Home » Viren, Trojaner & Malware Forum » windows media player startet automatisch filme » Themenansicht
windows media player startet automatisch filmeThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
27.01.2007, 06:01
Member
 Beiträge: 24 |
||
 
|
|
|
|
27.01.2007, 22:02
Ehrenmitglied
 Beiträge: 29434 |
#2
bluewrx
arbeite das ab und poste die logs http://board.protecus.de/t23188.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.01.2007, 22:31
Member
Themenstarter Beiträge: 24 |
#3
hallo habe versucht einiges auszuführen hier das resultat_
Logfile of HijackThis v1.99.1 Scan saved at 22:28:30, on 27.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.5.0_10\bin\jusched.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\PViever\pviever.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\WinTV\Ir.exe C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\LckFldService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\FAMA\LOKALE~1\Temp\Rar$EX00.234\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sunrise.ch/funinfo/internetfun.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [SemanticInsight] C:\Programme\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [PViever] "C:\Program Files\PViever\pviever.exe" hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE /A "C:\WINDOWS\system32\E_S13.tmp" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp08.photoprintit.de/microsite/1741/defaults/activex/IPSUploader.cab O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/FUploader/SpeedUploader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe ----------------------------------------------------------- thx bluewrx __________ 4 4 4 4 = 45 >>>> www.bluewrx.ch.vu |
|
|
|
|
|
|
28.01.2007, 13:19
Ehrenmitglied
Beiträge: 29434 |
#4
««
Folgen den Anweisungen unter http://virus-protect.org/cleanup.html und stelle den CleanUp genauso ein, wie dort angegeben, dann den Rechner neustarten (so werden die temporaeren Dateien geloescht) «« combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.01.2007, 19:25
Member
Themenstarter Beiträge: 24 |
#5
"FAMA" - 07-01-28 19:22:08 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Dokumente und Einstellungen\FAMA\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 )))))))))))))))))))))))))))))))))) 2007-01-27 17:43 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Spybot - Search & Destroy 2007-01-24 14:03 41,472 --a------ C:\WINDOWS\system32\Lttwn12n.dll 2007-01-24 14:03 36,864 --a------ C:\WINDOWS\system32\Ltwnd12n.dll 2007-01-24 14:03 348,160 --a------ C:\WINDOWS\system32\Ltdlg12n.dll 2007-01-24 14:03 32,256 --a------ C:\WINDOWS\system32\Lfani12n.dll 2007-01-24 14:03 25,600 --a------ C:\WINDOWS\system32\Lfavi12n.dll 2007-01-24 14:03 164,352 --a------ C:\WINDOWS\system32\Lfpng12n.dll 2007-01-24 14:03 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll 2007-01-24 14:03 <DIR> d-------- C:\Programme\JVC 2007-01-22 09:59 <DIR> d-a------ C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\TEMP (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-27 18:16 -------- d-------- C:\Programme\myway 2007-01-26 17:45 -------- d-------- C:\DOKUME~1\FAMA\Anwendungsdaten\canon 2007-01-24 14:03 -------- d--h----- C:\Programme\installshield installation information 2007-01-19 00:03 -------- d-------- C:\Programme\antivir personaledition classic 2006-12-23 13:55 -------- d-------- C:\Programme\java 2006-12-14 16:53 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2006-12-14 16:53 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2006-12-12 20:53 -------- d-------- C:\Programme\windows media connect 2 2006-12-09 16:59 -------- d-------- C:\Programme\ipswitch 2006-12-04 22:35 -------- d-------- C:\Programme\alcohol soft 2006-12-04 22:33 -------- d-------- C:\Programme\Gemeinsame Dateien\swf studio 2006-12-04 22:33 -------- d-------- C:\DOKUME~1\FAMA\Anwendungsdaten\mozilla 2006-12-04 22:33 -------- d-------- C:\DOKUME~1\FAMA\Anwendungsdaten\cdzilla 2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-11-03 10:02 8282112 --a------ C:\WINDOWS\system32\wmploc.dll 2006-11-03 09:56 99840 --a------ C:\WINDOWS\system32\wmpshell.dll 2006-11-03 09:55 275968 --a------ C:\WINDOWS\system32\wmerror.dll 2006-11-03 09:54 8192 --a------ C:\WINDOWS\system32\asferror.dll 2006-11-02 11:51 43008 --------- C:\WINDOWS\system32\wpdshextres.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot" "PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "WhenUSave"="\"C:\\Programme\\Save\\Save.exe\"" "EPSON Stylus COLOR 480"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_SICN03.EXE /A \"C:\\WINDOWS\\system32\\E_S13.tmp\"" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe" "SemanticInsight"="C:\\Programme\\RXToolBar\\Semantic Insight\\SemanticInsight.exe" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup" "PViever"="\"C:\\Program Files\\PViever\\pviever.exe\" hide" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Completion time: 07-01-28 19:23:24 C:\ComboFix2.txt ... 07-01-27 22:35 thx bluewrx....................... __________ 4 4 4 4 = 45 >>>> www.bluewrx.ch.vu |
