Best offers lässt sich nicht löschenThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
26.11.2006, 14:20
Member
Beiträge: 11 |
||
|
||
26.11.2006, 14:37
Ehrenmitglied
Beiträge: 29434 |
#2
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2006, 14:58
Member
Themenstarter Beiträge: 11 |
#3
Hier das gewünschte Log:
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-21 16:29 33280 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5" "tbon"="C:\\Programme\\TBONBin\\tbon.exe /r" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "LaunchApp"="Alaunch" "SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\j2re1.4.2_01\\bin\\jusched.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "P2P Networking"="C:\\WINDOWS\\System32\\P2P Networking\\P2P Networking.exe /AUTOSTART" "SearchUpgrader"="C:\\Programme\\Common files\\SearchUpgrader\\SearchUpgrader.exe" "Lexmark X74-X75"="\"C:\\Programme\\Lexmark X74-X75\\lxbbbmgr.exe\"" "DiskIcon"="C:\\Programme\\USB MEMORY BAR\\diskicon.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "SemanticInsight"="C:\\Programme\\RXToolBar\\Semantic Insight\\SemanticInsight.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" @="" "Sony Ericsson PC Suite"="\"C:\\Programme\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions" "NapsterShell"="C:\\Programme\\Napster\\napster.exe /systray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,44,02,00,00,00,00,00,00,bc,02,00,00,02,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,44,02,00,00,00,00,00,00,bc,02,00,00,02,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-11-26 14:53:53.85 C:\ComboFix.txt ... 06-11-26 14:53 Gruss BaseJ |
|
|
||
26.11.2006, 16:07
Ehrenmitglied
Beiträge: 29434 |
#4
1.
cleanup anwenden http://virus-protect.org/cleanup.html 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2006, 16:49
Member
Themenstarter Beiträge: 11 |
#5
Hier der Text, der dann erscheint!
Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\WINDOWS\Downloaded Program Files 06.07.2004 14:50 <DIR> . 06.07.2004 14:50 <DIR> .. 18.12.2004 20:48 88.576 WebP2PInstaller.dll 27.08.2005 13:30 5.065 swflash.inf 2 Datei(en) 93.641 Bytes 2 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Programme\Common Files 06.07.2004 15:06 <DIR> . 06.07.2004 15:06 <DIR> .. 06.07.2004 15:06 <DIR> System 18.12.2004 20:50 <DIR> SearchUpgrader 0 Datei(en) 0 Bytes 4 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Program Files 18.12.2004 20:48 <DIR> . 18.12.2004 20:48 <DIR> .. 11.07.2006 20:45 <DIR> ICQLite 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Dokumente und Einstellungen\Le\Lokale Einstellungen\Temporary Internet Files\Content.IE5 07.11.2004 21:29 <DIR> . 07.11.2004 21:29 <DIR> .. 26.11.2006 16:42 81.920 index.dat 1 Datei(en) 81.920 Bytes 2 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Dokumente und Einstellungen\Le\Lokale Einstellungen\Temp 07.11.2004 21:29 <DIR> . 07.11.2004 21:29 <DIR> .. 26.11.2006 16:31 222 jusched.log 1 Datei(en) 222 Bytes 2 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\WINDOWS\Temp 06.07.2004 14:42 <DIR> . 06.07.2004 14:42 <DIR> .. 26.11.2006 16:32 0 T30DebugLogFile.txt 1 Datei(en) 0 Bytes 2 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Temp 30.10.2005 12:00 <DIR> . 