.ini
23.08.2001 14:00 17.362 Rhododendron.bmp
23.08.2001 14:00 17.062 Kaffeetasse.bmp
23.08.2001 14:00 15.872 TASKMAN.EXE
23.08.2001 14:00 94.800 twain.dll
23.08.2001 14:00 65.954 Pr„riewind.bmp
23.08.2001 14:00 49.680 twunk_16.exe
23.08.2001 14:00 25.600 twunk_32.exe
23.08.2001 14:00 9.522 Zapotek.bmp
23.08.2001 14:00 707 _default.pif
23.08.2001 14:00 17.336 Angler.bmp
23.08.2001 14:00 26.582 Granit.bmp
23.08.2001 14:00 26.680 F„cher.bmp
23.08.2001 14:00 18.944 vmmreg32.dll
23.08.2001 14:00 16.730 Feder.bmp
23.08.2001 14:00 80 explorer.scf
23.08.2001 14:00 2 desktop.ini
23.08.2001 14:00 257.568 winhelp.exe
23.08.2001 14:00 82.944 clock.avi
23.08.2001 14:00 48.680 winnt.bmp
23.08.2001 14:00 48.680 winnt256.bmp
23.08.2001 14:00 34.818 wmprfDEU.prx
23.08.2001 14:00 1.272 Blaue Spitzen 16.bmp
05.01.2000 00:20 86.016 unvise32qt.exe
17.12.1999 11:13 86.016 unvise32.exe
17.11.1998 13:44 328.704 IsUn0407.exe
68 Datei(en) 12.687.248 Bytes
0 Verzeichnis(se), 50.227.077.120 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A44F-8A34

Verzeichnis von C:\WINDOWS\Temp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A44F-8A34

Verzeichnis von C:\WINDOWS\Downloaded Program Files

22.08.2006 14:58 719.064 NpFv415.dll
13.07.2006 11:44 1.180 HWTest.INF
13.07.2006 11:43 15.800 HWTEST.OCX
08.02.2006 20:24 65 desktop.ini
27.08.2005 14:30 5.065 swflash.inf
03.06.2002 17:53 144 QTPlugin.inf
6 Datei(en) 741.318 Bytes
0 Verzeichnis(se), 50.227.077.120 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A44F-8A34

Verzeichnis von C:\

25.10.2006 23:02 0 sys.txt
25.10.2006 23:02 540 down.txt
25.10.2006 23:02 117 tmp.txt
25.10.2006 23:02 3.652 system.txt
25.10.2006 23:02 725 systemtemp.txt
25.10.2006 23:02 103.881 system32.txt
25.10.2006 22:06 2.013.265.920 pagefile.sys
25.10.2006 19:42 2.286 avenger.txt
25.10.2006 19:11 12.258 ComboFix.txt
25.10.2006 19:01 145 ComboFix2.txt
04.10.2006 18:09 211 boot.ini
28.03.2006 21:27 458 memory.txt
08.02.2006 21:30 47.564 NTDETECT.COM
08.02.2006 21:30 251.184 ntldr
08.02.2006 20:25 0 MSDOS.SYS
08.02.2006 20:25 0 AUTOEXEC.BAT
08.02.2006 20:25 0 IO.SYS
08.02.2006 20:25 0 CONFIG.SYS
07.10.2005 06:16 161.862 MsblIco.Exe
07.10.2005 06:16 161.862 MsblIco.Exe.bak
23.08.2001 14:00 4.952 bootfont.bin
21 Datei(en) 2.014.017.617 Bytes
0 Verzeichnis(se), 50.227.073.024 Bytes frei

sorry, dann hab ich dich missverstanden. ich hoffe so ist es richtig?!

#15 Avenger

Zitat

Files to delete:
C:\WINDOWS\Downloaded Program Files\HWTest.INF
C:\WINDOWS\Downloaded Program Files\HWTEST.OCX

dann beginne mir die logs vom anderen Rechner zu schicken, du weisst ja schon, was ich sehen will
__________
MfG Sabina

rund um die PC-Sicherheit