|
|
|
|
|
|
28.01.2007, 20:15
Ehrenmitglied
Beiträge: 29434 |
#6
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint
Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.01.2007, 21:53
Member
Themenstarter Beiträge: 24 |
#7
Zitat bluewrx posteteDatentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\WINDOWS\Downloaded Program Files 26.05.2006 16:46 <DIR> CONFLICT.1 12.06.2006 17:13 <DIR> CONFLICT.2 16.05.2005 14:44 315'392 Install.dll 16.05.2005 14:47 122 Install.inf 11.04.2006 13:06 322 IPSUploader.inf 21.06.2006 11:32 1'939'056 IPSUploader.ocx 09.10.2003 09:32 144 QTPlugin.inf 30.06.2006 18:53 375 SpeedUploader.inf 30.06.2006 18:53 2'025'216 SpeedUploader.ocx 02.12.2005 10:55 5'101 swflash.inf 07.09.2006 12:29 141'824 UDC6U_0001_D19M0709NetInstaller.exe 19.02.2006 07:48 74'752 UERSU_0001_N68M1402NetInstaller.exe 10 Datei(en) 4'502'304 Bytes 2 Verzeichnis(se), 24'775'094'272 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Programme Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Program Files 06.01.2007 21:26 <DIR> . 06.01.2007 21:26 <DIR> .. 24.01.2007 12:30 <DIR> PViever 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 24'775'094'272 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5 28.01.2007 21:24 <DIR> 0L27KT67 28.01.2007 21:24 <DIR> 9S2CDEOP 28.01.2007 19:36 8'945'664 index.dat 28.01.2007 21:24 <DIR> LO439HG1 28.01.2007 21:24 <DIR> MT7K103Y 28.01.2007 21:24 <DIR> NR9RJTCW 28.01.2007 21:45 <DIR> Q1R8PS3I 28.01.2007 21:24 <DIR> SDA7CXIR 28.01.2007 21:24 <DIR> T0GNHXCD 28.01.2007 21:45 <DIR> V35FJ9GW 28.01.2007 21:45 <DIR> W52F09EF 1 Datei(en) 8'945'664 Bytes 10 Verzeichnis(se), 24'775'094'272 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temp 28.01.2007 19:36 <DIR> . 28.01.2007 19:36 <DIR> .. 28.01.2007 19:33 173 jusched.log 1 Datei(en) 173 Bytes 2 Verzeichnis(se), 24'775'094'272 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\WINDOWS\Temp 28.01.2007 19:37 <DIR> . 28.01.2007 19:37 <DIR> .. 28.01.2007 21:49 255 WGAErrLog.txt 1 Datei(en) 255 Bytes 2 Verzeichnis(se), 24'775'094'272 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Temp 22.09.2006 16:12 <DIR> . 22.09.2006 16:12 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 24'775'094'272 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Programme 27.01.2007 22:10 <DIR> . 27.01.2007 22:10 <DIR> .. 25.05.2006 10:21 <DIR> AC3Filter 15.10.2006 15:46 <DIR> Adobe 10.03.2006 13:22 <DIR> Ahead 04.12.2006 22:35 <DIR> Alcohol Soft 19.01.2007 00:03 <DIR> AntiVir PersonalEdition Classic 25.03.2006 09:45 <DIR> ArcSoft 08.10.2006 16:03 <DIR> Azureus 10.03.2006 11:12 <DIR> BroadCom GB LAN 25.03.2006 09:48 <DIR> Canon 28.01.2007 19:17 <DIR> CleanUp! 25.05.2006 10:21 <DIR> Cliprex DVD Player Professional 10.03.2006 10:57 <DIR> ComPlus Applications 10.03.2006 13:24 <DIR> CyberLink 12.07.2006 21:49 <DIR> Datapol 14.05.2006 09:13 <DIR> DIFX 21.05.2006 13:45 <DIR> eMule 24.03.2006 22:25 <DIR> EPSON 25.05.2006 10:21 <DIR> ffdshow 21.05.2006 13:36 <DIR> FolderAccess 15.10.2006 15:47 <DIR> Freecom Backup Software 04.12.2006 22:33 <DIR> Gemeinsame Dateien 22.05.2006 18:03 <DIR> Google 13.06.2006 19:31 <DIR> GXTranscoder v2 10.03.2006 11:09 <DIR> Intel 14.12.2006 16:56 <DIR> Internet Explorer 09.12.2006 16:59 <DIR> Ipswitch 23.12.2006 13:55 <DIR> Java 24.01.2007 15:37 <DIR> JVC 10.05.2006 22:45 <DIR> K-Lite 10.05.2006 21:50 <DIR> Kazaa 10.05.2006 22:27 <DIR> Kazaa Lite 02.04.2006 09:47 <DIR> Lavasoft 17.09.2006 17:20 <DIR> LimeWire 25.03.2006 14:01 <DIR> Logitech 25.05.2006 11:14 <DIR> MainConcept 10.03.2006 11:26 <DIR> Messenger 10.03.2006 11:00 <DIR> microsoft frontpage 24.03.2006 16:38 <DIR> Microsoft Office 24.03.2006 16:39 <DIR> Microsoft Visual Studio 10.03.2006 10:58 <DIR> Movie Maker 13.06.2006 19:33 <DIR> MP3Producer 10.03.2006 10:56 <DIR> MSN 10.03.2006 10:56 <DIR> MSN Gaming Zone 25.03.2006 13:35 <DIR> MSN Messenger 19.11.2006 12:01 <DIR> MSXML 4.0 27.01.2007 18:16 <DIR> MyWay 26.03.2006 11:58 <DIR> Need2Find 10.03.2006 10:58 <DIR> NetMeeting 25.03.2006 09:47 <DIR> NewSoft 14.05.2006 09:12 <DIR> Nokia 10.03.2006 10:56 <DIR> Online Services 10.03.2006 10:59 <DIR> Online-Dienste 14.12.2006 16:55 <DIR> Outlook Express 15.04.2006 12:03 <DIR> QuickTime 25.03.2006 09:57 <DIR> Real 10.03.2006 11:12 <DIR> Realtek 25.03.2006 09:46 <DIR> ScanSoft 18.11.2006 17:12 <DIR> SereneScreen 27.01.2007 18:03 <DIR> Spybot - Search & Destroy 08.09.2006 15:27 <DIR> Super DVD Creator 9.20 21.10.2006 15:03 <DIR> Tweak-XP Pro 4 29.03.2006 09:16 <DIR> vtplus 25.03.2006 09:56 <DIR> Windows Media Components 12.12.2006 20:53 <DIR> Windows Media Connect 2 12.12.2006 20:53 <DIR> Windows Media Player 10.03.2006 10:56 <DIR> Windows NT 18.05.2006 15:11 <DIR> WinRAR 10.03.2006 12:00 <DIR> WinTV 29.06.2006 21:45 <DIR> WS_FTP 10.03.2006 11:00 <DIR> xerox 28.03.2006 08:57 <DIR> XynX! GmbH 29.06.2006 08:07 <DIR> Yahoo! 26.03.2006 10:28 <DIR> Zeallsoft 0 Datei(en) 0 Bytes 75 Verzeichnis(se), 24'775'090'176 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Anwendungsdaten 15.10.2006 15:59 <DIR> Adobe 25.03.2006 17:30 <DIR> Ahead 15.04.2006 12:04 <DIR> Apple Computer 24.01.2007 15:59 243'200 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 26.07.2006 20:05 <DIR> Deployment 30.09.2006 11:45 34'080 GDIPFONTCACHEV1.DAT 22.05.2006 18:03 <DIR> Google 26.03.2006 19:57 <DIR> Help 24.03.2006 16:45 <DIR> Identities 25.03.2006 14:04 <DIR> Logitech-LS 24.01.2007 13:52 <DIR> Microsoft 25.05.2006 12:52 <DIR> WMTools Downloaded Files 24.03.2006 20:04 <DIR> {3248F0A6-6813-11D6-A77B-00B0D0150060} 2 Datei(en) 277'280 Bytes 11 Verzeichnis(se), 24'775'090'176 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Dokumente und Einstellungen\FAMA\Anwendungsdaten 25.03.2006 09:44 <DIR> Adobe 15.10.2006 15:59 <DIR> AdobeUM 14.04.2006 19:06 <DIR> Ahead 15.04.2006 12:04 <DIR> Apple Computer 12.07.2006 22:45 <DIR> ArcSoft 21.10.2006 16:25 <DIR> Azureus 26.01.2007 17:45 <DIR> Canon 04.12.2006 22:33 <DIR> CDZilla 21.05.2006 08:48 <DIR> CyberLink 25.03.2006 15:04 <DIR> DataLayer 09.07.2006 18:20 19'560 GDIPFONTCACHEV1.DAT 22.05.2006 18:03 <DIR> Google 26.03.2006 19:57 <DIR> Help 10.03.2006 11:04 <DIR> Identities 25.03.2006 09:44 <DIR> InterTrust 26.03.2006 11:23 <DIR> Kazaa Lite 02.04.2006 09:47 <DIR> Lavasoft 31.03.2006 22:45 <DIR> Macromedia 25.05.2006 11:14 <DIR> MCMPEGEnc 04.12.2006 22:33 <DIR> Mozilla 12.07.2006 22:46 <DIR> NewSoft 25.03.2006 15:03 <DIR> Nokia 10.07.2006 08:10 <DIR> Nokia Multimedia Player 14.05.2006 09:19 <DIR> PC Suite 10.04.2006 09:31 <DIR> Real 25.03.2006 09:46 <DIR> ScanSoft 24.03.2006 20:05 <DIR> Sun 28.06.2006 22:08 <DIR> Yahoo! 1 Datei(en) 19'560 Bytes 27 Verzeichnis(se), 24'775'086'080 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 25.03.2006 14:40 305 addr_file.html 15.10.2006 15:46 <DIR> Adobe 10.03.2006 13:19 <DIR> Ahead 20.12.2006 09:07 <DIR> AntiVir PersonalEdition Classic 15.04.2006 12:02 <DIR> Apple Computer 10.03.2006 13:24 <DIR> CyberLink 27.03.2006 23:43 <DIR> nView_Profiles 14.05.2006 09:12 <DIR> PC Suite 06.01.2007 18:18 1'369 QTSBandwidthCache 27.01.2007 18:17 <DIR> Spybot - Search & Destroy 25.03.2006 09:46 <DIR> SSScanAppDataDir 25.03.2006 09:46 <DIR> SSScanWizard 27.01.2007 17:34 <DIR> TEMP 22.08.2006 16:59 <DIR> Windows Genuine Advantage 2 Datei(en) 1'674 Bytes 12 Verzeichnis(se), 24'775'086'080 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Programme\Gemeinsame Dateien 04.12.2006 22:33 <DIR> . 04.12.2006 22:33 <DIR> .. 15.10.2006 15:59 <DIR> Adobe 10.03.2006 13:19 <DIR> Ahead 24.03.2006 16:39 <DIR> Designer 10.03.2006 10:58 <DIR> Dienste 14.08.2006 21:44 <DIR> EPSON 15.04.2006 12:02 <DIR> InstallShield 24.03.2006 20:04 <DIR> Java 25.03.2006 14:01 <DIR> Logitech 24.03.2006 16:39 <DIR> Microsoft Shared 10.03.2006 10:58 <DIR> MSSoap 10.03.2006 13:20 <DIR> Nero 14.05.2006 09:12 <DIR> Nokia 10.03.2006 10:47 <DIR> ODBC 14.05.2006 09:12 <DIR> PCSuite 10.04.2006 09:26 <DIR> Real 25.03.2006 09:46 <DIR> ScanSoft Shared 10.03.2006 10:47 <DIR> SpeechEngines 04.12.2006 22:33 <DIR> SWF Studio 14.12.2006 16:55 <DIR> System 12.06.2006 14:39 <DIR> Wise Installation Wizard 10.04.2006 09:25 <DIR> xing shared 0 Datei(en) 0 Bytes 23 Verzeichnis(se), 24'775'086'080 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 84D6-97D8 Verzeichnis von C:\Windows\tasks thx bluewrx ich glaub ich bin es los.................. mal abwarten........... mich so oder so bedanke. immer toll hier!! hier wird geholfen. thx __________ 4 4 4 4 = 45 >>>> www.bluewrx.ch.vu Dieser Beitrag wurde am 28.01.2007 um 22:12 Uhr von bluewrx editiert.