30.10.2005 12:00 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Programme 06.07.2004 14:45 <DIR> . 06.07.2004 14:45 <DIR> .. 06.07.2004 14:45 <DIR> Gemeinsame Dateien 06.07.2004 14:48 <DIR> Windows NT 06.07.2004 14:48 <DIR> MSN 06.07.2004 14:49 <DIR> MSN Gaming Zone 06.07.2004 14:49 <DIR> Messenger 06.07.2004 14:49 <DIR> Windows Media Player 06.07.2004 14:49 <DIR> Online Services 06.07.2004 14:49 <DIR> ComPlus Applications 06.07.2004 14:50 <DIR> Internet Explorer 06.07.2004 14:50 <DIR> Outlook Express 06.07.2004 14:50 <DIR> NetMeeting 06.07.2004 14:50 <DIR> Movie Maker 06.07.2004 14:50 <DIR> Online-Dienste 06.07.2004 14:52 <DIR> microsoft frontpage 06.07.2004 14:52 <DIR> xerox 06.07.2004 14:55 <DIR> Intel 06.07.2004 14:59 <DIR> CONEXANT 06.07.2004 15:00 <DIR> Synaptics 06.07.2004 15:02 <DIR> Acer Inc 06.07.2004 15:04 <DIR> Adobe 06.07.2004 15:06 <DIR> Common Files 06.07.2004 15:15 <DIR> CyberLink 06.07.2004 15:17 <DIR> NewTech Infosystems 06.07.2004 15:20 <DIR> Ligos 07.11.2004 21:30 <DIR> ATI Technologies 07.11.2004 21:35 <DIR> Microsoft Works 07.11.2004 22:41 <DIR> Microsoft Office 07.11.2004 16:45 <DIR> Microsoft Visual Studio 07.11.2004 17:02 <DIR> WinRAR 07.11.2004 17:03 <DIR> Java 07.11.2004 17:05 <DIR> Real 07.11.2004 17:27 <DIR> Snapshot Viewer 18.12.2004 20:50 <DIR> PerfectNav 12.03.2005 15:37 <DIR> Lexmark X74-X75 12.03.2005 15:40 <DIR> FaxTools 12.03.2005 15:41 <DIR> ABBYY FineReader 5.0 Sprint 17.03.2005 21:10 <DIR> Hasbro Interactive 22.03.2005 19:33 <DIR> Microsoft Works Suite 2005 22.03.2005 19:42 <DIR> Picture It! Premium 10 07.04.2005 16:43 <DIR> SSH Communications Security 16.04.2005 19:51 <DIR> Spybot - Search & Destroy 18.05.2005 09:20 <DIR> USB MEMORY BAR 24.10.2005 19:58 <DIR> ICQLite 08.01.2006 22:17 <DIR> ICQToolbar 27.01.2006 17:00 <DIR> Altnet 27.01.2006 17:04 <DIR> Need2Find 01.02.2006 19:49 <DIR> AntiVir PersonalEdition Classic 22.02.2006 22:33 <DIR> Qnext 12.03.2006 18:29 <DIR> Acer 05.04.2006 23:00 <DIR> Sony 05.04.2006 23:02 <DIR> Sony Corporation 27.07.2006 09:57 <DIR> Audiograbber 1.83 28.07.2006 00:14 <DIR> TBONBin 03.09.2006 17:26 <DIR> Sony Ericsson 15.11.2006 18:30 <DIR> Napster 18.11.2006 19:11 <DIR> MSXML 4.0 26.11.2006 16:29 <DIR> CleanUp! 0 Datei(en) 0 Bytes 59 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Dokumente und Einstellungen\Le\Lokale Einstellungen\Anwendungsdaten 07.11.2004 21:29 <DIR> . 07.11.2004 21:29 <DIR> .. 06.07.2004 14:54 <DIR> Microsoft 07.11.2004 21:40 <DIR> Adobe 07.11.2004 17:02 <DIR> {7148F0A6-6813-11D6-A77B-00B0D0142010} 22.03.2005 19:52 93.104 GDIPFONTCACHEV1.DAT 22.01.2005 20:20 <DIR> Help 24.11.2006 17:06 24.064 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 03.09.2006 17:34 <DIR> Sony Ericsson 2 Datei(en) 117.168 Bytes 7 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Dokumente und Einstellungen\Le\Anwendungsdaten 07.11.2004 21:29 <DIR> . 07.11.2004 21:29 <DIR> .. 