Critical System Errors

#16 Hallo Sabina,

noch da? :-)

#17 Lars1980

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\run|AltnetPointsManager
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|gimmicks
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{40dcff6e-af8d-4183-8ebe-a82270ac449e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|Virus-Bursters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F83E8F99-AE49-45D6-92B4-59854BF0A759}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96467F12-0518-4E85-AC6A-4858017F1400}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Perfect Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}

Files to delete:
C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url
C:\WINDOWS\system32\dcvwaah.dll
C:\Dokumente und Einstellungen\%Username%\Desktop\Eigene Dateien\Downloads\mw_install.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\MalwareWiper 4.3.lnk
C:\Dokumente und Einstellungen\%UserName%\Desktop\MalwareWiper.lnk
C:\Dokumente und Einstellungen\%UserName%\Startmenü\MalwareWiper 4.3.lnk

Folders to delete:
C:\Programme\Cheetah Mahjongg
C:\Programme\BearShare MediaBar
C:\Programme\BearShare
C:\Programme\Need2Find
c:\program files\altnet
C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp\~nsu.tmp
C:\Programme\MalwareWiper
C:\Programme\Perfect Codec
C:\Programme\Virus-Bursters
C:\Dokumente und Einstellungen\%UserName%\Startmenü\Programme\MalwareWiper

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste hier das log vom avenger, was nach neustart erscheint

»»
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

-----------------------------------------------------------------

**
scanne mit Counterspy, stelle nach dem Scan alles auf remove - poste den scanreport
http://virus-protect.org/counterspy.html


------------------------------------------------------------------

das muss ich dann noch mal naeher untersuchen, aber ich warte erst mal ab, bis du den scanreport vom Counterspy hier postest.
C:\Dokumente und Einstellungen\R”ber\WINDOWS
__________
MfG Sabina

rund um die PC-Sicherheit

#18 Das Ganze nach dem Neustart!

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rnerscqk

*******************

Script file located at: \??\C:\sqnbwslv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Dokumente und Einstellungen\Röber\Favoriten\Antivirus Test Online.url not found!
Deletion of file C:\Dokumente und Einstellungen\Röber\Favoriten\Antivirus Test Online.url failed!

Could not process line:
C:\Dokumente und Einstellungen\Röber\Favoriten\Antivirus Test Online.url
Status: 0xc0000034

File C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url deleted successfully.
File C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url deleted successfully.
File C:\WINDOWS\system32\dcvwaah.dll deleted successfully.


File C:\Dokumente und Einstellungen\Röber\Desktop\Eigene Dateien\Downloads\mw_install.exe not found!
Deletion of file C:\Dokumente und Einstellungen\Röber\Desktop\Eigene Dateien\Downloads\mw_install.exe failed!

Could not process line:
C:\Dokumente und Einstellungen\Röber\Desktop\Eigene Dateien\Downloads\mw_install.exe
Status: 0xc0000034

File C:\WINDOWS\smdat32a.sys deleted successfully.
File C:\WINDOWS\smdat32m.sys deleted successfully.
Folder C:\Programme\Cheetah Mahjongg deleted successfully.
Folder C:\Programme\BearShare MediaBar deleted successfully.
Folder C:\Programme\BearShare deleted successfully.
Folder C:\Programme\Need2Find deleted successfully.
Folder c:\program files\altnet deleted successfully.
Folder C:\Dokumente und Einstellungen\RÖBER\Lokale Einstellungen\Temp\~nsu.tmp deleted successfully.
Folder C:\Programme\MalwareWiper deleted successfully.


Folder C:\Programme\Perfect Codec not found!
Deletion of folder C:\Programme\Perfect Codec failed!

Could not process line:
C:\Programme\Perfect Codec
Status: 0xc0000034

Folder C:\Programme\Virus-Bursters deleted successfully.
Registry value HKLM\software\microsoft\windows\currentversion\run|AltnetPointsManager deleted successfully.
Registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|gimmicks deleted successfully.
Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{40dcff6e-af8d-4183-8ebe-a82270ac449e} deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|Virus-Bursters
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|Virus-Bursters failed!
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F83E8F99-AE49-45D6-92B4-59854BF0A759} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96467F12-0518-4E85-AC6A-4858017F1400} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Perfect Codec not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Perfect Codec failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#19 Lars1980

»»
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

poste hier den report von Option 1

-----------------------------------------------------------------

**
scanne mit Counterspy, stelle nach dem Scan alles auf remove - poste den scanreport
http://virus-protect.org/counterspy.html
(eventuell als Anhang - siehe unten)

««
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

#20 Hallo Sabina,

habe smitfraudfix laufen lassen, habe aber zu spät geshen das ich den report von Option 1 posten soll. Kann man den nachträglich nochmal irgendwo aufrufen oder wurde der gespeichert?

