Home » Viren, Trojaner & Malware Forum » Infiziert mit adware.webprefix, adware.zangosearch und spybouncer » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Infiziert mit adware.webprefix, adware.zangosearch und spybouncer

10.01.2008, 11:23

Pinguin

Ehrenmitglied

Beiträge: 1441

#16 mach es so: erst mal meine Anweisungen, dann lade den Counterspy, wie von Arnold empfohlen

http://www.virus-protect.org/counterspy1.html
poste dann hier den scanreport
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

10.01.2008, 20:23

Yvo

Member

Themenstarter

Beiträge: 14

#17 Hier erst einmal der report von combofix und jetzt mache ich Arnold's Schritt:

ComboFix 08-01-07.5 - Yvonne Lange 2008-01-10 19:13:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.175 [GMT 0:00]
Running from: C:\Documents and Settings\Yvonne Lange\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Yvonne Lange\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\MWSOEMON.EXE.VIR
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Installations\{25EAEF81-E991-4030-AA65-6D9DD664974E}
C:\WINDOWS\Downloaded Installations\{25EAEF81-E991-4030-AA65-6D9DD664974E}\SpyBouncer.msi

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-08 22:21 . 2008-01-08 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-08 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 19:13 . 2007-12-24 17:22 583 --a------ C:\WINDOWS\win.tmp
2008-01-08 19:13 . 2007-02-20 16:36 227 --a------ C:\WINDOWS\system.tmp
2008-01-07 18:51 . 2008-01-07 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 12:29 . 2008-01-09 08:24 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-30 15:26 . 2007-12-30 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-30 15:12 . 2007-12-30 15:26 <DIR> d-------- C:\Documents and Settings\Yvonne Lange\Application Data\PlayFirst
2007-12-30 15:12 . 2007-12-30 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-29 17:48 . 2007-12-31 15:40 <DIR> d-------- C:\Program Files\Zylom Games
2007-12-29 17:48 . 2007-12-29 17:48 <DIR> d-------- C:\Documents and Settings\Yvonne Lange\Application Data\Zylom
2007-12-29 17:48 . 2007-12-29 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 08:26 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-08 22:21 --------- d-----w C:\Program Files\Lavasoft
2008-01-08 22:21 --------- d-----w C:\Documents and Settings\Yvonne Lange\Application Data\Lavasoft
2008-01-08 22:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 19:30 --------- d-----w C:\Program Files\MSN Messenger
2008-01-07 18:56 --------- d-----w C:\Documents and Settings\Yvonne Lange\Application Data\Skype
2007-12-17 18:52 --------- d-----w C:\Program Files\Lx_cats
2007-12-08 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-08 10:51 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-08_19.31.01,59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2006-07-11 09:41:36 345,656 ----a-w C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
+ 2008-01-08 22:21:30 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-08 22:21:30 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-08 22:21:30 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-08 22:21:30 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-07-11 13:37:26 6,272 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\AWRTPD.sys
+ 2007-08-07 12:58:08 8,320 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\AWRTRD.sys
+ 2007-08-07 12:56:58 9,344 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
+ 2007-04-13 14:19:52 7,680 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-01-10 19:02:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_790.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 18:49 307200]
"PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2006-03-07 15:12 151552]
"PhonostarAgent"="C:\Program Files\phonostar\ps_agent.exe" [2006-03-07 15:06 98304]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2006-03-23 15:13 274476]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2005-05-25 12:07 188459]
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [2005-05-26 08:52 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-08 15:29 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15 290816]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 17:12 57344]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12 221184]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 12:37 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-02 12:19 118784]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 14:33 294912]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 10:43 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04 122933]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 13:47 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\Yvonne Lange\Start Menu\Programs\Startup\
MyWebSearch Email Plugin.lnk - C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir [2005-06-20 16:28:24]
PowerReg Scheduler.exe [2004-10-14 15:34:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26]
Office-Bibliothek-Direktsuche.lnk - C:\Program Files\Office-Bibliothek\PCLib.exe [2007-04-14 16:21:06]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-09 20:04:56]