06.07.2004 14:56 <DIR> Identities 07.11.2004 21:40 <DIR> Adobe 07.11.2004 21:40 <DIR> AdobeUM 07.11.2004 22:13 <DIR> Symantec 07.11.2004 22:41 <DIR> Microsoft Web Folders 07.11.2004 17:04 <DIR> Sun 07.11.2004 17:05 <DIR> Real 15.12.2004 17:41 <DIR> Macromedia 23.12.2004 00:03 <DIR> CyberLink 21.01.2005 23:45 0 dm.ini 21.01.2005 23:45 871 AdobeDLM.log 22.01.2005 20:20 <DIR> Help 24.10.2005 19:58 <DIR> ICQLite 24.02.2006 23:18 <DIR> Media Player Classic 05.04.2006 22:59 <DIR> Sony Corporation 13.06.2006 18:27 <DIR> Skype 03.09.2006 17:27 <DIR> Teleca 16.11.2006 19:29 <DIR> Roxio 2 Datei(en) 871 Bytes 18 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 06.07.2004 14:44 <DIR> . 06.07.2004 14:44 <DIR> .. 06.07.2004 15:15 <DIR> CyberLink 07.11.2004 22:12 <DIR> Symantec 07.11.2004 17:27 <DIR> SBT 12.03.2005 15:40 <DIR> BVRP Software 16.04.2005 19:51 <DIR> Spybot - Search & Destroy 01.02.2006 16:17 <DIR> AntiVir PersonalEdition Classic 08.02.2006 21:00 305 addr_file.html 05.04.2006 23:00 <DIR> Sony Corporation 13.06.2006 18:27 <DIR> Skype 26.07.2006 10:19 <DIR> Adobe 03.09.2006 17:26 <DIR> Teleca 03.09.2006 17:26 <DIR> Sony Ericsson 15.11.2006 18:30 <DIR> Napster 1 Datei(en) 305 Bytes 14 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Programme\Gemeinsame Dateien 06.07.2004 14:45 <DIR> . 06.07.2004 14:45 <DIR> .. 06.07.2004 14:45 <DIR> Microsoft Shared 06.07.2004 14:45 <DIR> SpeechEngines 06.07.2004 14:45 <DIR> ODBC 06.07.2004 14:50 <DIR> System 06.07.2004 14:50 <DIR> MSSoap 06.07.2004 14:50 <DIR> Dienste 06.07.2004 14:54 <DIR> InstallShield 07.11.2004 21:40 <DIR> Adobe 07.11.2004 16:45 <DIR> Designer 07.11.2004 17:03 <DIR> Java 07.11.2004 17:05 <DIR> Real 07.11.2004 17:05 <DIR> xing shared 20.12.2004 17:25 <DIR> etosctcb 05.04.2006 22:59 <DIR> Sony Shared 03.09.2006 17:26 <DIR> Teleca Shared 15.11.2006 18:31 <DIR> Napster Shared 0 Datei(en) 0 Bytes 18 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\Windows\tasks 06.07.2004 14:50 <DIR> . 06.07.2004 14:50 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 8.738.455.552 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 |
|
|
||
26.11.2006, 17:46
Ehrenmitglied
Beiträge: 29434 |
#6
««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html ist fuer mich......... Zitat C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2006, 18:34
Member
Themenstarter Beiträge: 11 |
#7
@Sabina:
Sorry, anscheinend bin ich zu dumm, aber was verstehst du genau unter abkopieren? |
|
|
||
26.11.2006, 21:07
Ehrenmitglied
Beiträge: 29434 |
#8
http://virus-protect.org/datfindbat.html
datFind.zip --> entzippe datFind.zip --> datFind.bat http://virus-protect.org/zip/datFind.zip Kurzanleitung datfindbat 1. Doppel-klick DATFINDBAT 2. Es öffnet sich der Texteditor. Speichern als system32.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig) 3. auf das Command Fenster klicken und beliebige Taste drücken 4. Es öffnet sich der Texteditor. Speichern als systemtemp.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig) 5. Wiederhole Schritt 3 und speichere als windows.txt - oder (rechter Mausklick --> Text markieren --> kopieren --> in den Thread einfügen) - (3 Monate vom Datum her, mehr ist nicht notwendig) 6. Wiederhole Schritt 3 und speichere als temp.txt 7. Wiederhole Schritt 3 und speichere als down.txt 8. Wiederhole Schritt 3 und speichere als c.txt 9. Poste ALLE Logs (3 Monate vom Datum her, mehr ist nicht notwendig) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.11.2006, 21:25
Member
Themenstarter Beiträge: 11 |
#9
So, ich hoffe ich hab alles richtig gemacht!
Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\DOKUME~1\LE~1\LOKALE~1\Temp 26.11.2006 21:14 16.384 ~DF7467.tmp 26.11.2006 21:14 512 ~DF7390.tmp 26.11.2006 21:14 3.375.104 ~DF734E.tmp 26.11.2006 19:28 49.152 ~DFBA01.tmp 26.11.2006 18:31 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}10982.html 26.11.2006 18:15 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}30491.html 26.11.2006 16:54 16.384 ~DF2CF8.tmp 26.11.2006 16:54 16.384 ~DFE68A.tmp 26.11.2006 16:54 512 ~DFE913.tmp 26.11.2006 16:54 222 jusched.log 10 Datei(en) 3.476.615 Bytes 0 Verzeichnis(se), 8.534.966.272 Bytes frei Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Kleiner Nachtrag, dass sind die Dateien, die ich jeweils von system.txt kopiert und gespeichert habe! Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: 2629-16F0 Verzeichnis von C:\WINDOWS\system32 16.11.2006 06:20 10.474.920 MRT.exe 14.11.2006 08:15 1.158 wpa.dbl 04.11.2006 14:14 1.245.696 msxml4.dll 30.10.2006 11:10 368.896 FNTCACHE.DAT 16.10.2006 11:40 123.392 xpsp3res.dll 13.10.2006 13:35 146.432 nwprovau.dll 14.09.2006 09:39 615.936 urlmon.dll 14.09.2006 09:39 664.576 wininet.dll 14.09.2006 09:39 474.624 shlwapi.dll 14.09.2006 09:39 146.432 msrating.dll 14.09.2006 09:39 39.424 pngfilt.dll 14.09.2006 09:39 3.075.584 mshtml.dll 14.09.2006 09:39 532.480 mstime.dll 14.09.2006 09:39 448.512 mshtmled.dll 14.09.2006 09:39 251.392 iepeers.dll 14.09.2006 09:39 357.888 dxtmsft.dll 14.09.2006 09:39 55.808 extmgr.dll 14.09.2006 09:39 96.768 inseng.dll 14.09.2006 09:39 205.312 dxtrans.dll 14.09.2006 09:39 16.384 jsproxy.dll 14.09.2006 09:39 1.056.256 danim.dll 14.09.2006 09:39 152.064 cdfview.dll 14.09.2006 09:39 1.022.976 browseui.dll 13.09.2006 07:02 1.084.416 msxml3.dll 04.09.2006 08:12 1.494.016 shdocvw.dll MfG BaseJ Dieser Beitrag wurde am 26.11.2006 um 21:41 Uhr von BaseJ editiert.
|
|
|
||
26.11.2006, 22:27
Ehrenmitglied
Beiträge: 29434 |
#10
BaseJ
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Files to delete:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)PC neustarten «« scanne mit counterspy, stelle nach dem scan alles auf remove und poste hier den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.11.2006, 00:02
Member
Themenstarter Beiträge: 11 |
#11
Puh, ganz schön viel, aber hier ist das Ergebnis:
Spyware Scan Details Start Date: 26.11.2006 23:35:46 End Date: 26.11.2006 23:54:37 Total Time: 18 mins 51 secs Detected spyware Altnet Browser Plug-in more information... Details: Topsearch is a .dll file that acts as a search engine and runs inside Internet Explorer as a Browser helper Object (BHO). It can supply advertising content to KaZaA users. Status: Deleted Infected files detected c:\programme\altnet\my altnet shares\bullguard protection\plugins.cab.cab D:\Program Files\Altnet\Points Manager\Points Manager.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\adm.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\adm.EXE AppID {99A8E2B2-3405-4C0D-9110-131C14CAAF62} EUniverse Updater Browser Hijacker more information... Details: EUniverse is an adware program that runs at startup, generates popup ads, and performs a number of spyware related functions such as transmitting personal information and hijacking Internet Explorer. Status: Deleted Infected files detected c:\programme\common files\searchupgrader\client.cfg c:\programme\common files\searchupgrader\system.cfg KeenValue PerfectNav Browser Hijacker more information... Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page. Status: Deleted Infected files detected c:\programme\perfectnav\bho\perfectnav150c.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/ HKEY_LOCAL_MACHINE\software\perfectnav HKEY_LOCAL_MACHINE\software\perfectnav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/ HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords= HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords= HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords= HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@ HKEY_LOCAL_MACHINE\software\perfectnav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003 HKEY_LOCAL_MACHINE\software\perfectnav UID HKEY_LOCAL_MACHINE\software\searchupgrader HKEY_LOCAL_MACHINE\software\searchupgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} installDate HKEY_LOCAL_MACHINE\software\searchupgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} VersionNumber 1.0.0.1 HKEY_LOCAL_MACHINE\software\searchupgrader\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} TrackGuid 5805619B-F424-4EC6-AC25-21B1C6469003 HKEY_LOCAL_MACHINE\software\searchupgrader Install_Dir C:\Programme\Common files\SearchUpgrader HKEY_LOCAL_MACHINE\software\searchupgrader EXEName SearchUpgrader.exe HKEY_LOCAL_MACHINE\software\searchupgrader VersionNumber 1.5.6 HKEY_LOCAL_MACHINE\software\searchupgrader\{7ee60cf1-2dff-41b5-91c9-9c1c518053fc} HKEY_LOCAL_MACHINE\software\searchupgrader\{7ee60cf1-2dff-41b5-91c9-9c1c518053fc} installDate HKEY_LOCAL_MACHINE\software\searchupgrader\{7ee60cf1-2dff-41b5-91c9-9c1c518053fc} VersionNumber 1.0.0.1 HKEY_LOCAL_MACHINE\software\searchupgrader\{7ee60cf1-2dff-41b5-91c9-9c1c518053fc} TrackGuid 5805619B-F424-4EC6-AC25-21B1C6469003 HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@ HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/ HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@ HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003 Altnet P2P Networking Adware more information... Details: P2P Networking