Home » Spyware & Browser Hijacker Support Forum » critical system errors (virusbusters) » Themenansicht

critical system errors (virusbusters)

Thema ist geschlossen!
Thema ist geschlossen!
#0
21.11.2006, 02:55
atalay
...neu hier

Beiträge: 3
#1 Hallo allerseits!


ich hab auch diesen virusbusters trojaner oder sonst was auch immer, auf meinem pc, habe mir auch schon einige beiträge hier durchgelesen nur hab ich keine ahnung von diesem avanger und wo man diese files rein kopieren soll ! wäre sehr sehr froh über eine detailierte beschreibung oder ganz einfach, eine beschreibung für dumme ! hab leider nicht so viel ahnung!

bitte um hilfe und wäre sehr dankbar für jede hilfe!!!

gruss atalay

p.s. dies konnte ich noch abgucken und hab es auch hin bekommen !

bitteschön:

Logfile of HijackThis v1.99.1
Scan saved at 02:54, on 21.11.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
D:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Atacan\Desktop\atalay\cs\progs and driver\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOKUME~1\Atacan\LOKALE~1\Temp\AutoRunPro0\IDMIECC.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All Links with IDM - C:\DOKUME~1\Atacan\LOKALE~1\Temp\AutoRunPro0\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\DOKUME~1\Atacan\LOKALE~1\Temp\AutoRunPro0\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161112455593
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\System32\dcvwaah.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - d:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
Seitenanfang Seitenende
21.11.2006, 09:45
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 poste bitte dieses log, dann sehen wir weiter ;)
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.11.2006, 15:37
atalay
...neu hier

Themenstarter

Beiträge: 3
#3 Atacan - 06-11-21 15:36:00,42 Service Pack 1
ComboFix 06.11.19 - Running from: "C:\Dokumente und Einstellungen\Atacan\Desktop\atalay\cs\progs and driver\antivirus"

((((((((((((((((((((((((((((((( Files Created from 2006-10-21 to 2006-11-21 ))))))))))))))))))))))))))))))))))


2006-11-21 02:48 <DIR> d-------- C:\Avenger
2006-11-21 01:37 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-11-21 01:37 33,280 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-11-21 01:37 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-11-21 01:37 <DIR> d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-11-21 01:37 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2006-11-20 19:43 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-11-20 17:46 77,824 --a------ C:\WINDOWS\system32\dcvwaah.dll
2006-11-20 17:46 <DIR> d-------- C:\Programme\Virus-Bursters
2006-11-20 17:46 <DIR> d-------- C:\Programme\Perfect Codec
2006-11-16 23:25 <DIR> d-------- C:\WINDOWS\system32\VirtualExpander
2006-11-16 18:53 29,696 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-11-16 18:53 12,032 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-11-16 18:47 <DIR> d-------- C:\Programme\Microsoft Visual Studio
2006-11-16 18:47 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Designer
2006-11-16 18:46 <DIR> d-------- C:\Programme\Microsoft Office
2006-11-16 18:41 <DIR> d-------- C:\Programme\Microsoft ActiveSync
2006-11-13 21:18 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-11-13 21:18 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-11-13 21:17 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-11-13 21:17 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-11-13 21:17 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-11-13 21:17 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-11-13 21:17 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-11-13 21:17 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-11-13 21:17 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-11-13 13:39 <DIR> d-------- C:\Programme\BearShare applications
2006-11-13 13:39 <DIR> d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\BearShare
2006-11-13 00:20 <DIR> d-------- C:\Temp
2006-11-13 00:00 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-13 00:00 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-10-31 19:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\deltra Software GmbH
2006-10-31 19:43 <DIR> d-------- C:\Programme\miniFaktura
2006-10-31 18:17 <DIR> d-------- C:\WINDOWS\uninstall
2006-10-31 18:17 <DIR> d-------- C:\WINDOWS\system32\pico-system
2006-10-31 18:17 <DIR> d-------- C:\Programme\Aurelie
2006-10-31 17:30 30,464 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2006-10-31 17:05 77,824 --a------ C:\WINDOWS\system32\MSBIND.DLL
2006-10-31 17:05 716,800 --a------ C:\WINDOWS\system32\cmbr10.dll
2006-10-31 17:05 716,288 --a------ C:\WINDOWS\system32\cmmx01.dll
2006-10-31 17:05 707,584 --a------ C:\WINDOWS\system32\cmll10xl.dll
2006-10-31 17:05 665,088 --a------ C:\WINDOWS\system32\cmdw10.dll
2006-10-31 17:05 36,864 --a------ C:\WINDOWS\system32\cmll10sx.dll
2006-10-31 17:05 240,640 --a------ C:\WINDOWS\system32\sevZip32.dll
2006-10-31 17:05 212,992 --a------ C:\WINDOWS\system32\cmpr10.dll
2006-10-31 17:05 2,766,336 --a------ C:\WINDOWS\system32\cmll10.dll
2006-10-31 17:05 164,352 --a------ C:\WINDOWS\system32\VBEx32.dll
2006-10-31 17:05 16,896 --a------ C:\WINDOWS\system32\WINSKDE.DLL
2006-10-31 17:05 159,232 --a------ C:\WINDOWS\system32\cmut10.dll
2006-10-31 17:05 125,712 --a------ C:\WINDOWS\system32\VB6DE.DLL
2006-10-31 17:05 120,320 --a------ C:\WINDOWS\system32\SEVDTA32.DLL
2006-10-31 17:05 1,234,432 --a------ C:\WINDOWS\system32\cmct10.dll
2006-10-31 17:05 1,212,928 --a------ C:\WINDOWS\system32\cmls10.dll
2006-10-31 17:05 <DIR> d-------- C:\Programme\VB6RT & Komponents
2006-10-31 17:05 <DIR> d-------- C:\Programme\Softwareprofi Database Engine
2006-10-31 17:04 <DIR> d-------- C:\Programme\Office Auftragsprofi
2006-10-31 17:00 <DIR> d-------- C:\Programme\Deskcalc Pro
2006-10-29 22:52 <DIR> d-------- C:\WINDOWS\Minidump
2006-10-29 21:32 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-10-29 21:32 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-10-29 21:32 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-27 00:13 <DIR> d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\Help
2006-10-22 22:50 <DIR> d-------- C:\Programme\Everest Poker