#21 kein Problem, poste das log von option 2
__________
MfG Sabina

rund um die PC-Sicherheit

#22 So,hier der scanreport von counterspy:

Spyware Scan Details
Start Date: 21.11.2006 16:00:14
End Date: 21.11.2006 16:13:56
Total Time: 13 mins 42 secs

Detected spyware

KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected files detected
c:\programme\kazaa\my shared folder\kazaa326_en.exe
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP5\A0000236.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa
HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
HKEY_CURRENT_USER\Software\Kazaa\Settings +
HKEY_CURRENT_USER\Software\Kazaa\Settings Date
HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer +
HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1
HKEY_CURRENT_USER\Software\Kazaa Tmp 0


BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\bearshare.lnk
c:\dokumente und einstellungen\röber\desktop\bearshare downloads.lnk
c:\dokumente und einstellungen\röber\desktop\bearshare.lnk
C:\Avenger\BearShare\BSidle.dll
C:\Avenger\BearShare\Webstats.exe
C:\Avenger\BearShare\Webstats.ini

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare vinfo fpbear
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.5.9DE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 C:\WINDOWS\system32\wbem\fastprox.dll
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Microsoft WBEM (non)Standard Marshaling for IEnumWbemClassObject
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} rrwokxhx _}wigHBAHIbW^pJtF}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} pGghnFnK sYpMyqDBdM[^iYY@G\v}oKG
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vupkikmxQjo @tXfkjwTGF|fZlMQkRFSVZ
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} FRsu woc[ui_e``dwlbmuLgcIRMnD
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} wzblFi t[c\gIIvScYLcGgpcDJkrT|k~C|pP
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} badjczvd nz^]CEz^ONdQI`e`[IAfz^Y@@nx[unH
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} tRyympKxm \}k}_JPpXFR@hVNPZoXwKXc_[b[Kz
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} odWyhlllakc lQvJF_fKmlmChwrss^bfYug_TVlDc_
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} adIqqklryu EEQrZ[oxqXPPWHVMoC[A
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} mGGwqtEe kJgpj]_var\N[L^Vy
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} IcmaaSCvip sRIcoXJaZLGDJlPJPgp}QOCNW}@
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qnoanzfdtwwx Xp|WQ^SVuKvG^HqGK@KLmbjhUbDX@v
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} fwvxekKwjf qaT~Z|@aVmn\|}@x
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} uyzlm TkmeMPNwXqp_M`af
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} zuotfoW QTeWFP[F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,5,9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale DE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare Changed 0
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\InprocServer32 C:\Programme\BearShare MediaBar\MediaBar.dll
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\ProgID XBTB01621.XBTB01621.1
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\TypeLib {4388B5C4-830A-42ad-94F6-487B6AA05767}
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\VersionIndependentProgID XBTB01621.XBTB01621
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419} BearShare MediaBar


Zango.Fireworks_Extravaganza Adware Installer more information...
Status: Ignored

Infected files detected
C:\WINDOWS\Asus_A_Series_ScreenSaver dir\expire.scf


Grokster P2P Program more information...
Details: Grokster is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected files detected
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP4\A0000219.dll
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP5\A0000262.dll


Altnet P2P Networking Low Risk Adware more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Ignored

Infected files detected
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP5\A0000252.cpl

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Ignored

Infected files detected
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP6\A0000541.exe
C:\Avenger\Need2Find\bar\1.bin\N2FFXTBR.JAR
C:\Avenger\Need2Find\bar\1.bin\N2NTSTBR.JAR
C:\Avenger\Need2Find\bar\1.bin\N2PLUGIN.DLL
C:\Avenger\Need2Find\bar\1.bin\ND2FNBAR.DLL
C:\Avenger\Need2Find\bar\1.bin\NPND2FN.DLL