is a component that enables other applications to use adware based Peer-to-Peer functionality. Status: Deleted Infected files detected c:\windows\system32\p2p networking\cache\database\index256.dbb c:\windows\system32\p2p networking v126.cpl C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP355\A0040270.DLL C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP355\A0040271.exe C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP357\A0040342.exe C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP357\A0040343.DLL Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run P2P Networking C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2 %SystemRoot%\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Kazaa 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Bullguard Updater 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Altnet TopSearch 1 HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 41040 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 18 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 15 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 4 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 5 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1163936883 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History . . .... ... . ......... .... . ......... HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 137.248.142.161:3531 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 41040 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 18 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 15 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 4 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 5 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10001 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 41040 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 18 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 15 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 4 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 5 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1163936883 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History . . .... ... . ......... .... . ......... HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 137.248.142.161:3531 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1164472242 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID -1882945228 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1164472193 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent DLStats HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1163936883 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History . . .... ... . ......... .... . ......... HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1164472242 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 KaZaA P2P more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa\Advanced HKEY_CURRENT_USER\Software\Kazaa\Advanced ScWeeklyDate 18-7-2006 HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\software\kazaa HKEY_CURRENT_USER\software\kazaa\Advanced ScWeeklyDate 18-7-2006 HKEY_CURRENT_USER\software\kazaa\Advanced Status Installed HKEY_CURRENT_USER\software\kazaa\DontShow CancelDownload 1 HKEY_CURRENT_USER\software\kazaa\DontShow CloseToSystray 1 HKEY_CURRENT_USER\software\kazaa\DontShow CancelUpload 1 HKEY_CURRENT_USER\software\kazaa\DontShow StopSharing 1 HKEY_CURRENT_USER\software\kazaa\DontShow DeletePlaylistItems 0 HKEY_CURRENT_USER\software\kazaa\DontShow DeletePlaylist 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 0 151 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 1 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 2 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 3 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 4 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 5 70 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 6 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 7 82 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 8 81 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 9 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 10 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 11 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 12 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 13 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\AudioWidth 14 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\ColumnSortStates1 Audio 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\ColumnSortStates2 Audio 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\ColumnWidths Audio 70,70,70,70,70,70,70,70,70,70,70, HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\CombinedSortedColumns Audio HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 0 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 1 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 2 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 3 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 4 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 5 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 6 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 7 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Download Width 8 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 0 151 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 1 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 2 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 3 