|
|
|
|
|
|
|
28.01.2007, 22:52
Ehrenmitglied
Beiträge: 29434 |
#8
««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken Zitat REGEDIT4--------------------------------------- Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten poste das log vom avenger, was nach neustart erscheint _______ C:\Program Files\PViever Zitat Folgende Registryschlüssel werden geändert: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
28.01.2007, 23:08
Member
Themenstarter Beiträge: 24 |
#9
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Error: could not create zip file. Error code: 0 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\brdyanqy ******************* Script file located at: \??\C:\Program Files\xmulnpvb.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\Downloaded Program Files\Install.dll not found! Deletion of file C:\WINDOWS\Downloaded Program Files\Install.dll failed! Could not process line: C:\WINDOWS\Downloaded Program Files\Install.dll Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\Install.inf not found! Deletion of file C:\WINDOWS\Downloaded Program Files\Install.inf failed! Could not process line: C:\WINDOWS\Downloaded Program Files\Install.inf Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6U_0001_D19M0709NetInstaller.exe not found! Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6U_0001_D19M0709NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6U_0001_D19M0709NetInstaller.exe Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6U_0001_D19M0709NetInstaller.exe not found! Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6U_0001_D19M0709NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6U_0001_D19M0709NetInstaller.exe Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\UDC6U_0001_D19M0709NetInstaller.exe not found! Deletion of file C:\WINDOWS\Downloaded Program Files\UDC6U_0001_D19M0709NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\UDC6U_0001_D19M0709NetInstaller.exe Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_N68M1402NetInstaller.exe not found! Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_N68M1402NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_N68M1402NetInstaller.exe Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_N68M1402NetInstaller.exe not found! Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_N68M1402NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_N68M1402NetInstaller.exe Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\UERSU_0001_N68M1402NetInstaller.exe not found! Deletion of file C:\WINDOWS\Downloaded Program Files\UERSU_0001_N68M1402NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\UERSU_0001_N68M1402NetInstaller.exe Status: 0xc0000034 Folder C:\Programme\MyWay not found! Deletion of folder C:\Programme\MyWay failed! Could not process line: C:\Programme\MyWay Status: 0xc0000034 Folder C:\Programme\Need2Find not found! Deletion of folder C:\Programme\Need2Find failed! Could not process line: C:\Programme\Need2Find Status: 0xc0000034 Folder C:\Program Files\PViever not found! Deletion of folder C:\Program Files\PViever failed! Could not process line: C:\Program Files\PViever Status: 0xc0000034 Folder C:\Programme\RXToolBar not found! Deletion of folder C:\Programme\RXToolBar failed! Could not process line: C:\Programme\RXToolBar Status: 0xc0000034 Folder C:\Programme\Save not found! Deletion of folder C:\Programme\Save failed! Could not process line: C:\Programme\Save Status: 0xc0000034 Could not delete folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0L27KT67 Deletion of folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0L27KT67 failed! Could not process line: C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0L27KT67 Status: 0xc0000035 Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\9S2CDEOP deleted successfully. Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LO439HG1 deleted successfully. Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MT7K103Y deleted successfully. Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NR9RJTCW not found! Deletion of folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NR9RJTCW failed! Could not process line: C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NR9RJTCW Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q1R8PS3I deleted successfully. Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SDA7CXIR deleted successfully. Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\T0GNHXCD deleted successfully. Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\V35FJ9GW deleted successfully. Folder C:\Dokumente und Einstellungen\FAMA\Lokale Einstellungen\Temporary Internet Files\Content.IE5\W52F09EF deleted successfully. Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SemanticInsight Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SemanticInsight failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|PViever Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|PViever failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Surf not found! Deletion of registry key HKLM\SOFTWARE\Surf failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. __________ 4 4 4 4 = 45 >>>> www.bluewrx.ch.vu Dieser Beitrag wurde am 28.01.2007 um 23:18 Uhr von bluewrx editiert.