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-21 15:35 -------- d-------- C:\Programme\Mozilla Firefox
2006-11-16 21:56 -------- d---s---- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\Microsoft
2006-11-16 19:04 2508 --a------ C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\$_hpcst$.hpc
2006-11-16 18:52 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-11-16 18:47 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-11-16 18:47 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-11-16 18:41 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-11-13 21:17 -------- d-------- C:\Programme\Gemeinsame Dateien\Ahead
2006-10-27 00:13 -------- d-------- C:\Programme\WinRAR
2006-10-20 03:10 -------- d-------- C:\Programme\Gemeinsame Dateien\NSV
2006-10-20 03:08 -------- d-------- C:\Programme\Winamp
2006-10-18 18:18 -------- d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\Teleca
2006-10-18 18:15 -------- d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared
2006-10-18 18:14 -------- d-------- C:\Programme\Sony Ericsson
2006-10-17 20:14 -------- d--h----- C:\Programme\WindowsUpdate
2006-10-17 04:22 -------- d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\Brother
2006-10-17 04:18 -------- d-------- C:\Programme\Brother
2006-10-17 04:17 -------- d-------- C:\Programme\Gemeinsame Dateien\Brother
2006-10-17 04:13 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-10-17 01:55 -------- d-------- C:\Programme\Gemeinsame Dateien\AVM
2006-10-17 01:55 -------- d-------- C:\Programme\FRITZ!Box
2006-10-17 01:52 -------- d-------- C:\Programme\FRITZ!DSL
2006-10-17 01:37 -------- d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\FRITZ!
2006-10-17 00:00 -------- d-------- C:\Programme\T-Online
2006-10-10 14:44 2829 --a------ C:\WINDOWS\War3Unin.pif
2006-10-10 14:44 139264 --a------ C:\WINDOWS\War3Unin.exe
2006-10-09 01:57 -------- d-------- C:\Programme\Nokia
2006-10-09 01:57 -------- d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2006-10-09 01:57 -------- d-------- C:\Programme\Gemeinsame Dateien\Nokia
2006-10-09 01:57 -------- d-------- C:\Programme\DIFX
2006-10-09 01:56 -------- d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\PC Suite
2006-10-04 16:18 -------- d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\Ventrilo
2006-10-04 16:12 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-10-03 11:47 -------- d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\MSN6
2006-09-29 00:32 -------- d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\IEZ
2006-09-29 00:28 665600 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2006-09-29 00:28 304640 --a------ C:\WINDOWS\system32\hlvdd.dll
2006-09-29 00:26 -------- d-------- C:\Programme\Gemeinsame Dateien\IEZ shared
2006-09-27 20:13 -------- d-------- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\Ahead
2006-09-27 19:43 -------- d-------- C:\Programme\Nero
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 16:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 16:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 16:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 16:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-25 16:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-25 16:07 -------- d-------- C:\Programme\MyGlobalSearch
2006-09-15 05:21 135168 --a------ C:\WINDOWS\system32\idmmbc.dll
2006-09-15 05:03 737280 --a------ C:\WINDOWS\iun6002.exe
2006-09-14 18:15 62 --ahs---- C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\desktop.ini
2006-09-14 17:25 0 -rahs---- C:\MSDOS.SYS
2006-09-14 17:25 0 -rahs---- C:\IO.SYS
2006-09-14 17:25 0 --a------ C:\CONFIG.SYS
2006-09-14 17:25 0 --a------ C:\AUTOEXEC.BAT
2006-09-04 18:08 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-08-25 04:47 129784 --------- C:\WINDOWS\system32\pxafs.dll
2006-08-25 04:47 115880 --------- C:\WINDOWS\system32\pxinsi64.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{40dcff6e-af8d-4183-8ebe-a82270ac449e}"="gimmicks"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"gimmicks"="{40dcff6e-af8d-4183-8ebe-a82270ac449e}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^FRITZ!DSL Startcenter.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\FRITZ!DSL Startcenter.lnk"
"backup"="C:\\WINDOWS\\pss\\FRITZ!DSL Startcenter.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FRITZ!~2\\StCenter.exe "
"item"="FRITZ!DSL Startcenter"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"D:\\Programme\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskCalc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="deskcalc"
"hkey"="HKCU"
"command"="\"c:\\programme\\deskcalc pro\\deskcalc.exe\" /hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IDMan"
"hkey"="HKCU"
"command"="C:\\DOKUME~1\\Atacan\\LOKALE~1\\Temp\\AutoRunPro0\\IDMan.exe /onboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Application Launcher"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Online DSL-Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TODslMgr"
"hkey"="HKLM"
"command"="\"C:\\Programme\\T-Online\\DSL-Manager\\TODslMgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToADiMon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ToADiMon"
"hkey"="HKLM"
"command"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TODslService"=dword:00000003
"TapiSrv"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 06-11-21 15:36:41.51
C:\ComboFix.txt ... 06-11-21 15:36
C:\ComboFix2.txt ... 06-11-21 02:39
Seitenanfang Seitenende
21.11.2006, 16:02
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{40dcff6e-af8d-4183-8ebe-a82270ac449e}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|gimmicks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Perfect Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}
HKLM\SOFTWARE\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7F78A644-C4A7-4F71-BA4E-5323AA95E7D5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F83E8F99-AE49-45D6-92B4-59854BF0A759}