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 4 50 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 5 70 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 6 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 7 82 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 8 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 9 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 10 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 11 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\EverythingWidth 12 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\MyKazaaStates Meine Medien 1 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\MyKazaaStates Meine Kapsules 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\MyKazaaStates Meine Wiedergabelisten 1 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Settings WindowPos 0,3,-32000,-32000,-1,-1,132,174,1092,728 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 0 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 1 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 2 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 3 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 4 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 5 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 6 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 7 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 8 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Media Desktop\Upload Width 9 91 HKEY_CURRENT_USER\software\kazaa\LocalContent DisableListFiles 1 HKEY_CURRENT_USER\software\kazaa\LocalContent Dir0 012345:C:\Program Files\Altnet\My Altnet Shares HKEY_CURRENT_USER\software\kazaa\LocalContent LastAltnetFolder C:\Program Files\Altnet\My Altnet Shares HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband BBDbLoc C:\Programme\Kazaa\Db\bb.db HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband NullImageLoc C:\Programme\Kazaa\broadband.gif HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband NullImageLoc2 C:\Programme\Kazaa\broadband2.gif HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband BroadNagCount2 68 HKEY_CURRENT_USER\software\kazaa\Promotions\Broadband LastBBShown 1142178915 HKEY_CURRENT_USER\software\kazaa\Search 0 j{«i HKEY_CURRENT_USER\software\kazaa\Search 1 duº]eÌãnWŠØ¸uM’ HKEY_CURRENT_USER\software\kazaa\Search 2 duº HKEY_CURRENT_USER\software\kazaa\Search 3 duº]!Ì´"LH•ÁîoN†t= HKEY_CURRENT_USER\software\kazaa\Search 4 nGi¶`ÌçtRWœ HKEY_CURRENT_USER\software\kazaa\Search 5 nGi¶`ÌçpMHÈ HKEY_CURRENT_USER\software\kazaa\Search 6 duº]eÌãnWŠØ¼jRŠ HKEY_CURRENT_USER\software\kazaa\Search 7 jl¦]FÌök_Fœ HKEY_CURRENT_USER\software\kazaa\Search 8 jl¦]FÌök_Fœ¬sU˜ HKEY_CURRENT_USER\software\kazaa\Search 9 jl¦]FÌök_Fœ¡r^׃m.£ HKEY_CURRENT_USER\software\kazaa\Search 10 ep°]c‚ñ]nTWœ HKEY_CURRENT_USER\software\kazaa\Search 11 jfÿižæ HKEY_CURRENT_USER\software\kazaa\Search 12 jf HKEY_CURRENT_USER\software\kazaa\Search 13 S{ÿcƒÿ HKEY_CURRENT_USER\software\kazaa\Search 14 tq jžñl_DÙÞºuW›Šp HKEY_CURRENT_USER\software\kazaa\Search 15 tq jžñl_D HKEY_CURRENT_USER\software\kazaa\Search 16 aj«ÌömO HKEY_CURRENT_USER\software\kazaa\Search 17 u|½,›ýnR@”Þ HKEY_CURRENT_USER\software\kazaa\Search 18 ir³,ŠûvZE– HKEY_CURRENT_USER\software\kazaa\Search 19 t´~´kKR HKEY_CURRENT_USER\software\kazaa\Search 20 ir³,ŠûvZE–£}U’Žv=´ HKEY_CURRENT_USER\software\kazaa\Search 21 jpºx‰æ HKEY_CURRENT_USER\software\kazaa\Search 22 tq jžñl_DÙÞºuW›Špxë f HKEY_CURRENT_USER\software\kazaa\Search 23 bv«]h™´ pßFŠÙîw^žg HKEY_CURRENT_USER\software\kazaa\Search 24 c>«è‹ç "PDë HKEY_CURRENT_USER\software\kazaa\Search 25 mx¹]n™÷n^X HKEY_CURRENT_USER\software\kazaa\Search 26 bv« HKEY_CURRENT_USER\software\kazaa\Search 27 pp±]f‰àvR–À£yIטæ* HKEY_CURRENT_USER\software\kazaa\Search 28 wv³m‚ú HKEY_CURRENT_USER\software\kazaa\Search 29 jf¶cÌäpP HKEY_CURRENT_USER\software\kazaa\Search 30 S{ÿcç "RRÙÌ¢kZŽœ";®HnlS5s HKEY_CURRENT_USER\software\kazaa\Search 31 jf¶cÌäpPÅ« HKEY_CURRENT_USER\software\kazaa\Search 32 jf¶cÌäpPšÂ¯oO׆qx§EjC( HKEY_CURRENT_USER\software\kazaa\Search 33 jf¶cÌäpPšÂ¯oO׆qx§EjC(4ü([j.hªP HKEY_CURRENT_USER\software\kazaa\Search 34 S{ÿcç "RRÙÌ¢kZŽœ HKEY_CURRENT_USER\software\kazaa\Search 35 d¬ ,ø cBR HKEY_CURRENT_USER\software\kazaa\Search 36 d¬ ,ø cBRÙΦ}U†l? HKEY_CURRENT_USER\software\kazaa\Search 37 jf¶cÌäpPšÂ¯oO׎n/§P+Y3uñ'Sj. HKEY_CURRENT_USER\software\kazaa\Search 38 jp»,ˆým HKEY_CURRENT_USER\software\kazaa\Search 39 jp»,ˆýmX–ØîZ™Èpxµ] jV{yæ`Vk?d HKEY_CURRENT_USER\software\kazaa\Search 40 jp»,ˆýmX–ØîZ™Èvxµ] jV{yæ`Vk?d HKEY_CURRENT_USER\software\kazaa\Search 41 ~kÿm‚³ "HUœÌ¢ HKEY_CURRENT_USER\software\kazaa\Search 42 dpø ,ŸàcW”ÔîpTŠ HKEY_CURRENT_USER\software\kazaa\Search 43 jp»,ˆým ÙÔ¡i”Žl² _:x¿-C$%n²R HKEY_CURRENT_USER\software\kazaa\Search 44 jp»,ˆým ÙÔ¡i”Žl² _:x HKEY_CURRENT_USER\software\kazaa\Search 45 c{ÿ™~–à"ŽÄ« HKEY_CURRENT_USER\software\kazaa\Search 46 e|¶]n€ûiHCœß© HKEY_CURRENT_USER\software\kazaa\Search 47 n>¦yÌ÷wWEÙß«}_ׂ{x«@no HKEY_CURRENT_USER\software\kazaa\Search 48 n>¦yÌ÷wWEÙß«}_ HKEY_CURRENT_USER\software\kazaa\Search 49 u»]a•´kUE HKEY_CURRENT_USER\software\kazaa\Settings AutoUpdateSkype 0 HKEY_CURRENT_USER\software\kazaa\Settings + HKEY_CURRENT_USER\software\kazaa\Settings Date HKEY_CURRENT_USER\software\kazaa\Settings UseCount 0 HKEY_CURRENT_USER\software\kazaa\Transfer + HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 1 HKEY_CURRENT_USER\software\kazaa\Transfer CacheHost 0 HKEY_CURRENT_USER\software\kazaa\Transfer CachePort 0 HKEY_CURRENT_USER\software\kazaa\Transfer CacheDiscoveryTime 1153253053 HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0 C:\Programme\Kazaa\My Shared Folder HKEY_CURRENT_USER\software\kazaa\UserDetails + HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode DE HKEY_CURRENT_USER\software\kazaa\UserDetails UserName Bommel HKEY_CURRENT_USER\software\kazaa Tmp 0 HKEY_CURRENT_USER\software\kazaa LastSearchHash HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\LocalServer32 C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\ProgID JCDE_Stack.