|
|
|
|
|
|
|
28.01.2007, 23:50
Ehrenmitglied
Beiträge: 29434 |
#10
scanne, stelle nach dem scan alles auf remove und poste den report hier
http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.01.2007, 14:51
Member
Themenstarter Beiträge: 24 |
#11
Spyware Scan Details
Start Date: 29.01.2007 14:19:52 End Date: 29.01.2007 14:44:29 Total Time: 24 mins 37 secs Detected spyware KaZaA P2P more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Ignored Infected files detected c:\programme\kazaa\bgp2p\bdupd.dll c:\programme\kazaa\bgp2p\plugins\ace.xmd c:\programme\kazaa\bgp2p\plugins\adsntfs.xmd c:\programme\kazaa\bgp2p\plugins\alz.xmd c:\programme\kazaa\bgp2p\plugins\arc.xmd c:\programme\kazaa\bgp2p\plugins\arj.xmd c:\programme\kazaa\bgp2p\plugins\bach.xmd c:\programme\kazaa\bgp2p\plugins\bzip2.xmd c:\programme\kazaa\bgp2p\plugins\cab.xmd c:\programme\kazaa\bgp2p\plugins\cevakrnl.cvd c:\programme\kazaa\bgp2p\plugins\cevakrnl.ivd c:\programme\kazaa\bgp2p\plugins\cevakrnl.rvd c:\programme\kazaa\bgp2p\plugins\cevakrnl.xmd c:\programme\kazaa\bgp2p\plugins\ceva_dll.cvd c:\programme\kazaa\bgp2p\plugins\ceva_emu.cvd c:\programme\kazaa\bgp2p\plugins\ceva_vfs.cvd c:\programme\kazaa\bgp2p\plugins\chm.xmd c:\programme\kazaa\bgp2p\plugins\cpio.xmd c:\programme\kazaa\bgp2p\plugins\cran.cvd c:\programme\kazaa\bgp2p\plugins\cran.ivd c:\programme\kazaa\bgp2p\plugins\cran.xmd c:\programme\kazaa\bgp2p\plugins\dbx.xmd c:\programme\kazaa\bgp2p\plugins\docfile.xmd c:\programme\kazaa\bgp2p\plugins\emalware.cvd c:\programme\kazaa\bgp2p\plugins\emalware.ivd c:\programme\kazaa\bgp2p\plugins\emalware.xmd c:\programme\kazaa\bgp2p\plugins\epoc.xmd c:\programme\kazaa\bgp2p\plugins\e_spyw.ivd c:\programme\kazaa\bgp2p\plugins\gzip.xmd c:\programme\kazaa\bgp2p\plugins\ha.xmd c:\programme\kazaa\bgp2p\plugins\hlp.xmd c:\programme\kazaa\bgp2p\plugins\hpe.cvd c:\programme\kazaa\bgp2p\plugins\hpe.xmd c:\programme\kazaa\bgp2p\plugins\hqx.xmd c:\programme\kazaa\bgp2p\plugins\html.xmd c:\programme\kazaa\bgp2p\plugins\imp.xmd c:\programme\kazaa\bgp2p\plugins\inno.xmd c:\programme\kazaa\bgp2p\plugins\instyler.xmd c:\programme\kazaa\bgp2p\plugins\iso.xmd c:\programme\kazaa\bgp2p\plugins\java.cvd c:\programme\kazaa\bgp2p\plugins\java.xmd c:\programme\kazaa\bgp2p\plugins\jpeg.xmd c:\programme\kazaa\bgp2p\plugins\lha.xmd c:\programme\kazaa\bgp2p\plugins\lnk.xmd c:\programme\kazaa\bgp2p\plugins\mbox.xmd c:\programme\kazaa\bgp2p\plugins\mbx.xmd c:\programme\kazaa\bgp2p\plugins\mdx.xmd c:\programme\kazaa\bgp2p\plugins\mdx_97.cvd c:\programme\kazaa\bgp2p\plugins\mdx_97.ivd c:\programme\kazaa\bgp2p\plugins\mdx_w95.cvd c:\programme\kazaa\bgp2p\plugins\mdx_x95.cvd c:\programme\kazaa\bgp2p\plugins\mdx_xf.cvd c:\programme\kazaa\bgp2p\plugins\mime.xmd c:\programme\kazaa\bgp2p\plugins\mso.xmd c:\programme\kazaa\bgp2p\plugins\na.cvd c:\programme\kazaa\bgp2p\plugins\na.xmd c:\programme\kazaa\bgp2p\plugins\nelf.cvd c:\programme\kazaa\bgp2p\plugins\nelf.xmd c:\programme\kazaa\bgp2p\plugins\nsis.xmd c:\programme\kazaa\bgp2p\plugins\objd.xmd c:\programme\kazaa\bgp2p\plugins\pdf.xmd c:\programme\kazaa\bgp2p\plugins\pst.xmd c:\programme\kazaa\bgp2p\plugins\rar.xmd c:\programme\kazaa\bgp2p\plugins\regscan.cvd c:\programme\kazaa\bgp2p\plugins\rpm.xmd c:\programme\kazaa\bgp2p\plugins\rtf.xmd c:\programme\kazaa\bgp2p\plugins\rup.cvd c:\programme\kazaa\bgp2p\plugins\rup.xmd c:\programme\kazaa\bgp2p\plugins\sdx.cvd c:\programme\kazaa\bgp2p\plugins\sdx.ivd c:\programme\kazaa\bgp2p\plugins\sdx.xmd c:\programme\kazaa\bgp2p\plugins\sfx.xmd c:\programme\kazaa\bgp2p\plugins\swf.xmd c:\programme\kazaa\bgp2p\plugins\tar.xmd c:\programme\kazaa\bgp2p\plugins\td0.xmd c:\programme\kazaa\bgp2p\plugins\thebat.xmd c:\programme\kazaa\bgp2p\plugins\tnef.xmd c:\programme\kazaa\bgp2p\plugins\unpack.cvd c:\programme\kazaa\bgp2p\plugins\unpack.ivd c:\programme\kazaa\bgp2p\plugins\unpack.xmd c:\programme\kazaa\bgp2p\plugins\update.txt c:\programme\kazaa\bgp2p\plugins\uudecode.xmd c:\programme\kazaa\bgp2p\plugins\ve.cvd c:\programme\kazaa\bgp2p\plugins\ve.ivd c:\programme\kazaa\bgp2p\plugins\ve.xmd c:\programme\kazaa\bgp2p\plugins\vedata.cvd c:\programme\kazaa\bgp2p\plugins\viza.xmd c:\programme\kazaa\bgp2p\plugins\wise.xmd c:\programme\kazaa\bgp2p\plugins\xishield.xmd c:\programme\kazaa\bgp2p\plugins\z.xmd c:\programme\kazaa\bgp2p\plugins\zip.xmd c:\programme\kazaa\bgp2p\plugins\zoo.xmd c:\programme\kazaa\bgp2p\plugins.htm c:\programme\kazaa\bgp2p\versions.dat c:\programme\kazaa\db\ctx4-060124.cab c:\programme\kazaa\db\data1024.dbb c:\programme\kazaa\db\data256.dbb c:\programme\kazaa\db\k7tqkgkk_tssv125.dat c:\programme\kazaa\db\np.tmp c:\programme\kazaa\db\ova4-060307.cab c:\programme\kazaa\db\ova4-060412.cab c:\programme\kazaa\db\tsi4-060124a.cab c:\programme\kazaa\db\tsi4-060124b.cab c:\programme\kazaa\db\tss4.cab c:\programme\kazaa\my shared folder\eros ramazoti - una storia .mp3 c:\programme\kazaa\my shared folder\kazaa267_de.exe c:\programme\kazaa\my shared folder\soho - sotto gli occhi.wma Infected registry entries detected HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:kzhash 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:topsearch 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa kt 0 HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Description Download files using K-Lite HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa ShellExecute \\"C:\Programme\K-Lite\khancer.exe\\" /url \\"%URL\\" HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeApplication Kazaa HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeTopic URL HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 Twain Tech Adware more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Deleted Infected files detected c:\windows\smdat32m.sys WhenU.SaveNow Adware more information... Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\software\classes\wusn.1 HKEY_LOCAL_MACHINE\software\classes\wusn.1 WUSN_Id HKEY_LOCAL_MACHINE\software\whenusave HKEY_LOCAL_MACHINE\software\whenusave\Partners\CLIP Partner CLIP0406010001 HKEY_LOCAL_MACHINE\software\whenusave\Partners\CLIP InstallTime 20060525112115 HKEY_LOCAL_MACHINE\software\whenusave\Partners\CLIP PartnerDesc Cliprex DVD Player Professional HKEY_LOCAL_MACHINE\software\whenusave\Partners\CLIP PartnerFile C:\Programme\Cliprex DVD Player Professional\Cdvd.exe HKEY_LOCAL_MACHINE\software\whenusave db_stamp_rs 20060528095738 HKEY_LOCAL_MACHINE\software\whenusave db_server_update 20060528095738 HKEY_LOCAL_MACHINE\software\whenusave FullDBTime 19082429 HKEY_LOCAL_MACHINE\software\whenusave db_script_update 1002700842 HKEY_LOCAL_MACHINE\software\whenusave InstallDir C:\Programme\Save HKEY_LOCAL_MACHINE\software\whenusave pats_url http://akapp.whenu.com/OffersDataGZ HKEY_LOCAL_MACHINE\software\whenusave pat_chunks_url http://akapp.whenu.com/DataChunksGZ HKEY_LOCAL_MACHINE\software\whenusave script_url http://app.whenu.com/Throttle?name=script-save-1002700834 HKEY_LOCAL_MACHINE\software\whenusave update_url http://app.whenu.com/Throttle?name=saveupdate_3.8 HKEY_LOCAL_MACHINE\software\whenusave ver_url http://www.whenu.com/versions.html HKEY_LOCAL_MACHINE\software\whenusave Version 3.80 HKEY_LOCAL_MACHINE\software\whenusave timedDBUpdate_rs Y HKEY_LOCAL_MACHINE\software\whenusave SystemParam_rs dt=WhenU Save;q=;i=1 HKEY_LOCAL_MACHINE\software\whenusave extra_url http://app.whenu.com/Throttle?name=savenow_3.8_win98_patch HKEY_LOCAL_MACHINE\software\whenusave extraver_url http://www.whenudownloads.com/extraver.html HKEY_LOCAL_MACHINE\software\whenusave ziptomsa_url http://akapp.whenu.com/ziptomsa HKEY_LOCAL_MACHINE\software\whenusave InstallTime 20060525112115 HKEY_LOCAL_MACHINE\software\whenusave LastPartner CLIP0406010001 HKEY_LOCAL_MACHINE\software\whenusave zip HKEY_LOCAL_MACHINE\software\whenusave acm_rs 1.02 HKEY_LOCAL_MACHINE\software\whenusave TotalPartner 1 HKEY_LOCAL_MACHINE\software\whenusave newuser_rs Y HKEY_LOCAL_MACHINE\software\whenusave Partner CLIP0406010001 HKEY_LOCAL_MACHINE\software\whenusave PartnerB CLIP HKEY_LOCAL_MACHINE\software\whenusave PartnerDesc Cliprex DVD Player Professional HKEY_LOCAL_MACHINE\software\whenusave uninstall_cmd_rs /w /d"WhenU Save" HKEY_LOCAL_MACHINE\software\whenusave TotalPopup 17;19147224;1;19142979;45468;1;1;426;140;140;1082 HKEY_LOCAL_MACHINE\software\whenusave HeartbeatTime 1148808271750 HKEY_LOCAL_MACHINE\software\whenusave HeartbeatCount 4 HKEY_LOCAL_MACHINE\software\whenusave brandskin_url http://offers.whenu.com/skin/ HKEY_LOCAL_MACHINE\software\whenusave brandstrip_rs 24 HKEY_LOCAL_MACHINE\software\whenusave brandstrip_url http://offers.whenu.com/save_brand3.html HKEY_LOCAL_MACHINE\software\whenusave bstat_rs Y HKEY_LOCAL_MACHINE\software\whenusave himp_url http://offers.whenu.com/himp/himp.db HKEY_LOCAL_MACHINE\software\whenusave iptomsa_url http://app.whenu.com/Location HKEY_LOCAL_MACHINE\software\whenusave maxPopups_rs 2 HKEY_LOCAL_MACHINE\software\whenusave redir3p_url http://offers.whenu.com/skin/redirect3p.html HKEY_LOCAL_MACHINE\software\whenusave src_url http://offers.whenu.com/pop_up/ HKEY_LOCAL_MACHINE\software\whenusave uninstalltag_rs O HKEY_LOCAL_MACHINE\software\whenusave fword_rs Y HKEY_LOCAL_MACHINE\software\whenusave MSA CCH,I6520,R32 HKEY_LOCAL_MACHINE\software\whenusave extraupdate_rs 20060525092152 HKEY_LOCAL_MACHINE\software\whenusave uninst_rs 4.0008 HKEY_LOCAL_MACHINE\software\whenusave UrlChangeCount 12 HKEY_LOCAL_MACHINE\software\whenusave\Partners\CLIP Partner CLIP0406010001 HKEY_LOCAL_MACHINE\software\whenusave\Partners\CLIP InstallTime 20060525112115 HKEY_LOCAL_MACHINE\software\whenusave\Partners\CLIP PartnerDesc Cliprex DVD Player Professional HKEY_LOCAL_MACHINE\software\whenusave\Partners\CLIP PartnerFile C:\Programme\Cliprex DVD Player Professional\Cdvd.exe HKEY_LOCAL_MACHINE\software\whenusave FullDBTime 19082429 HKEY_LOCAL_MACHINE\software\whenusave InstallDir C:\Programme\Save HKEY_LOCAL_MACHINE\software\whenusave pats_url http://akapp.whenu.com/OffersDataGZ HKEY_LOCAL_MACHINE\software\whenusave pat_chunks_url http://akapp.whenu.com/DataChunksGZ HKEY_LOCAL_MACHINE\software\whenusave script_url http://app.whenu.com/Throttle?name=script-save-1002700834 HKEY_LOCAL_MACHINE\software\whenusave update_url http://app.whenu.com/Throttle?name=saveupdate_3.8 HKEY_LOCAL_MACHINE\software\whenusave Version 3.80 