Infected registry entries detected
HKEY_CURRENT_USER\Software\Need2Find
HKEY_CURRENT_USER\Software\Need2Find\bar MenuExtLabel &Search
HKEY_CLASSES_ROOT\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} Need2Find Bar BHO
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} Need2Find Bar
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\ProgID Need2FindBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\VersionIndependentProgID Need2FindBar.SettingsPlugin
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} Need2Find Bar Settings
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ProgID Need2FindBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\VersionIndependentProgID Need2FindBar.ToolbarPlugin
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} Need2Find Toolbar Plugin
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} INeed2FindBarSettings
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} _INeed2FindBarSettingsEvents
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.41834)
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin\CLSID {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin\CurVer Need2FindBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin Need2Find Bar Settings Plugin
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1\CLSID {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1 Need2Find Bar Settings Plugin
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin\CLSID {630D6140-04C5-4db0-B27A-020D766FF09B}
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin\CurVer Need2FindBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin Need2Find Toolbar Plugin
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1\CLSID {630D6140-04C5-4db0-B27A-020D766FF09B}
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1 Need2Find Toolbar Plugin
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\0\win32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\HELPDIR C:\Programme\Need2Find\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0 Toolbar 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} Need2Find Bar BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall DisplayName Need2Find Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall HelpLink http://help.need2find.com/searchbar.html
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall Publisher Need2Find Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall UninstallString rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall UrlInfoAbout http://www.need2find.com/jsp/softwareterms.jsp
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar PluginPath C:\Programme\Need2Find\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id EAFC6BB2-CA6D-4C8B-9097-90CFA641D2AD
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 166.23701
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigRevision 71
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigRevisionURL http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2006101514
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 141
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar NextConfigRequest 8LcL7YgNxwE-
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar LastConfigRequest 8H..x28NxwE-


DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Ignored

Infected files detected
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP25\A0006655.ico
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP25\A0006656.ico


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Ignored

Infected files detected
C:\Avenger\BearShare\RunMSC.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class


Zango.SearchAssistant Adware (General) more information...
Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit.
Status: Ignored

Infected files detected
C:\Avenger\BearShare\BearShareZangoInstaller.exe


Altnet Download Manager Low Risk Adware more information...
Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network.
Status: Ignored

Infected files detected
C:\Avenger\altnet\Points Manager\LocalPages\altnet.css


Altnet/Topsearch Browser Plug-in more information...
Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0} 2059899550


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0}
HKEY_CLASSES_ROOT\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} 2059899550
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}


FullContext.EQAdvice Adware (General) more information...
Details: FullContext.EQAdvice is an advertising program that displays ads and allows the installation of other adware.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html RXResult MIME Filter
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html CLSID


Eqiso Toolbar more information...
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\InprocServer32 C:\Programme\BearShare MediaBar\MediaBar.dll
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\ProgID XBTB01621.XBTB01621.1
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\TypeLib {4388B5C4-830A-42ad-94F6-487B6AA05767}
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419}\VersionIndependentProgID XBTB01621.XBTB01621
HKEY_CLASSES_ROOT\CLSID\{B7D3E479-CC68-42B5-A338-938ECE35F419} BearShare MediaBar


Cookie: Win-Spy Software Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\röber\cookies\röber@doubleclick[1].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\röber\cookies\röber@mediaplex[1].txt


Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\röber\cookies\röber@a[1].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\röber\cookies\röber@tradedoubler[2].txt

REPORT 2 von smitfraudfix:

SmitFraudFix v2.123

Scan done at 15:50:39,78, 21.11.2006
Run from C:\Dokumente und Einstellungen\R”ber\Desktop\Eigene Dateien\Downloads\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOKUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url Deleted
C:\DOKUME~1\ALLUSE~1\DESKTOP\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Last but not least HijackThis:


Logfile of HijackThis v1.99.1
Scan saved at 16:26:13, on 21.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
c:\Programme\Norton Internet Security\ISSVC.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\RemoteControlService.exe
c:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ASUS\ATK Media\DMEDIA.EXE
C:\Programme\ASUS\ASUS Live Update\ALU.exe
C:\Programme\Wireless Console 2\wcourier.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ASUS\Splendid\ACMON.exe
C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\vsnp2std.exe
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\Programme\ASUS\PowerForPhone\PowerForPhone.exe
C:\Programme\ASUS WLAN Adapter\ACU.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Röber\Desktop\Eigene Dateien\Downloads\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: (no name) - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Programme\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Programme\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACU] "C:\Programme\ASUS WLAN Adapter\ACU.exe" -nogui
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [rcnnopvr] C:\dclnjiuh.bat
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACA487F9-32EB-43D5-8D51-9ED784E17E69}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: ASUS-Konfigurationsdienst (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - c:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

#23 Gleiches Problemn. nach Download von Codec Pack kommt jetz "Critical System Errors!", sogar irgendwann 2 mal in der Rechten Unteren Ecke vorhanden. Hab mit dem RegSrch Tool schon nach VirusBursters gesucht (was mir auch von diesen Werbefenstern, die sich öffenen wenn man auf das Symbol klickt, bekannt vorkam), da hat er aber nichts gefunden. Bei Perfect Code allerdings schon:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Perfect Codec" 21.11.2006 16:46:14

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}\InprocServer32]
@="C:\\Programme\\Perfect Codec\\isaddon.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6}\InprocServer32]
@="C:\\Programme\\Perfect Codec\\iesplugin.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Perfect Codec\\isamonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"pmsngr.exe"="C:\\Programme\\Perfect Codec\\pmsngr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec]
"DisplayName"="Perfect Codec 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec]
"UninstallString"="C:\\Programme\\Perfect Codec\\uninst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec]
"DisplayIcon"="C:\\Programme\\Perfect Codec\\uninst.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec]
"Publisher"="Perfect Codec Software"

[HKEY_USERS\S-1-5-21-1454471165-1644491937-725345543-1003\Software\Internet Security]
"Path"="C:\\Programme\\Perfect Codec"

"C:\\Dokumente und Einstellungen\\Hannes\\Eigene Dateien\\mp4UI[www.free-codecs.com].exe"="mp4UI[www.free-codecs.com]"
"C:\\Programme\\Perfect Codec\\pmsngr.exe"="pmsngr"



Was muss ich jetz mit HiJackThis und so machen? Und Avenger? SChau da bei den ganzen Lösungen nich ganz durch... Sorry!

Bitte um Hilfe ;)
Hannes

#24 Lars1980

scanne noch mal , aber bitte kein:
Status: Ignored

sondern alles loeschen lassen !

* nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove --> Status: Deleted
*Quarantaine

----------
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)

O3 - Toolbar: (no name) - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - (no file)

O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP

__________
MfG Sabina

rund um die PC-Sicherheit

#25 HoneyLaZonga

1.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

2.
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

#26 Ups,

war ich wohl etwas voreilig. Post dann nochmal den scanreport,okay?

#27 ja, aber bitte alles geloescht
dann sollte wieder alles o.k. sein - auch mit hijackThis fixen (siehe oben)
__________
MfG Sabina

rund um die PC-Sicherheit

#28 So, jetzt der aktuelle report:

Spyware Scan Details
Start Date: 21.11.2006 17:07:58
End Date: 21.11.2006 17:16:12
Total Time: 8 mins 14 secs

Detected spyware

WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Ignored

Infected files detected
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP27\A0006719.dll


Zango.SearchAssistant Adware (General) more information...
Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit.
Status: Ignored

Infected files detected
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP27\A0006720.exe


BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected files detected
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP27\A0006722.exe
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP27\A0006723.dll
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP27\A0006727.ini


Need2FindBar Potentially Unwanted Program more information...
Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function.
Status: Ignored

Infected files detected
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP27\A0006728.DLL
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP27\A0006729.DLL
C:\System Volume Information\_restore{48CD0ECB-B532-4BF5-85F2-F8F18E580119}\RP27\A0006730.DLL


dann noch hijackthis:




Logfile of HijackThis v1.99.1
Scan saved at 17:20:45, on 21.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
c:\Programme\Norton Internet Security\ISSVC.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\RemoteControlService.exe
c:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ASUS\ATK Media\DMEDIA.EXE
C:\Programme\ASUS\ASUS Live Update\ALU.exe
C:\Programme\Wireless Console 2\wcourier.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ASUS\Splendid\ACMON.exe
C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\vsnp2std.exe
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\Programme\ASUS\PowerForPhone\PowerForPhone.exe
C:\Programme\ASUS WLAN Adapter\ACU.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Dokumente und Einstellungen\Röber\Desktop\Eigene Dateien\Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O3 - Toolbar: (no name) - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - (no file)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Programme\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Programme\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACU] "C:\Programme\ASUS WLAN Adapter\ACU.exe" -nogui
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [rcnnopvr] C:\dclnjiuh.bat
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACA487F9-32EB-43D5-8D51-9ED784E17E69}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: ASUS-Konfigurationsdienst (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - c:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

#29 1) Combofix Log File:


ComboFix 06.11.19 - Running from: "C:\Dokumente und Einstellungen\Hannes"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winsys.exe


((((((((((((((((((((((((((((((( Files Created from 2006-10-21 to 2006-11-21 ))))))))))))))))))))))))))))))))))


2006-11-20 21:02 <DIR> d-------- C:\Programme\Sunbelt Software
2006-11-20 21:00 <DIR> dr-h----- C:\Dokumente und Einstellungen\Hannes\Recent
2006-11-20 20:55 <DIR> d-------- C:\Programme\CCleaner
2006-11-20 18:28 77,824 --a------ C:\WINDOWS\system32\dcvwaah.dll
2006-11-20 18:28 <DIR> d-------- C:\Programme\Virus-Bursters
2006-11-20 18:28 <DIR> d-------- C:\Programme\Perfect Codec
2006-11-20 18:21 3,082 --a------ C:\WINDOWS\system32\affv9869p2now.sys
2006-11-20 18:21 <DIR> d-------- C:\Programme\WinAVIVideoConverter
2006-11-20 14:11 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2006-11-20 14:07 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-20 14:07 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2006-11-20 14:07 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2006-11-20 14:07 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2006-11-20 14:07 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2006-11-20 14:07 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2006-11-20 14:07 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2006-11-20 14:07 <DIR> d-------- C:\Programme\ACE Mega CoDecS Pack
2006-11-20 13:25 <DIR> d-------- C:\Programme\YAMB
2006-11-20 13:08 152,064 --a------ C:\WINDOWS\system32\unrar.dll
2006-11-20 13:08 <DIR> d-------- C:\Programme\K-Lite Codec Pack
2006-11-19 16:13 <DIR> d-------- C:\Programme\TMPGEnc
2006-11-19 16:11 <DIR> d-------- C:\Programme\3ivx
2006-11-19 15:51 <DIR> d-------- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Pegasys Inc
2006-11-19 15:45 <DIR> d-------- C:\Programme\VirtualDub 1.6.1
2006-11-19 15:10 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-11-16 19:47 <DIR> d-------- C:\Blood Brothers
2006-11-16 18:05 <DIR> d-------- C:\Programme\Xilisoft
2006-11-16 14:02 <DIR> d-------- C:\Programme\PolarSoft
2006-11-09 19:20 <DIR> d-------- C:\Programme\SpyCQ
2006-11-09 19:05 <DIR> d-------- C:\Programme\Mozilla Firefox
2006-11-09 19:05 <DIR> d-------- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla
2006-11-04 12:17 <DIR> d-------- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\drms
2006-11-04 10:52 323,584 -ra------ C:\WINDOWS\system32\N065UFW.dll
2006-11-04 10:52 318,976 -ra------ C:\WINDOWS\system32\UCS32P.DLL
2006-11-04 10:52 28,718 -ra------ C:\WINDOWS\system32\N065UCPL.DLL
2006-11-04 10:52 159,792 -ra------ C:\WINDOWS\system32\N065UUD.DLL
2006-11-04 10:51 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-04 10:51 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2006-11-01 20:28 <DIR> d-------- C:\Programme\PokerStars
2006-11-01 16:05 <DIR> d-------- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\ICQ Toolbar
2006-10-30 16:18 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-10-23 15:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA
2006-10-22 14:35 <DIR> d-------- C:\Programme\PartyGaming


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-20 22:10 -------- d-------- C:\Programme\Gemeinsame Dateien\WhenU
2006-11-20 14:10 -------- d-------- C:\Programme\QuickTime
2006-11-19 19:57 -------- d-------- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Azureus
2006-11-16 15:18 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-11-16 11:30 -------- d-------- C:\Programme\Azureus
2006-11-15 14:18 -------- d-------- C:\Programme\audiograbber
2006-11-07 19:39 32608 --a------ C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-11-05 15:06 -------- d-------- C:\Programme\Winamp
2006-11-04 19:09 -------- d-------- C:\Programme\iOpus Flatrate Steckdose
2006-11-01 16:05 -------- d-------- C:\Programme\ICQToolbar
2006-10-28 11:22 -------- d-------- C:\Programme\Sims2
2006-10-18 02:03 -------- d-------- C:\Programme\ICQLite
2006-10-17 15:03 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-17 15:03 -------- d-------- C:\Programme\Rockstar Games
2006-10-16 00:32 -------- d-------- C:\Programme\eMule.de
2006-10-08 14:46 -------- d-------- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Canon
2006-09-22 19:24 -------- d-------- C:\Programme\Last.fm
2006-09-13 18:07 167424 --a------ C:\WINDOWS\system32\SpoonUninstall.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"STYLEXP"="C:\\Programme\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Ins3DT"="G:\\INSTALL4\\INS3DT.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"pccguide.exe"="\"C:\\Programme\\Trend Micro\\PC-cillin 2002\\pccguide.exe\""
"PCCClient.exe"="\"C:\\Programme\\Trend Micro\\PC-cillin 2002\\PCCClient.exe\""
"Pop3trap.exe"="\"C:\\Programme\\Trend Micro\\PC-cillin 2002\\Pop3trap.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"SSBkgdUpdate"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"OpwareSE3"="\"C:\\Programme\\ScanSoft\\OmniPageSE3.0\\OpwareSE3.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\WINDOWS\\system32\\qttask.exe\" -atboottime"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c0,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,02,01,00,00,50,00,00,00,2c,00,00,00,09,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{40dcff6e-af8d-4183-8ebe-a82270ac449e}"="gimmicks"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Perfect Codec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Perfect Codec\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"gimmicks"="{40dcff6e-af8d-4183-8ebe-a82270ac449e}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-21 17:15:39.32
C:\ComboFix.txt ... 06-11-21 17:15




2) HiJack Log File

Logfile of HijackThis v1.99.1
Scan saved at 17:19:44, on 21.11.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\Perfect Codec\isamonitor.exe
C:\Programme\Perfect Codec\pmsngr.exe
C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\Programme\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Perfect Codec\pmmon.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Perfect Codec\isamini.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Programme\SEC\Natural Color\NaturalColorLoad.exe
C:\Programme\iOpus Flatrate Steckdose\flatrate.exe
C:\PROGRA~1\Opera\Opera.exe
C:\Programme\WinAce\WinAce.exe
C:\DOKUME~1\Hannes\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu173\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu173\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Programme\Perfect Codec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu173\toolbaru.dll
O3 - Toolbar: Protection Bar - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - C:\Programme\Perfect Codec\iesplugin.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Ins3DT] G:\INSTALL4\INS3DT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE3] "C:\Programme\ScanSoft\OmniPageSE3.0\OpwareSE3.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: FlatrateSteckdose.lnk = C:\Programme\iOpus Flatrate Steckdose\flatrate.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Broken Internet access because of LSP provider 'c:\programme\newdotnet\newdotnet7_22.dll' missing
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDED7D5F-60CD-4BC3-9438-064719FA82C2}: NameServer = 195.247.247.195 62.27.27.62
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\System32\dcvwaah.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

#30

Zitat

Sabina postete
Lars1980

scanne noch mal , aber bitte kein:
Status: Ignored

sondern alles loeschen lassen !

* nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove --> Status: Deleted
*Quarantaine

----------
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)

O3 - Toolbar: (no name) - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - (no file)

O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP

Hallo Sabina,

habe jetzt nochmal alles durchlaufen lassen und einen Neustart gemacht, bekomme dann gleich folgende Meldung:

Das System kann die angegebene Datei nicht finden.
C:\avenger\*.reg konnte nicht gefunden werden
1 Datei(en) kopiert.


Außerdem meldet Antivir sofort ein trojanische Pferd, TR/Dldr.Zlob.GA!!!!

Was nun??