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\VersionIndependentProgID JCDE_Stack HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop HKEY_LOCAL_MACHINE\software\classes\jcde_stack HKEY_LOCAL_MACHINE\software\classes\jcde_stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2} HKEY_LOCAL_MACHINE\software\classes\jcde_stack\CurVer JCDE_Stack.1 HKEY_LOCAL_MACHINE\software\classes\jcde_stack P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_LOCAL_MACHINE\software\sharman networks ltd HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\LocalServer32 C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\ProgID JCDE_Stack.1 HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\VersionIndependentProgID JCDE_Stack HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} P2P Stack for Joltid Content Distribution Environment HKEY_LOCAL_MACHINE\software\p2p networking HKEY_LOCAL_MACHINE\software\p2p networking\Clients HKEY_LOCAL_MACHINE\software\p2p networking\Clients Kazaa 1 HKEY_LOCAL_MACHINE\software\p2p networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1 HKEY_LOCAL_MACHINE\software\p2p networking\Clients Bullguard Updater 1 HKEY_LOCAL_MACHINE\software\p2p networking\Clients Altnet TopSearch 1 HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\software\p2p networking HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10001 Image HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 41040 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 18 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 15 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 4 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 5 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory -1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory -1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1163936883 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History . . .... ... . ......... .... . ......... HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 137.248.142.161:3531 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\ HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1164472242 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID -1882945228 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1164472193 HKEY_CURRENT_USER\software\p2p networking\JcdeAgent DLStats HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run P2P Networking Adw.Need2Find.Toolbar Toolbar more information... Details: Adw.Need2Find.Toolbar is an IE plugin with its own Search Field. Status: Deleted Infected files detected c:\programme\need2find\bar\1.bin\n2ffxtbr.jar c:\programme\need2find\bar\1.bin\n2ntstbr.jar c:\programme\need2find\bar\1.bin\n2plugin.dll c:\programme\need2find\bar\1.bin\nd2fnbar.dll c:\programme\need2find\bar\1.bin\npnd2fn.dll c:\programme\need2find\bar\1.bin\partner.dat c:\programme\need2find\bar\cache\files.ini c:\programme\need2find\bar\cache\0a6d7516 c:\programme\need2find\bar\cache\009ef1fe c:\programme\need2find\bar\settings\prevcfg.htm c:\programme\need2find\bar\history\search Infected registry entries detected HKEY_CURRENT_USER\Software\Need2Find HKEY_CURRENT_USER\Software\Need2Find\bar MenuExtLabel &Search HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} Need2Find Bar HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\ProgID Need2FindBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}\VersionIndependentProgID Need2FindBar.SettingsPlugin HKEY_CLASSES_ROOT\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} Need2Find Bar Settings HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\InprocServer32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\ProgID Need2FindBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\TypeLib {4D1C4E80-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}\VersionIndependentProgID Need2FindBar.ToolbarPlugin HKEY_CLASSES_ROOT\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} Need2Find Toolbar Plugin HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB} HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB} HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416B-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} INeed2FindBarSettings HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib {4D1C4E80-A32A-416B-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} _INeed2FindBarSettingsEvents HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.60923) HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin\CLSID {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin\CurVer Need2FindBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin Need2Find Bar Settings Plugin HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1\CLSID {4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin.1 Need2Find Bar Settings Plugin HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin\CLSID {630D6140-04C5-4db0-B27A-020D766FF09B} HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin\CurVer