HKEY_LOCAL_MACHINE\software\whenusave timedDBUpdate_rs Y HKEY_LOCAL_MACHINE\software\whenusave SystemParam_rs dt=WhenU Save;q=;i=1 HKEY_LOCAL_MACHINE\software\whenusave extra_url http://app.whenu.com/Throttle?name=savenow_3.8_win98_patch HKEY_LOCAL_MACHINE\software\whenusave InstallTime 20060525112115 HKEY_LOCAL_MACHINE\software\whenusave LastPartner CLIP0406010001 HKEY_LOCAL_MACHINE\software\whenusave TotalPartner 1 HKEY_LOCAL_MACHINE\software\whenusave newuser_rs Y HKEY_LOCAL_MACHINE\software\whenusave Partner CLIP0406010001 HKEY_LOCAL_MACHINE\software\whenusave PartnerB CLIP HKEY_LOCAL_MACHINE\software\whenusave PartnerDesc Cliprex DVD Player Professional HKEY_LOCAL_MACHINE\software\whenusave uninstall_cmd_rs /w /d"WhenU Save" HKEY_LOCAL_MACHINE\software\whenusave TotalPopup 17;19147224;1;19142979;45468;1;1;426;140;140;1082 HKEY_LOCAL_MACHINE\software\whenusave HeartbeatTime 1148808271750 HKEY_LOCAL_MACHINE\software\whenusave HeartbeatCount 4 HKEY_LOCAL_MACHINE\software\whenusave bstat_rs Y HKEY_LOCAL_MACHINE\software\whenusave iptomsa_url http://app.whenu.com/Location HKEY_LOCAL_MACHINE\software\whenusave maxPopups_rs 2 HKEY_LOCAL_MACHINE\software\whenusave uninstalltag_rs O HKEY_LOCAL_MACHINE\software\whenusave fword_rs Y HKEY_LOCAL_MACHINE\software\whenusave MSA CCH,I6520,R32 HKEY_LOCAL_MACHINE\software\whenusave UrlChangeCount 12 HKEY_CLASSES_ROOT\wusn.1 HKEY_CLASSES_ROOT\wusn.1 WUSN_Id HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave msa HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave heartbeattime HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave himp_url HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_server_update HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_stamp_rs HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandskin_url HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandstrip_rs HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandstrip_url HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave timeddbupdate_rs HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave uninstalltag_rs HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave urlchangecount HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WhenUSave HKEY_CLASSES_ROOT\ACM.ACMFactory HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1 HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} Adw.Need2Find.Toolbar Toolbar more information... Details: Adw.Need2Find.Toolbar is an IE plugin with its own Search Field. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Need2Find HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.19635) HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KB HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 5 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar PluginPath C:\Programme\Need2Find\bar\3.bin\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 3 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id 77CBA88A-DDB9-4EB9-9AC2-BCE14B06E0CA HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 177.45900 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar SettingsDir C:\Programme\Need2Find\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HTMLMenuRevision 120 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar HistoryDir C:\Programme\Need2Find\bar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CheckForConnection 0 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ConfigDateStamp 2006051016 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Flags 530 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CfgUrl http://ku.barcfg.need2find.com/speedbar/mySpeedbarCfg2.jsp?s=kb&p=KU ErrorGuard 2.5.0 Adware more information... Details: ErrorGuard is a fake AntiSpyware. Displays popup/popunder ads that cannot be closed by clicking a clearly visible close button. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll .Owner {205FF73B-CA67-11D5-99DD-444553540013} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Install.dll {205FF73B-CA67-11D5-99DD-444553540013} WhenU.WhenUSearch Low Risk Adware more information... Details: a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\WUSN.1 HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@ad.yieldmanager[1].txt ATDMT.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@atdmt[2].txt Bizrate Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@bizrate[1].txt CGI-Bin Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[10].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[11].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[12].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[13].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[14].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[15].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[16].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[17].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[18].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[19].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[1].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[20].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[21].