R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 07:56]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 11:31]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\NTPASp50.sys [2006-01-18 13:05]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1626524-818e-11dc-8ef2-000f1f59c27a}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 17:53:56 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-11-08 08:04:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 19:17:01 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-10-13 16:33:44 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 19:18:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 19:20:03
ComboFix-quarantined-files.txt 2008-01-10 19:19:40
ComboFix2.txt 2008-01-08 19:31:44
.
2008-01-09 03:03:19 --- E O F ---

10.01.2008, 20:30

Pinguin

Ehrenmitglied

Beiträge: 1441

#18 Yvo

««
loesche mit Combofix:
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

File::
C:\Documents and Settings\Yvonne Lange\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
C:\Documents and Settings\Yvonne Lange\Start Menu\Programs\Startup\PowerReg Scheduler.exe

und mit der rechten Maustaste auf das Symbol von Combofix ziehen + Combofix noch mal anwenden

««
wenn du nun noch mit dem Counterspy drüberbügelst ..und alles gefundene löschen lässt - müsste wieder alles sauber sein

http://www.virus-protect.org/counterspy1.html

«
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

10.01.2008, 20:53

Yvo

Member

Themenstarter

Beiträge: 14

#19 ich konnte den schritt von arnold nicht machen, da mein computer im abgesichterten modus nicht mein Modem erkennt. soll ich jetzt einfach deinen schritt machen pinguin und den von arnold weglassen?

10.01.2008, 20:56

Pinguin

Ehrenmitglied

Beiträge: 1441

#20 du kannst mit counterspy im normalmodus arbeiten

__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

11.01.2008, 08:19

Yvo

Member

Themenstarter

Beiträge: 14

#21 Ich habe jetzt alles gemacht, aber der Nortan Scanner zeigt mir immer noch diesen Adware.Webprefix an:

Registry:
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\Software\Microsoft\Internet Explorer\Main->WebPrefix
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\Software\Microsoft\Internet Explorer\Main->Offline Folder

Hier erst einmal der Report von Combofix:

ComboFix 08-01-07.5 - Yvonne Lange 2008-01-10 20:06:20.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.140 [GMT 0:00]
Running from: C:\Documents and Settings\Yvonne Lange\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Yvonne Lange\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Yvonne Lange\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
C:\Documents and Settings\Yvonne Lange\Start Menu\Programs\Startup\PowerReg Scheduler.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-08 22:21 . 2008-01-08 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-08 19:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 19:13 . 2007-12-24 17:22 583 --a------ C:\WINDOWS\win.tmp
2008-01-08 19:13 . 2007-02-20 16:36 227 --a------ C:\WINDOWS\system.tmp
2008-01-07 18:51 . 2008-01-07 18:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 12:29 . 2008-01-09 08:24 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-30 15:26 . 2007-12-30 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-30 15:12 . 2007-12-30 15:26 <DIR> d-------- C:\Documents and Settings\Yvonne Lange\Application Data\PlayFirst
2007-12-30 15:12 . 2007-12-30 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-29 17:48 . 2007-12-31 15:40 <DIR> d-------- C:\Program Files\Zylom Games
2007-12-29 17:48 . 2007-12-29 17:48 <DIR> d-------- C:\Documents and Settings\Yvonne Lange\Application Data\Zylom
2007-12-29 17:48 . 2007-12-29 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 08:26 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-08 22:21 --------- d-----w C:\Program Files\Lavasoft
2008-01-08 22:21 --------- d-----w C:\Documents and Settings\Yvonne Lange\Application Data\Lavasoft
2008-01-08 22:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 19:30 --------- d-----w C:\Program Files\MSN Messenger
2008-01-07 18:56 --------- d-----w C:\Documents and Settings\Yvonne Lange\Application Data\Skype
2007-12-17 18:52 --------- d-----w C:\Program Files\Lx_cats
2007-12-08 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-08 10:51 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 18:49 307200]
"PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2006-03-07 15:12 151552]
"PhonostarAgent"="C:\Program Files\phonostar\ps_agent.exe" [2006-03-07 15:06 98304]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2006-03-23 15:13 274476]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [2005-05-25 12:07 188459]
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [2005-05-26 08:52 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-08 15:29 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15 290816]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 17:12 57344]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12 221184]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-02 12:37 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-02 12:19 118784]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 14:33 294912]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 10:43 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04 122933]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 13:47 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26]
Office-Bibliothek-Direktsuche.lnk - C:\Program Files\Office-Bibliothek\PCLib.exe [2007-04-14 16:21:06]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-09 20:04:56]

R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 07:56]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 11:31]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\NTPASp50.sys [2006-01-18 13:05]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1626524-818e-11dc-8ef2-000f1f59c27a}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 17:53:56 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-11-08 08:04:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 19:17:01 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-10-13 16:33:44 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 20:11:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Office-Bibliothek\KDHook.dll
-> C:\Program Files\Office-Bibliothek\KapKey.dll
.
Completion time: 2008-01-10 20:12:46
ComboFix2.txt 2008-01-10 19:20:04
.
2008-01-09 03:03:19 --- E O F ---

Und der Report von Counterspy:

Scan History Details
Start Date: 10.01.2008 20:45:22
End Date: 10.01.2008 21:44:03
Total Time: 58 Min 41 Sec
Detected security risks

GmbH Porn Dialer more information...
Details: GmbH is a dialer that dials high-cost international phone calls using a modem.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/IELOADER.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/IELOADER.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/IELOADER.DLL

SafeguardProtect.Veevo Browser Plug-in more information...
Details: SafeguardProtect.Veevo is an Internet Explorer browser helper object.
Status: Deleted

Files detected
C:\WINDOWS\SYSTEM32\sfg.lib

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD.2.0
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD.2.0
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD.2.0\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD.2.0\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\SAFEGUARDPROTECT.PCSHIELD\CurVer
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield\0xA7C5F35B890D23C7
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\SAFEGUARD PROTECT\PCShield

MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\Instance
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\Instance
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720451-B472-4954-B7AA-33069EB53906}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720451-B472-4954-B7AA-33069EB53906}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL.1
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL.1
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCH.HTMLPANEL\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN.1
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN.1
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.SETTINGSPLUGIN\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN.1
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN.1
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\MYWEBSEARCHTOOLBAR.TOOLBARPLUGIN\CurVer
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\MYWEBSEARCH
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\MYWEBSEARCH\bar
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\MYWEBSEARCH\bar

FunWebProducts Potentially Unwanted Program more information...
Details: Fun Web Products bundles adware software in its products.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.HTMLMENU
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.HTMLMENU
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.HTMLMENU\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.HTMLMENU\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON.1
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON.1
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERBARBUTTON\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL.1
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL.1
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\FUNWEBPRODUCTS.POPSWATTERSETTINGSCONTROL\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\CursorLoader
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\CursorLoader
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\PopSwatter
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\PopSwatter
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\PopSwatter
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\PopSwatter
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\ScreenSaver
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\ScreenSaver
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\CursorManiaBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\CursorManiaBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\CursorManiaBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\CursorManiaBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\FunBuddyIconBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\FunBuddyIconBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\FunBuddyIconBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\FunBuddyIconBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MailStampBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MailStampBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MailStampBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MailStampBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MySignatureInsertBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MySignatureInsertBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MySignatureInsertBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MySignatureInsertBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MySignaturePreviewBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MySignaturePreviewBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MySignaturePreviewBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MySignaturePreviewBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MyStationeryBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MyStationeryBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MyStationeryBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\MyStationeryBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\Promos
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\Promos
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\Promos
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\Promos
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\Promos
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\SmileyCentralBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\SmileyCentralBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\SmileyCentralBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\SmileyCentralBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\SmileyCentralBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\SmileyCentralBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\SmileyCentralBtn
HKEY_LOCAL_MACHINE\SOFTWARE\FUN WEB PRODUCTS\Settings\SmileyCentralBtn
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\USER AGENT\POST PLATFORM
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\FUN WEB PRODUCTS
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\FUN WEB PRODUCTS\CursorLoader
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\FUN WEB PRODUCTS\CursorLoader

Bifrost Backdoor more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-3805955573-2373107025-836860849-1009\SOFTWARE\WGET

MediaPipe/MovieLand Hijacker more information...
Details: MediaPipe/MovieLand is an online content access program that badgers using into paying for the application if they do not cancel the "trial" within a certain time period.
Status: Deleted

Files detected
C:\WINDOWS\Downloaded Program Files\Install.inf

Cookie: Tracking Cookies Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\yvonne lange\cookies\yvonne_lange@2o7[1].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@atdmt[2].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@bs.serving-sys[1].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@com[1].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@doubleclick[1].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@ehg-idg.hitbox[2].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@hitbox[2].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@serving-sys[1].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@shareit[1].txt
c:\documents and settings\yvonne lange\cookies\yvonne_lange@tradedoubler[1].txt

11.01.2008, 12:02

Pinguin

Ehrenmitglied

Beiträge: 1441

#22 Yvo

nun gut

scanne noch mal - lasse ALLES loeschen !!! (detected - ist somit nur erkannt, noch nicht gelöscht)

der Counterspy ist 15 Tage free, dann kaufe ihn oder deinstalliere ihn wieder.
Mit deinem Compi müsste wieder alles o.k. sein.
Alles Gute

__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

11.01.2008, 13:34

Yvo

Member

Themenstarter

Beiträge: 14

#23 Ich habe ja danach den Counterspy noch einmal scannen lassen und da hat er nix gefunden. Das ist ja das komische.

Aber der Nortan Scanner findet aber diesen Web.prefix.

Du bist wahrscheinlich auch mit deinem Latein am Ende oder? :-/

11.01.2008, 15:49

Pinguin

Ehrenmitglied

Beiträge: 1441

#24 wieso Latein am Ende ? Hab ich was uebersehen ?

Was findet der Norton ? Loescht er nicht, was er findet ?
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

11.01.2008, 17:23

Yvo

Member

Themenstarter

Beiträge: 14

#25 Hi,

ich dachte, du hast auch schon die Hoffnung verloren. Aber immerhin wurden von 4 Viren bisher 3 entfernt. :-)

Der Nortan Scanner scheint nur zu scannen, denn er sagt dann bei dem Adware.Webprefix - "Not removable with free scanner". :-(

Gruss
Yvonne

11.01.2008, 17:36

Pinguin

Ehrenmitglied

Beiträge: 1441

#26 ««
seit wann ist Norton eine Free-Version ???? Du hast es doch bezahlt oder ?

Adware.Webprefix, wnn es denn wirklich auf dem Rechner ist, stellt keine riesengrosse Bedrohung dar.
Was soll man tun ? Du hast schon mit sovielen Scannern gearbeitet und keiner hat davon was gefunden....
du kannst es noch mal mit Spyxposer versuchen: (klicke unten: Panda ActiveScan Pro)
http://www.virus-protect.org/antispytools.html

poste dann hier den Report
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

11.01.2008, 19:10

Yvo

Member

Themenstarter

Beiträge: 14

#27 Mein Computer erkennt diese Pandascan als Virus, ich werde diesen Scan dann lieber nicht machen.

11.01.2008, 21:20

Pinguin

Ehrenmitglied

Beiträge: 1441

#28 ja nun, den Norton müsste man am liebsten in die Tonne treten

Natürlich ist der Pandascan kein Virus... - wird aber gern von Konkurenzscannern als solcher erkannt.
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2