Need2FindBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin Need2Find Toolbar Plugin HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1 HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1\CLSID {630D6140-04C5-4db0-B27A-020D766FF09B} HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1 Need2Find Toolbar Plugin HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3} HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\0\win32 C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0\HELPDIR C:\Programme\Need2Find\bar\1.bin\ HKEY_CLASSES_ROOT\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}\1.0 Toolbar 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall DisplayName Need2Find Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall HelpLink http://help.need2find.com/searchbar.html HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall Publisher Need2Find Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall UninstallString rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall UrlInfoAbout http://www.need2find.com/jsp/softwareterms.jsp HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar PluginPath C:\Programme\Need2Find\bar\1.bin\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id 8E1819AF-6479-4E6B-AD99-11CC91C35A2C HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 144.4612 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigRevision 71 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigRevisionURL http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2006012711 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 141 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://kp.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KP HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar NextConfigRequest 4EmE98URxwE- HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar LastConfigRequest 4BE30qwRxwE- Claria.GAIN Adware more information... Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time. Status: Deleted Infected files detected c:\windows\gatorpatch.log MapQuest Toolbar Browser Plug-in more information... Details: Although the MapQuest Toolbar is not adware per say, some versions install other adware byproducts such as EUniverse, a known spyware program. Status: Deleted Infected files detected c:\windows\downloaded program files\webp2pinstaller.dll Twain Tech Adware more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Deleted Infected files detected c:\windows\smdat32m.sys Web P2P Installer Trojan Downloader more information... Details: ActiveX drive by downloader. Status: Deleted Infected files detected C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll InstaFinder Browser Hijacker more information... Details: InstaFinder is an Internet Explorer Browser Helper search hijacker. Status: Deleted Infected files detected C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP355\A0040267.dll C:\System Volume Information\_restore{0ACEBCF8-A6FC-4399-94FD-2DEE45552192}\RP357\A0040341.dll ABetterInternet.Aurora Cookie Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\le\cookies\le@btg.btgrab[1].txt c:\dokumente und einstellungen\le\cookies\le@cliks[2].txt Mediaplex.com Cookie more information... Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\le\cookies\le@mediaplex[1].txt CGI-Bin Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\le\cookies\le@cgi-bin[2].txt Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\le\cookies\le@ad.yieldmanager[2].txt Offeroptimizer Cookie more information... Details: Offeroptimizer is a cookie that tracks the unique visitors to a web site and their personal preferences. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\le\cookies\le@offeroptimizer[1].txt Radar Spy 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\le\cookies\le@tradedoubler[1].txt Gruss BaseJ Dieser Beitrag wurde am 27.11.2006 um 00:15 Uhr von BaseJ editiert.
|
|
|
||
27.11.2006, 00:27
Ehrenmitglied
Beiträge: 29434 |
#12
da kann ich mich nur fragen, wozu ich ein Avengerscript erstelle, wenn du es dann nicht anwendest
berichte, ob die Virenmeldung noch kommt. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.11.2006, 08:56
Member
Themenstarter Beiträge: 11 |
#13
Den hab ich angewandt, aber beim Neustarten kam irgendeine Fehlermedung, sorry.
Aber ich glaub es hat funktioniert, dieser best offers scheint jedenfalls nicht mehr auf dem Rechner zu sein! Jedenfalls ist er nicht mehr unter der Softwareliste zu finden. Gruss BaseJ |
|
|
||
Gruss BaseJ
Hier der Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14:19:02, on 26.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
C:\Programme\USB MEMORY BAR\diskicon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Napster\napster.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\TBONBin\tbon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\TBONBin\TBONWnd.EXE
C:\Programme\TBONBin\TBONWnd.EXE
C:\DOKUME~1\LE~1\LOKALE~1\Temp\Rar$EX96.371\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.de/proxy.pac
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Programme\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DiskIcon] C:\Programme\USB MEMORY BAR\diskicon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NapsterShell] C:\Programme\Napster\napster.exe /systray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [tbon] C:\Programme\TBONBin\tbon.exe /r
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe