Best offers lässt sich nicht löschen

#1 Hallo Leute, sitze gerade an einem Rechner, wo sich best offer nicht löschen lässt, könnt ihr mir helfen?
Gruss BaseJ

Hier der Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:19:02, on 26.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
C:\Programme\USB MEMORY BAR\diskicon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Napster\napster.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\TBONBin\tbon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\TBONBin\TBONWnd.EXE
C:\Programme\TBONBin\TBONWnd.EXE
C:\DOKUME~1\LE~1\LOKALE~1\Temp\Rar$EX96.371\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.de/proxy.pac
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Programme\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DiskIcon] C:\Programme\USB MEMORY BAR\diskicon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NapsterShell] C:\Programme\Napster\napster.exe /systray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [tbon] C:\Programme\TBONBin\tbon.exe /r
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe

#2 poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hier das gewünschte Log:

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-21 16:29 33280 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5"
"tbon"="C:\\Programme\\TBONBin\\tbon.exe /r"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\j2re1.4.2_01\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"P2P Networking"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART"
"SearchUpgrader"="C:\\Programme\\Common files\\SearchUpgrader\\SearchUpgrader.exe"
"Lexmark X74-X75"="\"C:\\Programme\\Lexmark X74-X75\\lxbbbmgr.exe\""
"DiskIcon"="C:\\Programme\\USB MEMORY BAR\\diskicon.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SemanticInsight"="C:\\Programme\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
@=""
"Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"NapsterShell"="C:\\Programme\\Napster\\napster.exe /systray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,44,02,00,00,00,00,00,00,bc,02,00,00,02,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,44,02,00,00,00,00,00,00,bc,02,00,00,02,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-26 14:53:53.85
C:\ComboFix.txt ... 06-11-26 14:53

Gruss BaseJ

#4 1.
cleanup anwenden
http://virus-protect.org/cleanup.html

2.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temporary Internet Files\Content.IE5" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hier der Text, der dann erscheint!

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\WINDOWS\Downloaded Program Files

06.07.2004 14:50 <DIR> .
06.07.2004 14:50 <DIR> ..
18.12.2004 20:48 88.576 WebP2PInstaller.dll
27.08.2005 13:30 5.065 swflash.inf
2 Datei(en) 93.641 Bytes
2 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Programme\Common Files

06.07.2004 15:06 <DIR> .
06.07.2004 15:06 <DIR> ..
06.07.2004 15:06 <DIR> System
18.12.2004 20:50 <DIR> SearchUpgrader
0 Datei(en) 0 Bytes
4 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Program Files

18.12.2004 20:48 <DIR> .
18.12.2004 20:48 <DIR> ..
11.07.2006 20:45 <DIR> ICQLite
0 Datei(en) 0 Bytes
3 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Dokumente und Einstellungen\Le\Lokale Einstellungen\Temporary Internet Files\Content.IE5

07.11.2004 21:29 <DIR> .
07.11.2004 21:29 <DIR> ..
26.11.2006 16:42 81.920 index.dat
1 Datei(en) 81.920 Bytes
2 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Dokumente und Einstellungen\Le\Lokale Einstellungen\Temp

07.11.2004 21:29 <DIR> .
07.11.2004 21:29 <DIR> ..
26.11.2006 16:31 222 jusched.log
1 Datei(en) 222 Bytes
2 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\WINDOWS\Temp

06.07.2004 14:42 <DIR> .
06.07.2004 14:42 <DIR> ..
26.11.2006 16:32 0 T30DebugLogFile.txt
1 Datei(en) 0 Bytes
2 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Temp

30.10.2005 12:00 <DIR> .
30.10.2005 12:00 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Programme