Files to delete:
C:\WINDOWS\system32\dcvwaah.dll
C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url

Folders to delete:
C:\Programme\BearShare applications
C:\Dokumente und Einstellungen\Atacan\Anwendungsdaten\BearShare
C:\Programme\Virus-Bursters
C:\Programme\Perfect Codec
C:\Programme\MyGlobalSearch
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

____________________________

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\DOKUME~1\Atacan\LOKALE~1\Temp\AutoRunPro0\IDMIECC.dll (file missing)

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O8 - Extra context menu item: Download All Links with IDM - C:\DOKUME~1\Atacan\LOKALE~1\Temp\AutoRunPro0\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\DOKUME~1\Atacan\LOKALE~1\Temp\AutoRunPro0\IEExt.htm

PC neustarten

««
neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

««
scanne mit Counterspy, stelle nach dem scan alles auf "remove"
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.11.2006, 17:00
atalay
...neu hier

Themenstarter

Beiträge: 3
#5 1. Scan

Spyware Scan Details
Start Date: 21.11.2006 17:23:09
End Date: 21.11.2006 18:00:13
Total Time: 37 mins 4 secs

Detected spyware

NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components.
Status: Deleted

Infected files detected
D:\Incoming\NetPumper\NetPumperNNProxy.dll
D:\Incoming\NetPumper\NPNetPumper_Application.dll
D:\Incoming\NetPumper\NPNetPumper_Audio.dll
D:\Incoming\NetPumper\NPNetPumper_Video.dll
D:\Incoming\NetPumper\shutdown.exe
D:\Incoming\NetPumper\TurnLog.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo t6PdVo3ICprlQ4g6mvYrc3zN0gr-x8aOjvRow45DS5DPhHwvY0qJ8Ga9UZ6CzwsqbwFAMOwrw
W0x+3+6m60uNZH7SI+7FD0jWCvuFElumed8j
4Ua8k7bNfcLMw5Az-cjcqVXEjRRKmENnITizJ2YwhLr4C9AV7QQk-7WoAcxmmA
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA} INetscapeInterface