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[22].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[23].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[24].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[25].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[26].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[27].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[28].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[29].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[2].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[30].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[31].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[32].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[33].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[34].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[35].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[36].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[37].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[38].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[39].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[3].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[40].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[43].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[4].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[5].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[6].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[7].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[8].txt c:\dokumente und einstellungen\fama\cookies\fama@cgi-bin[9].txt Com.com Cookie more information... Details: Redirects to cnet.com Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@com[1].txt dedmazai.com Cookie more information... Details: This is a Porn site, which has very bad spyware. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@counter5.sextracker[1].txt DealTime Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@dealtime[1].txt DoubleClick Cookie more information... Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@doubleclick[1].txt GeoCities Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@geocities[2].txt ICOO Loder Cookie more information... Details: It is a browser hijacker. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@icoonet[1].txt IndexTools.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@indextools[1].txt Desktop Spy Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@list[1].txt Cok.AssasinTrojan2.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@main[2].txt C2.Lop Cookie more information... Details: Lop is a group of spyware and hijacker programs that set your Internet Explorer start page and search features to use the site lop.com ('Live Online Portal') or one of its clone sites. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@mp3s.com[2].txt PayCounter.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@paycounter[1].txt SageAnalyst Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@sageanalyst[1].txt SexList.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@sexlist[2].txt SexTracker.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@sextracker[1].txt Ajan 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\fama\cookies\fama@xiti[2].txt eigentlich komisch da ich kazaa nie zum laufen gebracht habe!!! __________ 4 4 4 4 = 45 >>>> www.bluewrx.ch.vu |
|
|
|
|
|
|
29.01.2007, 15:03
Ehrenmitglied
Beiträge: 29434 |
#12
scanne noch mal, stelle aber alles auf remove - keine Quarantaene und kein ignored.
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.01.2007, 15:40
Member
Themenstarter Beiträge: 24 |
#13
2. scan mit remove !
Spyware Scan Details Start Date: 29.01.2007 15:17:43 End Date: 29.01.2007 15:37:59 Total Time: 20 mins 16 secs Detected spyware KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected D:\System Volume Information\_restore{EE55B65A-C2B8-44A7-A02B-A9D264F062B4}\RP250\A0029060.exe WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WhenUSave __________ 4 4 4 4 = 45 >>>> www.bluewrx.ch.vu |
|
|
|
|
|
|
29.01.2007, 16:16
Ehrenmitglied
Beiträge: 29434 |
#14
Zitat windows media player startet automatisch "filmchen" aller art??berichte, ob das prob behoben ist  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
29.01.2007, 16:24
Member
Themenstarter Beiträge: 24 |
#15
3. scan
nur das eine lässt sich nicht löschen. aber ich glaube da ich ad-ware drauf habe ist es resistent*!? nun auf alle fälle startet der wmp nicht mehr automatisch irgendwelche filme !:-) Spyware Scan Details Start Date: 29.01.2007 16:03:25 End Date: 29.01.2007 16:21:47 Total Time: 18 mins 22 secs Detected spyware WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WhenUSave __________ 4 4 4 4 = 45 >>>> www.bluewrx.ch.vu Dieser Beitrag wurde am 29.01.2007 um 16:53 Uhr von bluewrx editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
habe mit antivir und Ad-Aware probiert...ohne erfolg.
mein betriebsystem ist XP
evtl. Win32.Agent.bac trojaner.
mit welcher software ist dieser trojaner zu entfernen? (wenn möglich gratis*s)
ad-aware hats nicht geschafft!
besten dank
__________
4 4 4 4 = 45 >>>> www.bluewrx.ch.vu