06.07.2004 14:45 <DIR> .
06.07.2004 14:45 <DIR> ..
06.07.2004 14:45 <DIR> Gemeinsame Dateien
06.07.2004 14:48 <DIR> Windows NT
06.07.2004 14:48 <DIR> MSN
06.07.2004 14:49 <DIR> MSN Gaming Zone
06.07.2004 14:49 <DIR> Messenger
06.07.2004 14:49 <DIR> Windows Media Player
06.07.2004 14:49 <DIR> Online Services
06.07.2004 14:49 <DIR> ComPlus Applications
06.07.2004 14:50 <DIR> Internet Explorer
06.07.2004 14:50 <DIR> Outlook Express
06.07.2004 14:50 <DIR> NetMeeting
06.07.2004 14:50 <DIR> Movie Maker
06.07.2004 14:50 <DIR> Online-Dienste
06.07.2004 14:52 <DIR> microsoft frontpage
06.07.2004 14:52 <DIR> xerox
06.07.2004 14:55 <DIR> Intel
06.07.2004 14:59 <DIR> CONEXANT
06.07.2004 15:00 <DIR> Synaptics
06.07.2004 15:02 <DIR> Acer Inc
06.07.2004 15:04 <DIR> Adobe
06.07.2004 15:06 <DIR> Common Files
06.07.2004 15:15 <DIR> CyberLink
06.07.2004 15:17 <DIR> NewTech Infosystems
06.07.2004 15:20 <DIR> Ligos
07.11.2004 21:30 <DIR> ATI Technologies
07.11.2004 21:35 <DIR> Microsoft Works
07.11.2004 22:41 <DIR> Microsoft Office
07.11.2004 16:45 <DIR> Microsoft Visual Studio
07.11.2004 17:02 <DIR> WinRAR
07.11.2004 17:03 <DIR> Java
07.11.2004 17:05 <DIR> Real
07.11.2004 17:27 <DIR> Snapshot Viewer
18.12.2004 20:50 <DIR> PerfectNav
12.03.2005 15:37 <DIR> Lexmark X74-X75
12.03.2005 15:40 <DIR> FaxTools
12.03.2005 15:41 <DIR> ABBYY FineReader 5.0 Sprint
17.03.2005 21:10 <DIR> Hasbro Interactive
22.03.2005 19:33 <DIR> Microsoft Works Suite 2005
22.03.2005 19:42 <DIR> Picture It! Premium 10
07.04.2005 16:43 <DIR> SSH Communications Security
16.04.2005 19:51 <DIR> Spybot - Search & Destroy
18.05.2005 09:20 <DIR> USB MEMORY BAR
24.10.2005 19:58 <DIR> ICQLite
08.01.2006 22:17 <DIR> ICQToolbar
27.01.2006 17:00 <DIR> Altnet
27.01.2006 17:04 <DIR> Need2Find
01.02.2006 19:49 <DIR> AntiVir PersonalEdition Classic
22.02.2006 22:33 <DIR> Qnext
12.03.2006 18:29 <DIR> Acer
05.04.2006 23:00 <DIR> Sony
05.04.2006 23:02 <DIR> Sony Corporation
27.07.2006 09:57 <DIR> Audiograbber 1.83
28.07.2006 00:14 <DIR> TBONBin
03.09.2006 17:26 <DIR> Sony Ericsson
15.11.2006 18:30 <DIR> Napster
18.11.2006 19:11 <DIR> MSXML 4.0
26.11.2006 16:29 <DIR> CleanUp!
0 Datei(en) 0 Bytes
59 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Dokumente und Einstellungen\Le\Lokale Einstellungen\Anwendungsdaten

07.11.2004 21:29 <DIR> .
07.11.2004 21:29 <DIR> ..
06.07.2004 14:54 <DIR> Microsoft
07.11.2004 21:40 <DIR> Adobe
07.11.2004 17:02 <DIR> {7148F0A6-6813-11D6-A77B-00B0D0142010}
22.03.2005 19:52 93.104 GDIPFONTCACHEV1.DAT
22.01.2005 20:20 <DIR> Help
24.11.2006 17:06 24.064 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
03.09.2006 17:34 <DIR> Sony Ericsson
2 Datei(en) 117.168 Bytes
7 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Dokumente und Einstellungen\Le\Anwendungsdaten

07.11.2004 21:29 <DIR> .
07.11.2004 21:29 <DIR> ..
06.07.2004 14:56 <DIR> Identities
07.11.2004 21:40 <DIR> Adobe
07.11.2004 21:40 <DIR> AdobeUM
07.11.2004 22:13 <DIR> Symantec
07.11.2004 22:41 <DIR> Microsoft Web Folders
07.11.2004 17:04 <DIR> Sun
07.11.2004 17:05 <DIR> Real
15.12.2004 17:41 <DIR> Macromedia
23.12.2004 00:03 <DIR> CyberLink
21.01.2005 23:45 0 dm.ini
21.01.2005 23:45 871 AdobeDLM.log
22.01.2005 20:20 <DIR> Help
24.10.2005 19:58 <DIR> ICQLite
24.02.2006 23:18 <DIR> Media Player Classic
05.04.2006 22:59 <DIR> Sony Corporation
13.06.2006 18:27 <DIR> Skype
03.09.2006 17:27 <DIR> Teleca
16.11.2006 19:29 <DIR> Roxio
2 Datei(en) 871 Bytes
18 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

06.07.2004 14:44 <DIR> .
06.07.2004 14:44 <DIR> ..
06.07.2004 15:15 <DIR> CyberLink
07.11.2004 22:12 <DIR> Symantec
07.11.2004 17:27 <DIR> SBT
12.03.2005 15:40 <DIR> BVRP Software
16.04.2005 19:51 <DIR> Spybot - Search & Destroy
01.02.2006 16:17 <DIR> AntiVir PersonalEdition Classic
08.02.2006 21:00 305 addr_file.html
05.04.2006 23:00 <DIR> Sony Corporation
13.06.2006 18:27 <DIR> Skype
26.07.2006 10:19 <DIR> Adobe
03.09.2006 17:26 <DIR> Teleca
03.09.2006 17:26 <DIR> Sony Ericsson
15.11.2006 18:30 <DIR> Napster
1 Datei(en) 305 Bytes
14 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Programme\Gemeinsame Dateien

06.07.2004 14:45 <DIR> .
06.07.2004 14:45 <DIR> ..
06.07.2004 14:45 <DIR> Microsoft Shared
06.07.2004 14:45 <DIR> SpeechEngines
06.07.2004 14:45 <DIR> ODBC
06.07.2004 14:50 <DIR> System
06.07.2004 14:50 <DIR> MSSoap
06.07.2004 14:50 <DIR> Dienste
06.07.2004 14:54 <DIR> InstallShield
07.11.2004 21:40 <DIR> Adobe
07.11.2004 16:45 <DIR> Designer
07.11.2004 17:03 <DIR> Java
07.11.2004 17:05 <DIR> Real
07.11.2004 17:05 <DIR> xing shared
20.12.2004 17:25 <DIR> etosctcb
05.04.2006 22:59 <DIR> Sony Shared
03.09.2006 17:26 <DIR> Teleca Shared
15.11.2006 18:31 <DIR> Napster Shared
0 Datei(en) 0 Bytes
18 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\Windows\tasks

06.07.2004 14:50 <DIR> .
06.07.2004 14:50 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 8.738.455.552 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

#6 ««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html


ist fuer mich.........

Zitat

C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll

C:\Programme\Altnet
C:\Programme\PerfectNav
C:\Programme\Need2Find
C:\Programme\TBONBin
C:\Programme\Common Files\SearchUpgrader

__________
MfG Sabina

rund um die PC-Sicherheit

#7 @Sabina:
Sorry, anscheinend bin ich zu dumm, aber was verstehst du genau unter abkopieren?

#8 http://virus-protect.org/datfindbat.html
datFind.zip --> entzippe datFind.zip --> datFind.bat
http://virus-protect.org/zip/datFind.zip
Kurzanleitung datfindbat

1. Doppel-klick DATFINDBAT

2. Es öffnet sich der Texteditor. Speichern als system32.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

3. auf das Command Fenster klicken und beliebige Taste drücken

4. Es öffnet sich der Texteditor. Speichern als systemtemp.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

5. Wiederhole Schritt 3 und speichere als windows.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig)

6. Wiederhole Schritt 3 und speichere als temp.txt

7. Wiederhole Schritt 3 und speichere als down.txt

8. Wiederhole Schritt 3 und speichere als c.txt

9. Poste ALLE Logs (3 Monate vom Datum her, mehr ist nicht notwendig)
__________
MfG Sabina

rund um die PC-Sicherheit

#9 So, ich hoffe ich hab alles richtig gemacht!

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\DOKUME~1\LE~1\LOKALE~1\Temp

26.11.2006 21:14 16.384 ~DF7467.tmp
26.11.2006 21:14 512 ~DF7390.tmp
26.11.2006 21:14 3.375.104 ~DF734E.tmp
26.11.2006 19:28 49.152 ~DFBA01.tmp
26.11.2006 18:31 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}10982.html
26.11.2006 18:15 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}30491.html
26.11.2006 16:54 16.384 ~DF2CF8.tmp
26.11.2006 16:54 16.384 ~DFE68A.tmp
26.11.2006 16:54 512 ~DFE913.tmp
26.11.2006 16:54 222 jusched.log
10 Datei(en) 3.476.615 Bytes
0 Verzeichnis(se), 8.534.966.272 Bytes frei
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Kleiner Nachtrag,
dass sind die Dateien, die ich jeweils von system.txt kopiert und gespeichert habe!

Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 2629-16F0

Verzeichnis von C:\WINDOWS\system32

16.11.2006 06:20 10.474.920 MRT.exe
14.11.2006 08:15 1.158 wpa.dbl
04.11.2006 14:14 1.245.696 msxml4.dll
30.10.2006 11:10 368.896 FNTCACHE.DAT
16.10.2006 11:40 123.392 xpsp3res.dll
13.10.2006 13:35 146.432 nwprovau.dll
14.09.2006 09:39 615.936 urlmon.dll
14.09.2006 09:39 664.576 wininet.dll
14.09.2006 09:39 474.624 shlwapi.dll
14.09.2006 09:39 146.432 msrating.dll
14.09.2006 09:39 39.424 pngfilt.dll
14.09.2006 09:39 3.075.584 mshtml.dll
14.09.2006 09:39 532.480 mstime.dll
14.09.2006 09:39 448.512 mshtmled.dll
14.09.2006 09:39 251.392 iepeers.dll
14.09.2006 09:39 357.888 dxtmsft.dll
14.09.2006 09:39 55.808 extmgr.dll
14.09.2006 09:39 96.768 inseng.dll
14.09.2006 09:39 205.312 dxtrans.dll
14.09.2006 09:39 16.384 jsproxy.dll
14.09.2006 09:39 1.056.256 danim.dll
14.09.2006 09:39 152.064 cdfview.dll
14.09.2006 09:39 1.022.976 browseui.dll
13.09.2006 07:02 1.084.416 msxml3.dll
04.09.2006 08:12 1.494.016 shdocvw.dll

MfG BaseJ

#10 BaseJ

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Files to delete:
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll

Folders to delete:
C:\Programme\Altnet
C:\Programme\Need2Find
C:\Programme\TBONBin
C:\Programme\Common Files\SearchUpgrader

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing)

O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe

O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKCU\..\Run: [tbon] C:\Programme\TBONBin\tbon.exe /r

O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll

PC neustarten

««
scanne mit counterspy, stelle nach dem scan alles auf remove und poste hier den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Puh, ganz schön viel, aber hier ist das Ergebnis:
Spyware Scan Details
Start Date: 26.11.2006 23:35:46
End Date: 26.11.2006 23:54:37
Total Time: 18 mins 51 secs

Detected spyware

Altnet Browser Plug-in more information...
Details: Topsearch is a .dll file that acts as a search engine and runs inside Internet Explorer as a Browser helper Object (BHO). It can supply advertising content to KaZaA users.
Status: Deleted

Infected files detected
c:\programme\altnet\my altnet shares\bullguard protection\plugins.cab.cab
D:\Program Files\Altnet\Points Manager\Points Manager.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\adm.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\adm.EXE AppID {99A8E2B2-3405-4C0D-9110-131C14CAAF62}


EUniverse Updater Browser Hijacker more information...
Details: EUniverse is an adware program that runs at startup, generates popup ads, and performs a number of spyware related functions such as transmitting personal information and hijacking Internet Explorer.
Status: Deleted

Infected files detected
c:\programme\common files\searchupgrader\client.cfg
c:\programme\common files\searchupgrader\system.cfg


KeenValue PerfectNav Browser Hijacker more information...
Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page.
Status: Deleted

Infected files detected
c:\programme\perfectnav\bho\perfectnav150c.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/
HKEY_LOCAL_MACHINE\software\perfectnav
HKEY_LOCAL_MACHINE\software\perfectnav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/
HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords=
HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords=
HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords=
HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@
HKEY_LOCAL_MACHINE\software\perfectnav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003
HKEY_LOCAL_MACHINE\software\perfectnav UID
HKEY_LOCAL_MACHINE\software\searchupgrader
HKEY_LOCAL_MACHINE\software\searchupgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} installDate
HKEY_LOCAL_MACHINE\software\searchupgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} VersionNumber 1.0.0.1
HKEY_LOCAL_MACHINE\software\searchupgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} TrackGuid 5805619B-F424-4EC6-AC25-21B1C6469003
HKEY_LOCAL_MACHINE\software\searchupgrader Install_Dir C:\Programme\Common files\SearchUpgrader
HKEY_LOCAL_MACHINE\software\searchupgrader EXEName SearchUpgrader.exe
HKEY_LOCAL_MACHINE\software\searchupgrader VersionNumber 1.5.6
HKEY_LOCAL_MACHINE\software\searchupgrader\{7ee60cf1-2dff-41b5-91c9-9c1c518053fc}
HKEY_LOCAL_MACHINE\software\searchupgrader\{7ee60cf1-2dff-41b5-91c9-9c1c518053fc} installDate
HKEY_LOCAL_MACHINE\software\searchupgrader\{7ee60cf1-2dff-41b5-91c9-9c1c518053fc} VersionNumber 1.0.0.1
HKEY_LOCAL_MACHINE\software\searchupgrader\{7ee60cf1-2dff-41b5-91c9-9c1c518053fc} TrackGuid 5805619B-F424-4EC6-AC25-21B1C6469003
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords=
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords=
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords=
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords=
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords=
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords=
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@
HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003


Altnet P2P Networking Adware more information...
Details: P2P Networking is a component that enables other applications to use adware based Peer-to-Peer functionality.
Status: Deleted

Infected files detected
c:\windows\system32\p2p networking\cache\database\index256.dbb
c:\windows\system32\p2p networking v126.cpl
C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP355\A0040270.DLL
C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP355\A0040271.exe
C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP357\A0040342.exe
C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP357\A0040343.DLL

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run P2P Networking C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2 %SystemRoot%\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Kazaa 1
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Bullguard Updater 1
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Altnet TopSearch 1
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 41040
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 18
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 15
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 4
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 5
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1163936883
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History . . .... ... . ......... .... . .........
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 137.248.142.161:3531
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 41040
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 18
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 15
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 4
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 5
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10001 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 41040
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 18
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 15
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 4
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 5
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1163936883
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History . . .... ... . ......... .... . .........
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 137.248.142.161:3531
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1164472242
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID -1882945228
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1164472193
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent DLStats
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1163936883
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History . . .... ... . ......... .... . .........
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1164472242
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20


KaZaA P2P more information...
Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa\Advanced
HKEY_CURRENT_USER\Software\Kazaa\Advanced ScWeeklyDate 18-7-2006
HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
HKEY_CURRENT_USER\software\kazaa
HKEY_CURRENT_USER\software\kazaa\Advanced ScWeeklyDate 18-7-2006
HKEY_CURRENT_USER\software\kazaa\Advanced Status Installed
HKEY_CURRENT_USER\software\kazaa\DontShow CancelDownload 1
HKEY_CURRENT_USER\software\kazaa\DontShow CloseToSystray 1
HKEY_CURRENT_USER\software\kazaa\DontShow CancelUpload 1
HKEY_CURRENT_USER\software\kazaa\DontShow StopSharing 1
HKEY_CURRENT_USER\software\kazaa\DontShow DeletePlaylistItems 0
HKEY_CURRENT_USER\software\kazaa\DontShow DeletePlaylist 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 0 151
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 1 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 2 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 3 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 4 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 5 70
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 6 72
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 7 82
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 8 81
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 9 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 10 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 11 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 12 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 13 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 14 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\ColumnSortStates1 Audio 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\ColumnSortStates2 Audio 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\ColumnWidths Audio 70,70,70,70,70,70,70,70,70,70,70,
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\CombinedSortedColumns Audio
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 0 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 1 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 2 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 3 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 4 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 5 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 6 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 7 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 8 182
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 0 151
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 1 108
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 2 80
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 3 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 4 50
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 5 70
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 6 72
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 7 82
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 8 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 9 64
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 10 60
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 11 76
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 12 180
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\MyKazaaStates Meine Medien 1
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\MyKazaaStates Meine Kapsules 0
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\MyKazaaStates Meine Wiedergabelisten 1
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Settings WindowPos 0,3,-32000,-32000,-1,-1,132,174,1092,728
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 0 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 1 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 2 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 3 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 4 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 5 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 6 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 7 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 8 91
HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 9 91
HKEY_CURRENT_USER\software\kazaa\LocalContent DisableListFiles 1
HKEY_CURRENT_USER\software\kazaa\LocalContent Dir0 012345:C:\Program Files\Altnet\My Altnet Shares
HKEY_CURRENT_USER\software\kazaa\LocalContent LastAltnetFolder C:\Program Files\Altnet\My Altnet Shares
HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband BBDbLoc C:\Programme\Kazaa\Db\bb.db
HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband NullImageLoc C:\Programme\Kazaa\broadband.gif
HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband NullImageLoc2 C:\Programme\Kazaa\broadband2.gif
HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband BroadNagCount2 68
HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband LastBBShown 1142178915
HKEY_CURRENT_USER\software\kazaa\Search 0 j{«i
HKEY_CURRENT_USER\software\kazaa\Search 1 duº]eÌãnW
ŠØ¸uM’
HKEY_CURRENT_USER\software\kazaa\Search 2 duº
HKEY_CURRENT_USER\software\kazaa\Search 3 duº]!Ì´"LH•ÁîoN�†t=
HKEY_CURRENT_USER\software\kazaa\Search 4 nGi¶`ÌçtRWœ
HKEY_CURRENT_USER\software\kazaa\Search 5 nGi¶`ÌçpMH�È
HKEY_CURRENT_USER\software\kazaa\Search 6 duº]eÌãnW
ŠØ¼jR�Š
HKEY_CURRENT_USER\software\kazaa\Search 7 jl¦]FÌök_Fœ
HKEY_CURRENT_USER\software\kazaa\Search 8 jl¦]FÌök_Fœ�¬sU˜
HKEY_CURRENT_USER\software\kazaa\Search 9 jl¦]FÌök_Fœ�¡r^׃m.£
HKEY_CURRENT_USER\software\kazaa\Search 10 ep°]c‚ñ]nTWœ
HKEY_CURRENT_USER\software\kazaa\Search 11 jfÿižæ
HKEY_CURRENT_USER\software\kazaa\Search 12 jf
HKEY_CURRENT_USER\software\kazaa\Search 13 S{ÿcƒÿ
HKEY_CURRENT_USER\software\kazaa\Search 14 tq­ jžñl_DÙÞºuW›Šp
HKEY_CURRENT_USER\software\kazaa\Search 15 tq­ jžñl_D
HKEY_CURRENT_USER\software\kazaa\Search 16 aj«ÌömO
HKEY_CURRENT_USER\software\kazaa\Search 17 u|½,›ýnR@”Þ
HKEY_CURRENT_USER\software\kazaa\Search 18 ir³,ŠûvZE–
HKEY_CURRENT_USER\software\kazaa\Search 19 t´~�´kKR
HKEY_CURRENT_USER\software\kazaa\Search 20 ir³,ŠûvZE–�£}U’Žv=´
HKEY_CURRENT_USER\software\kazaa\Search 21 jpºx‰æ
HKEY_CURRENT_USER\software\kazaa\Search 22 tq­ jžñl_DÙÞºuW›Špxë f
HKEY_CURRENT_USER\software\kazaa\Search 23 bv«]h™´ pßFŠÙîw^ž�g
HKEY_CURRENT_USER\software\kazaa\Search 24 c>«è‹ç "PD�ë HKEY_CURRENT_USER\software\kazaa\Search 25 mx¹]n™÷n^X
HKEY_CURRENT_USER\software\kazaa\Search 26 bv«
HKEY_CURRENT_USER\software\kazaa\Search 27 pp±]f‰àvR–À£yIטæ*
HKEY_CURRENT_USER\software\kazaa\Search 28 wv³m‚ú
HKEY_CURRENT_USER\software\kazaa\Search 29 jf¶cÌäpP
HKEY_CURRENT_USER\software\kazaa\Search 30 S{ÿc�ç "RRÙÌ¢kZŽœ";®HnlS5s
HKEY_CURRENT_USER\software\kazaa\Search 31 jf¶cÌäpP
�Å« HKEY_CURRENT_USER\software\kazaa\Search 32 jf¶cÌäpP
šÂ¯oO׆qx§EjC(
HKEY_CURRENT_USER\software\kazaa\Search 33 jf¶cÌäpP
šÂ¯oO׆qx§EjC(4ü([j.hªP
HKEY_CURRENT_USER\software\kazaa\Search 34 S{ÿc�ç "RRÙÌ¢kZŽœ
HKEY_CURRENT_USER\software\kazaa\Search 35 d¬ ,�ø cBR
HKEY_CURRENT_USER\software\kazaa\Search 36 d¬ ,�ø cBRÙΦ}U�†l?
HKEY_CURRENT_USER\software\kazaa\Search 37 jf¶cÌäpP
šÂ¯oO׎n/§P+Y3uñ'Sj.
HKEY_CURRENT_USER\software\kazaa\Search 38 jp»,ˆým
HKEY_CURRENT_USER\software\kazaa\Search 39 jp»,ˆýmX–ØîZ™Èpxµ] jV{yæ`Vk?d
HKEY_CURRENT_USER\software\kazaa\Search 40 jp»,ˆýmX–ØîZ™Èvxµ] jV{yæ`Vk?d
HKEY_CURRENT_USER\software\kazaa\Search 41 ~kÿm‚³ "HUœÌ¢ HKEY_CURRENT_USER\software\kazaa\Search 42 dpø ,ŸàcW
”ÔîpT�Š
HKEY_CURRENT_USER\software\kazaa\Search 43 jp»,ˆým ÙÔ¡i”Žl² _:x¿-C$%n²R
HKEY_CURRENT_USER\software\kazaa\Search 44 jp»,ˆým ÙÔ¡i”Žl² _:x
HKEY_CURRENT_USER\software\kazaa\Search 45 c{ÿ™~–à"
ŽÄ« HKEY_CURRENT_USER\software\kazaa\Search 46 e|¶]n€ûiHCœß©
HKEY_CURRENT_USER\software\kazaa\Search 47 n
>¦yÌ÷wWEÙß«}_ׂ{x«@no
HKEY_CURRENT_USER\software\kazaa\Search 48 n
>¦yÌ÷wWEÙß«}_
HKEY_CURRENT_USER\software\kazaa\Search 49 u»]a•´kUE
HKEY_CURRENT_USER\software\kazaa\Settings AutoUpdateSkype 0
HKEY_CURRENT_USER\software\kazaa\Settings +
HKEY_CURRENT_USER\software\kazaa\Settings Date
HKEY_CURRENT_USER\software\kazaa\Settings UseCount 0
HKEY_CURRENT_USER\software\kazaa\Transfer +
HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 1
HKEY_CURRENT_USER\software\kazaa\Transfer CacheHost 0
HKEY_CURRENT_USER\software\kazaa\Transfer CachePort 0
HKEY_CURRENT_USER\software\kazaa\Transfer CacheDiscoveryTime 1153253053
HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0 C:\Programme\Kazaa\My Shared Folder
HKEY_CURRENT_USER\software\kazaa\UserDetails +
HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode DE
HKEY_CURRENT_USER\software\kazaa\UserDetails UserName Bommel
HKEY_CURRENT_USER\software\kazaa Tmp 0
HKEY_CURRENT_USER\software\kazaa LastSearchHash
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\LocalServer32 C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\ProgID JCDE_Stack.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\VersionIndependentProgID JCDE_Stack
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} P2P Stack for Joltid Content Distribution Environment
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa
HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop
HKEY_LOCAL_MACHINE\software\classes\jcde_stack
HKEY_LOCAL_MACHINE\software\classes\jcde_stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
HKEY_LOCAL_MACHINE\software\classes\jcde_stack\CurVer JCDE_Stack.1
HKEY_LOCAL_MACHINE\software\classes\jcde_stack P2P Stack for Joltid Content Distribution Environment
HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_LOCAL_MACHINE\software\sharman networks ltd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0
HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}
HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\LocalServer32 C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\ProgID JCDE_Stack.1
HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\VersionIndependentProgID JCDE_Stack
HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} P2P Stack for Joltid Content Distribution Environment
HKEY_LOCAL_MACHINE\software\p2p networking
HKEY_LOCAL_MACHINE\software\p2p networking\Clients
HKEY_LOCAL_MACHINE\software\p2p networking\Clients Kazaa 1
HKEY_LOCAL_MACHINE\software\p2p networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1
HKEY_LOCAL_MACHINE\software\p2p networking\Clients Bullguard Updater 1
HKEY_LOCAL_MACHINE\software\p2p networking\Clients Altnet TopSearch 1
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl
HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\software\p2p networking
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10001 Image
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 41040
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 18
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 15
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 4
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 5
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory -1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1163936883
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History . . .... ... . ......... .... . .........
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 137.248.142.161:3531
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1164472242
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID -1882945228
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1164472193
HKEY_CURRENT_USER\software\p2p networking\JcdeAgent DLStats
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run P2P Networking


Adw.Need2Find.Toolbar Toolbar more information...
Details: Adw.Need2Find.Toolbar is an IE plugin with its own Search Field.
Status: Deleted

Infected files detected
c:\programme\need2find\bar\1.bin\n2ffxtbr.jar
c:\programme\need2find\bar\1.bin\n2ntstbr.jar
c:\programme\need2find\bar\1.bin\n2plugin.dll
c:\programme\need2find\bar\1.bin\nd2fnbar.dll
c:\programme\need2find\bar\1.bin\npnd2fn.dll
c:\programme\need2find\bar\1.bin\partner.dat
c:\programme\need2find\bar\cache\files.ini
c:\programme\need2find\bar\cache\0a6d7516
c:\programme\need2find\bar\cache\009ef1fe
c:\programme\need2find\bar\settings\prevcfg.htm
c:\programme\need2find\bar\history\search

Infected registry entries detected
HKEY_CURRENT_USER\Software\Need2Find
HKEY_CURRENT_USER\Software\Need2Find\bar MenuExtLabel &Search
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} Need2Find Bar
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\ProgID Need2FindBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\VersionIndependentProgID Need2FindBar.SettingsPlugin
HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} Need2Find Bar Settings
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ProgID Need2FindBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\VersionIndependentProgID Need2FindBar.ToolbarPlugin
HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} Need2Find Toolbar Plugin
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} INeed2FindBarSettings
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} _INeed2FindBarSettingsEvents
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.60923)
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin\CLSID {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin\CurVer Need2FindBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin Need2Find Bar Settings Plugin
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1\CLSID {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1 Need2Find Bar Settings Plugin
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin\CLSID {630D6140-04C5-4db0-B27A-020D766FF09B}
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin\CurVer Need2FindBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin Need2Find Toolbar Plugin
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1\CLSID {630D6140-04C5-4db0-B27A-020D766FF09B}
HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1 Need2Find Toolbar Plugin
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\0\win32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\HELPDIR C:\Programme\Need2Find\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0 Toolbar 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall DisplayName Need2Find Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall HelpLink http://help.need2find.com/searchbar.html
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall Publisher Need2Find Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall UninstallString rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall UrlInfoAbout http://www.need2find.com/jsp/softwareterms.jsp
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar PluginPath C:\Programme\Need2Find\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id 8E1819AF-6479-4E6B-AD99-11CC91C35A2C
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 144.4612
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigRevision 71
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigRevisionURL http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2006012711
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 141
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar NextConfigRequest 4EmE98URxwE-
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar LastConfigRequest 4BE30qwRxwE-


Claria.GAIN Adware more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Infected files detected
c:\windows\gatorpatch.log


MapQuest Toolbar Browser Plug-in more information...
Details: Although the MapQuest Toolbar is not adware per say, some versions install other adware byproducts such as EUniverse, a known spyware program.
Status: Deleted

Infected files detected
c:\windows\downloaded program files\webp2pinstaller.dll


Twain Tech Adware more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Deleted

Infected files detected
c:\windows\smdat32m.sys


Web P2P Installer Trojan Downloader more information...
Details: ActiveX drive by downloader.
Status: Deleted

Infected files detected
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll


InstaFinder Browser Hijacker more information...
Details: InstaFinder is an Internet Explorer Browser Helper search hijacker.
Status: Deleted

Infected files detected
C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP355\A0040267.dll
C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP357\A0040341.dll


ABetterInternet.Aurora Cookie Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\le\cookies\le@btg.btgrab[1].txt
c:\dokumente und einstellungen\le\cookies\le@cliks[2].txt


Mediaplex.com Cookie more information...
Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\le\cookies\le@mediaplex[1].txt


CGI-Bin Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\le\cookies\le@cgi-bin[2].txt


Cok.ad.yieldmanager Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\le\cookies\le@ad.yieldmanager[2].txt


Offeroptimizer Cookie more information...
Details: Offeroptimizer is a cookie that tracks the unique visitors to a web site and their personal preferences.
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\le\cookies\le@offeroptimizer[1].txt


Radar Spy 1.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\le\cookies\le@tradedoubler[1].txt


Gruss BaseJ

#12 da kann ich mich nur fragen, wozu ich ein Avengerscript erstelle, wenn du es dann nicht anwendest
berichte, ob die Virenmeldung noch kommt.
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Den hab ich angewandt, aber beim Neustarten kam irgendeine Fehlermedung, sorry.
Aber ich glaub es hat funktioniert, dieser best offers scheint jedenfalls nicht mehr auf dem Rechner zu sein! Jedenfalls ist er nicht mehr unter der Softwareliste zu finden.
Gruss BaseJ