Everest Poker Potentially Unwanted Program more information...
Status: Deleted

Infected files detected
c:\programme\everest poker\casino.exe
c:\programme\everest poker\cstart.exe
c:\programme\everest poker\everest poker.exe
c:\programme\everest poker\gvbase.dll
c:\programme\everest poker\gvcrt.dll
c:\programme\everest poker\gvgfx.dll
c:\programme\everest poker\gvmain.dll
c:\programme\everest poker\gvmain.exe
c:\programme\everest poker\gvnetwork.dll
c:\programme\everest poker\gvsound.dll
c:\programme\everest poker\init.ini
c:\programme\everest poker\log.dat
c:\programme\everest poker\settings.ini
c:\programme\everest poker\toc_de.ini
c:\programme\everest poker\data\casino\de.gvt
c:\programme\everest poker\data\casino\shared.gvt
c:\programme\everest poker\data\cpanel\de.gvt
c:\programme\everest poker\data\cpanel\shared.gvt
c:\programme\everest poker\data\mp-lobby\de\bitmaps.gvt
c:\programme\everest poker\data\mp-lobby\de\mp-history_strings.txt
c:\programme\everest poker\data\mp-lobby\de\mp-lobby_strings.txt
c:\programme\everest poker\data\mp-lobby\de\mp-style.gvm
c:\programme\everest poker\data\mp-lobby\shared.gvt
c:\programme\everest poker\data\mp-poker\de\bitmaps.gvt
c:\programme\everest poker\data\mp-poker\de\mp-chat-options.gvm
c:\programme\everest poker\data\mp-poker\de\mp-poker_strings.txt
c:\programme\everest poker\data\mp-poker\de\mp-poker_tutorial.txt
c:\programme\everest poker\data\mp-poker\shared.gvt
c:\programme\everest poker\data\shared\de\country.txt
c:\programme\everest poker\data\shared\de\language.txt
c:\programme\everest poker\data\shared\de\ordinal.txt
c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_100.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_1000.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_10000.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_25.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_2500.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_500.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_chip_al.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_100.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_1000.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_10000.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_25.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_2500.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_fun_chip_500.art
c:\programme\everest poker\data\shared\shared\bitmaps\btn_scroll.gvt
c:\programme\everest poker\data\shared\shared\bitmaps\check.art
c:\programme\everest poker\data\shared\shared\bitmaps\chips.art
c:\programme\everest poker\data\shared\shared\bitmaps\cursor100.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor1000.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor10000.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor10000_fun.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor1000_fun.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor100_fun.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor25.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor2500.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor2500_fun.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor25_fun.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor500.cur
c:\programme\everest poker\data\shared\shared\bitmaps\cursor500_fun.cur
c:\programme\everest poker\data\shared\shared\bitmaps\fun_chips.art
c:\programme\everest poker\data\shared\shared\paths.txt
c:\programme\everest poker\data\shared\shared\sounds\button.ogg
c:\programme\everest poker\data\shared\shared\sounds\carddeal.ogg
c:\programme\everest poker\data\shared\shared\sounds\cardflip.ogg
c:\programme\everest poker\data\shared\shared\sounds\chipclick.ogg
c:\programme\everest poker\data\startup\de\startup_strings.txt
c:\programme\everest poker\data\startup\en\startup_strings.txt
c:\programme\everest poker\data\startup\shared\bitmaps\splash_poker.art
c:\programme\everest poker\data\startup\shared\icons\ep.ico
c:\programme\everest poker\data\startup\shared\paths.txt
c:\programme\everest poker\data\startup\shared\settings_paths.txt
c:\programme\everest poker\data\startup\shared\sounds\alert.ogg

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker DisplayName Everest Poker (Remove Only)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker UninstallString C:\Programme\Everest Poker\cstart.exe /uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker DisplayIcon C:\Programme\Everest Poker\data\startup\shared\icons\ep.ico


BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\bearshare.lnk
D:\Programme\BearShare\BSidle.dll
D:\Programme\BearShare\Webstats.exe
D:\Programme\BearShare\Webstats.ini
D:\Programme\BearShare\RunMSC.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "D:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 D:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR D:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current D:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir D:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString D:\PROGRA~1\BEARSH~2\UNWISE.EXE D:\PROGRA~1\BEARSH~2\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.1.4
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.com/help.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon D:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current D:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ole32.dll
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} PointerMoniker
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} bladaeychv ys]``A|W[Z}{YjD[Hv
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} UVWe fZWSL`DuRANZdqfna[XPWIoRHftud@J
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} fekhlPnx dChm^ZahLX_rQ}`lFqIzBABSNBnTNmoj
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} AjtKeD rrIpBhHeQ`^]kbkmDdyf~N
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vojillFzgdz fmxF@U^X[_lflmCQlIAbP
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} eweuujmhs qbTp}~|[{ODAyqWhpsAGV_sB`m
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} nlcfjgngv ufK[k~pu]`XQZB{wC{CUYxZTng
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} cIufUNioWzY ]Y[pvcYWoEM|gQNzuxc|F]|qt|mN|fPQ
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} aodE BuMSm~I}klclFf\gpCxtwvw
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} RTqdsadblnFK RxwyXDZyxB`^RRj
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jnkFxuaslS KVgLg]tqdxfmZ[ElDyq
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} rtWAnlvQq ADaIFza_ZxXuJalHS
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Ayhem R{rS|iDbXGxsIqSgVZx^NDQ
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} GqsdTN doh`vIVjcMTot\Zsl
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} RXxqbKxvMro hM`@Wp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,1,4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale EN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare Changed 0


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected files detected
D:\Programme\BearShare\RunMSC.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 D:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class


AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5 C:\Programme\Mozilla Firefox\Plugins
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Mozilla, Opera, Netscape
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString D:\ALNN\setup2.exe -u


My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}


MyGlobalSearch.Toolbar Potentially Unwanted Program more information...
Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404} My Global Search Bar
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\ProgID MyGlobalSearchBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\VersionIndependentProgID MyGlobalSearchBar.SettingsPlugin
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404} My Global Search Bar Settings
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{37B85A2A-692B-4205-9CAD-2626E4993404} IMyGlobalSearchSettings
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{37B85A2C-692B-4205-9CAD-2626E4993404} _IMyGlobalSearchSettingsEvents
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin\CLSID {37B85A2B-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin\CurVer MyGlobalSearchBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin My Global Search Bar Settings Plugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1\CLSID {37B85A2B-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.SettingsPlugin.1 My Global Search Bar Settings Plugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin\CurVer MyGlobalSearchBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin MyGlobalSearch Toolbar Plugin
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1\CLSID {EF281620-A3A3-4f08-874F-D68CFC9B7945}
HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin.1 MyGlobalSearch Toolbar Plugin
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0\win32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\HELPDIR C:\Programme\MyGlobalSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0 Toolbar 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\My Global Search Uninstall Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall DisplayName My Global Search Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall HelpLink http://help.myglobalsearch.com/searchbar.html
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall Publisher My Global Search Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall UninstallString rundll32 C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll,O
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Global Search Uninstall UrlInfoAbout http://www.myglobalbsearch.com/jsp/softwareterms.jsp
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Maximized 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar PluginPath C:\Programme\MyGlobalSearch\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 16
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id 0E9B416B-D434-441D-B349-7A7950768AD2
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigRevision 5
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigRevisionURL http://cfg.myglobalsearch.com/barcfg.jsp?s=gs&p=IK
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006092511
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar NextConfigRequest ILw625sNxwE-
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar LastConfigRequest IITttYINxwE-
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530


BestOffersNetworks.RecordNRip Adware Installer more information...
Details: BestOffersNetworks.RecordNRip is a crippled version of software which purports to allow a user to record music from their PC. This application alone does not present a threat, but is installed with several adware threats.
Status: Deleted

Infected files detected
d:\programme\bearshare applications\bearshare\nctaudiocdwriter2.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}
HKEY_CLASSES_ROOT\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}\InprocServer32 D:\Programme\BearShare Applications\BearShare\NCTAudioCDWriter2.dll
HKEY_CLASSES_ROOT\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}\ProgID NCTAudioCDWriter2.AudioCDWriter2.1
HKEY_CLASSES_ROOT\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}\TypeLib {2D77AC8A-0A4C-40D0-9557-51907A575E45}
HKEY_CLASSES_ROOT\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0}\VersionIndependentProgID NCTAudioCDWriter2.AudioCDWriter2
HKEY_CLASSES_ROOT\CLSID\{01AD9322-02FF-4f4f-AC52-92FDA5AE65F0} AudioCDWriter2 Class

beim 2. Scan hat er nichts mehr gefunden!




nur noch einer frage, soll ich antivir oder avast nutzen ????




Bedanke mich vom ganzem herzen bei Sabine die mir geholfen hat !
und bin überglücklich das es solche menschen gibt !!!!!!!!!

DAAANNNNNNNNNNNNNKKKKKKKKKKKEEEEEEEEEEEEEEEEEEEEEE!!!!
Dieser Beitrag wurde am 22.11.2006 um 00:04 Uhr von atalay editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1