Seite 2 von 3 ErsteErste 123 LetzteLetzte
Ergebnis 11 bis 20 von 28

Thema: Spyware infect

  1. #11
    Gast
    Gast

    AW: Spyware infect

    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 12:10:56, on 20.12.2005
    Platform: Windows XP  (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\Programme\ICQLite\ICQLite.exe
    C:\Programme\D-Tools\daemon.exe
    C:\Programme\AVPersonal\AVGNT.EXE
    C:\Programme\WinBar\WinBar.exe
    C:\Programme\mozilla.org\Mozilla\mozilla.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Programme\HijackThis\HijackThis.exe\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
    R3 - URLSearchHook: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Programme\Cram Toolbar\untitled1.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - C:\PROGRA~1\CRAMTO~1\UNTITL~1.DLL
    O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb011.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Cram Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Programme\Cram Toolbar\untitled1.dll
    O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb011.dll (file missing)
    O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe"  -lang 1033
    O4 - HKLM\..\Run: [AnyDVD] C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\Rar$EX02.103\AnyDVD.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe /s
    O4 - HKCU\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: WinBar.lnk = C:\Programme\WinBar\WinBar.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133095254150
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: nuclabdll - nuclabdll.dll (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    Hier ist der Link mit der Auswertung

    Nun das SpySweeper Protokoll:

    Code:
    ********
    12:27: |       Beginn der Sitzung, Dienstag, 20. Dezember 2005       |
    12:27: Spy Sweeper gestartet
    12:27: Suchvorgang unter Verwendung der Definitionsversion eingeleitet. 587
    12:27: Suchvorgang im Arbeitspeicher wird gestartet
    12:39: Suchvorgang im Arbeitspeicher abgeschlossen, Dauer: 00:11:36
    12:39: Suchvorgang in Registrierung wird gestartet
    12:39:   Gefunden Adware: altnet
    12:39:   HKCR\adm.adm.1\  (3 Teilspuren) (ID = 103441)
    12:39:   HKCR\adm.adm\  (5 Teilspuren) (ID = 103442)
    12:39:   HKCR\adm4.adm4.1\  (3 Teilspuren) (ID = 103443)
    12:39:   HKCR\adm4.adm4\  (3 Teilspuren) (ID = 103444)
    12:39:   HKCR\adm25.adm25.1\  (3 Teilspuren) (ID = 103445)
    12:39:   HKCR\adm25.adm25\  (3 Teilspuren) (ID = 103446)
    12:39:   HKCR\appid\adm.exe\  (1 Teilspuren) (ID = 103448)
    12:39:   HKCR\appid\altnet signing module.exe\  (1 Teilspuren) (ID = 103449)
    12:39:   HKCR\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\  (1 Teilspuren) (ID = 103453)
    12:39:   HKCR\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\  (1 Teilspuren) (ID = 103454)
    12:39:   HKCR\clsid\{1d3bce37-7834-4579-8169-e67681420a98}\  (12 Teilspuren) (ID = 103458)
    12:39:   HKCR\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}\  (1 Teilspuren) (ID = 103460)
    12:39:   HKCR\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\  (11 Teilspuren) (ID = 103461)
    12:39:   HKCR\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}\  (1 Teilspuren) (ID = 103462)
    12:39:   HKCR\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\  (24 Teilspuren) (ID = 103466)
    12:39:   HKCR\clsid\{def37997-d9c9-4a4b-bf3c-88f99eaceec2}\  (12 Teilspuren) (ID = 103467)
    12:39:   HKCR\clsid\{e813099d-5529-47f4-9b37-4afafcb00a43}\  (4 Teilspuren) (ID = 103468)
    12:39:   HKCR\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}\  (5 Teilspuren) (ID = 103472)
    12:39:   HKCR\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}\  (5 Teilspuren) (ID = 103474)
    12:39:   HKCR\signingmodule.signingmodule.1\  (3 Teilspuren) (ID = 103476)
    12:39:   HKCR\signingmodule.signingmodule\  (5 Teilspuren) (ID = 103478)
    12:39:   HKLM\software\altnet\  (45 Teilspuren) (ID = 103481)
    12:39:   HKLM\software\classes\adm.adm.1\  (3 Teilspuren) (ID = 103482)
    12:39:   HKLM\software\classes\adm.adm\  (5 Teilspuren) (ID = 103483)
    12:39:   HKLM\software\classes\adm4.adm4.1\  (3 Teilspuren) (ID = 103484)
    12:39:   HKLM\software\classes\adm4.adm4\  (3 Teilspuren) (ID = 103485)
    12:39:   HKLM\software\classes\adm25.adm25.1\  (3 Teilspuren) (ID = 103486)
    12:39:   HKLM\software\classes\adm25.adm25\  (3 Teilspuren) (ID = 103487)
    12:39:   HKLM\software\classes\appid\adm.exe\  (1 Teilspuren) (ID = 103488)
    12:39:   HKLM\software\classes\appid\altnet signing module.exe\  (1 Teilspuren) (ID = 103489)
    12:39:   HKLM\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\  (1 Teilspuren) (ID = 103490)
    12:39:   HKLM\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\  (1 Teilspuren) (ID = 103491)
    12:39:   HKLM\software\classes\clsid\{1d3bce37-7834-4579-8169-e67681420a98}\  (12 Teilspuren) (ID = 103492)
    12:39:   HKLM\software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\  (11 Teilspuren) (ID = 103493)
    12:39:   HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\  (23 Teilspuren) (ID = 103494)
    12:39:   HKLM\software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\  (24 Teilspuren) (ID = 103495)
    12:39:   HKLM\software\classes\signingmodule.signingmodule.1\  (3 Teilspuren) (ID = 103496)
    12:39:   HKLM\software\classes\signingmodule.signingmodule\  (5 Teilspuren) (ID = 103497)
    12:39:   HKLM\software\classes\typelib\{676f6d1d-c559-42a9-860b-27c1477b7179}\  (9 Teilspuren) (ID = 103502)
    12:39:   HKLM\software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}\  (9 Teilspuren) (ID = 103503)
    12:39:   HKLM\software\classes\typelib\{bff4f684-677e-44f4-8c74-1d575c950e10}\  (9 Teilspuren) (ID = 103504)
    12:39:   HKLM\software\microsoft\windows\currentversion\uninstall\altnetdm\  (2 Teilspuren) (ID = 103531)
    12:39:   HKCR\typelib\{676f6d1d-c559-42a9-860b-27c1477b7179}\  (9 Teilspuren) (ID = 103535)
    12:39:   HKCR\typelib\{bff4f684-677e-44f4-8c74-1d575c950e10}\  (9 Teilspuren) (ID = 103536)
    12:39:   Gefunden Adware: azsearch toolbar
    12:39:   HKCR\clsid\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb}\  (11 Teilspuren) (ID = 103892)
    12:39:   HKCR\clsid\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}\  (20 Teilspuren) (ID = 103894)
    12:39:   HKCR\clsid\{fff5092f-7172-4018-827b-fa5868fb0478}\  (11 Teilspuren) (ID = 103897)
    12:39:   HKCR\interface\{dcfab192-4a0e-4720-8e24-70d5f0cb8c39}\  (8 Teilspuren) (ID = 103898)
    12:39:   HKCR\interface\{f4394f24-163d-430b-b5af-b68b56031b99}\  (8 Teilspuren) (ID = 103899)
    12:39:   HKLM\software\classes\clsid\{a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb}\  (11 Teilspuren) (ID = 103916)
    12:39:   HKLM\software\classes\clsid\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}\  (20 Teilspuren) (ID = 103918)
    12:39:   HKLM\software\classes\clsid\{fff5092f-7172-4018-827b-fa5868fb0478}\  (11 Teilspuren) (ID = 103921)
    12:39:   HKLM\software\classes\interface\{dcfab192-4a0e-4720-8e24-70d5f0cb8c39}\  (8 Teilspuren) (ID = 103922)
    12:39:   HKLM\software\classes\interface\{f4394f24-163d-430b-b5af-b68b56031b99}\  (8 Teilspuren) (ID = 103923)
    12:39:   HKLM\software\classes\ztoolbar.activator.1\  (3 Teilspuren) (ID = 103935)
    12:39:   HKLM\software\classes\ztoolbar.activator.1\clsid\  (1 Teilspuren) (ID = 103936)
    12:39:   HKLM\software\classes\ztoolbar.activator\  (5 Teilspuren) (ID = 103937)
    12:39:   HKLM\software\classes\ztoolbar.paramwr.1\  (3 Teilspuren) (ID = 103938)
    12:39:   HKLM\software\classes\ztoolbar.paramwr\  (5 Teilspuren) (ID = 103939)
    12:39:   HKLM\software\classes\ztoolbar.stockbar.1\  (3 Teilspuren) (ID = 103940)
    12:39:   HKLM\software\classes\ztoolbar.stockbar\  (5 Teilspuren) (ID = 103941)
    12:39:   HKLM\software\microsoft\internet explorer\toolbar\ || {a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb} (ID = 103946)
    12:39:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{fff5092f-7172-4018-827b-fa5868fb0478}\ (ID = 103951)
    12:39:   HKLM\software\zsearchco\  (5 Teilspuren) (ID = 103954)
    12:39:   HKCR\ztoolbar.activator.1\  (3 Teilspuren) (ID = 103958)
    12:39:   HKCR\ztoolbar.activator\  (5 Teilspuren) (ID = 103959)
    12:39:   HKCR\ztoolbar.paramwr.1\  (3 Teilspuren) (ID = 103960)
    12:39:   HKCR\ztoolbar.paramwr\  (5 Teilspuren) (ID = 103961)
    12:39:   HKCR\ztoolbar.stockbar.1\  (3 Teilspuren) (ID = 103962)
    12:39:   HKCR\ztoolbar.stockbar\  (5 Teilspuren) (ID = 103963)
    12:39:   Gefunden Adware: coolwebsearch (cws)
    12:39:   HKLM\software\microsoft\windows\currentversion\uninstall\best search engine!!!\  (2 Teilspuren) (ID = 112487)
    12:40:   Gefunden Adware: gain - common components
    12:40:   HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\  (11 Teilspuren) (ID = 126731)
    12:40:   HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\  (11 Teilspuren) (ID = 126751)
    12:41:   Gefunden Adware: simplebar toolbar
    12:41:   HKCR\typelib\{84c94803-b5ec-4491-b2be-7b113e013b77}\  (9 Teilspuren) (ID = 141805)
    12:41:   HKLM\software\classes\typelib\{84c94803-b5ec-4491-b2be-7b113e013b77}\  (9 Teilspuren) (ID = 141808)
    12:41:   Gefunden Adware: topsearch
    12:41:   HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\  (23 Teilspuren) (ID = 143925)
    12:41:   HKLM\software\classes\topsearch.tslink\  (5 Teilspuren) (ID = 143926)
    12:41:   HKLM\software\classes\topsearch.tslink.1\  (3 Teilspuren) (ID = 143927)
    12:41:   HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\  (9 Teilspuren) (ID = 143928)
    12:41:   HKCR\topsearch.tslink\  (5 Teilspuren) (ID = 143929)
    12:41:   HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\  (9 Teilspuren) (ID = 143930)
    12:42:   HKLM\software\gator.com\  (3213 Teilspuren) (ID = 528933)
    12:42:   HKLM\software\gator.com\gator\  (3177 Teilspuren) (ID = 724411)
    12:42:   Gefunden Trojan Horse: trojan-backdoor-5sec
    12:42:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {f33812fb-f35c-4674-90f6-fd757c419c51} (ID = 725534)
    12:42:   Gefunden Adware: cram toolbar
    12:42:   HKCR\toolband.xbtb00429\  (5 Teilspuren) (ID = 826116)
    12:42:   HKCR\toolband.xbtb00429.1\  (3 Teilspuren) (ID = 826122)
    12:42:   HKCR\xbtb00429.ietoolbar\  (5 Teilspuren) (ID = 826126)
    12:42:   HKCR\xbtb00429.ietoolbar.1\  (3 Teilspuren) (ID = 826132)
    12:42:   HKCR\xbtb00429.xbtb00429\  (5 Teilspuren) (ID = 826136)
    12:42:   HKCR\xbtb00429.xbtb00429.1\  (3 Teilspuren) (ID = 826142)
    12:42:   Gefunden Adware: find.fm toolbar
    12:42:   HKCR\clsid\{01e69986-a054-4c52-abe8-ef63df1c5211}\  (14 Teilspuren) (ID = 826146)
    12:42:   HKLM\software\microsoft\internet explorer\toolbar\ || {01e69986-a054-4c52-abe8-ef63df1c5211} (ID = 826268)
    12:42:   HKLM\software\classes\toolband.xbtb00429.1\  (3 Teilspuren) (ID = 826294)
    12:42:   HKLM\software\classes\xbtb00429.ietoolbar\  (5 Teilspuren) (ID = 826298)
    12:42:   HKLM\software\classes\xbtb00429.ietoolbar.1\  (3 Teilspuren) (ID = 826304)
    12:42:   HKLM\software\classes\xbtb00429.ietoolbar.1\clsid\  (1 Teilspuren) (ID = 826306)
    12:42:   HKLM\software\classes\xbtb00429.xbtb00429\  (5 Teilspuren) (ID = 826308)
    12:42:   HKLM\software\classes\xbtb00429.xbtb00429.1\  (3 Teilspuren) (ID = 826314)
    12:42:   HKLM\software\classes\clsid\{01e69986-a054-4c52-abe8-ef63df1c5211}\  (14 Teilspuren) (ID = 826318)
    12:42:   HKLM\software\classes\toolband.xbtb00429\  (5 Teilspuren) (ID = 826350)
    12:42:   HKLM\software\microsoft\windows\currentversion\uninstall\xbtb00429.xbtb00429toolbar\  (2 Teilspuren) (ID = 826382)
    12:42:   Gefunden Trojan Horse: trojan-backdoor-nuclear grabber
    12:42:   HKLM\system\currentcontrolset\services\nuclab\  (11 Teilspuren) (ID = 893296)
    12:42:   HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\nuclabdll\  (6 Teilspuren) (ID = 893308)
    12:42:   Gefunden Trojan Horse: trojan-downloader-2pursuit
    12:42:   HKCR\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\  (5 Teilspuren) (ID = 910438)
    12:42:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513)
    12:42:   HKLM\software\classes\clsid\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}\  (5 Teilspuren) (ID = 910556)
    12:42:   Gefunden Trojan Horse: trojan-backdoor-core.psyche-evolution.com
    12:42:   HKLM\software\microsoft\windows\currentversion\run\ || windowsupdatent (ID = 971377)
    12:42:   Gefunden Adware: cydoor peer-to-peer dependency
    12:42:   HKU\WRSS_Profile_S-1-5-21-606747145-113007714-1343024091-1005\software\kazaa\promotions\cydoor\  (1634 Teilspuren) (ID = 124527)
    12:42:   Gefunden Adware: instafinder
    12:42:   HKU\WRSS_Profile_S-1-5-21-606747145-113007714-1343024091-1005\software\instafink\  (21 Teilspuren) (ID = 128666)
    12:43:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\kazaa\promotions\cydoor\  (461 Teilspuren) (ID = 124527)
    12:43:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\instafink\  (27 Teilspuren) (ID = 128666)
    12:43:   Gefunden Adware: rx toolbar
    12:43:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\rx toolbar\  (1 Teilspuren) (ID = 140298)
    12:43:   Gefunden Adware: topnetsearch hijack
    12:43:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\microsoft\internet explorer\main\ || start page (ID = 143921)
    12:44:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\xbtb00429\  (64 Teilspuren) (ID = 826185)
    12:44:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\microsoft\internet explorer\urlsearchhooks\ || {01e69986-a054-4c52-abe8-ef63df1c5211} (ID = 826347)
    12:44:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\microsoft\windows\currentversion\run\ || windowsupdatent (ID = 971354)
    12:44:   Gefunden Trojan Horse: trojan-backdoor-satellite
    12:44:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\microsoft\moviemaker\recordsettings\captureset\  (1 Teilspuren) (ID = 1021450)
    12:44:   HKU\S-1-5-21-606747145-113007714-1343024091-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {01e69986-a054-4c52-abe8-ef63df1c5211} (ID = 1022608)
    12:45: Suchvorgang in Registrierung abgeschlossen, Dauer:00:06:18
    12:45: Suchvorgang in Cookies wird gestartet
    12:45: Suchvorgang in Cookies abgeschlossen, Dauer: 00:00:01
    12:45: Suchvorgang in Dateien wird gestartet
    12:46:   c:\dokumente und einstellungen\sebastian\lokale einstellungen\temp\admcache (ID = -2147481437)
    12:46:   c:\programme\instafink (4 Teilspuren) (ID = -2147480836)
    12:46:   c:\windows\temp\altnet (18 Teilspuren) (ID = -2147481435)
    12:46:   Gefunden Adware: bullguard popup ad
    12:46:   c:\windows\temp\bullguard (1 Teilspuren) (ID = -2147476409)
    12:46:   Gefunden Adware: commonname
    12:46:   c:\windows\temp\adware (1 Teilspuren) (ID = -2147481214)
    12:46:   Gefunden Adware: gator ewallet
    12:46:   c:\programme\gator.com (1 Teilspuren) (ID = -2147480941)
    12:46:   c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing (2 Teilspuren) (ID = -2147480950)
    12:46:   c:\programme\cram toolbar (6 Teilspuren) (ID = -2147471502)
    12:48:   dmfiles.cab (ID = 49818)
    12:48:   admprog.dll (ID = 49790)
    12:48:   dminstall7.cab (ID = 49829)
    12:48:   rxtoolbar.exe (ID = 74245)
    12:50:   local_firstuse.html (ID = 49844)
    12:50:   local_points.html (ID = 49846)
    12:51:   fillin.wav (ID = 61352)
    12:59:   sysdetect.dll (ID = 49877)
    12:59:   local_redeem.html (ID = 49846)
    12:59:   local_start.html (ID = 49844)
    12:59:   local_wallet.html (ID = 49846)
    13:02:   pmexe.cab (ID = 49854)
    13:03:   pmfiles.cab (ID = 49856)
    13:04:   pminstall.cab (ID = 49857)
    13:04:   bulldownload.exe (ID = 52017)
    13:07:   gatorpdpsetup.log (ID = 61399)
    13:08:   help.xml (ID = 49830)
    13:09:   message.xml (ID = 49847)
    13:09:   dminfo3.cab (ID = 49823)
    13:09:   altnetuninstall.exe (ID = 49794)
    13:09:   asmend.exe (ID = 49802)
    13:09:   jsinstall.cab (ID = 49835)
    13:09:   altnet.css (ID = 49792)
    13:09:   dminstall7.cab (ID = 49829)
    13:09:   setup.cab (ID = 49872)
    13:11:   admdata.dll (ID = 49784)
    13:11:   admfdi.dll (ID = 49789)
    13:16:   giocl.dll (ID = 61431)
    13:16:   cmeiiapi.dll (ID = 61293)
    13:16:   gioclclient.dll (ID = 61432)
    13:16:   gappmgr.dll (ID = 61377)
    13:16:   gdwldeng.dll (ID = 61425)
    13:16:   gmtproxy.dll (ID = 61439)
    13:16:   gmt.exe (ID = 61437)
    13:17:   asmfiles.cab (ID = 49805)
    13:17:   adm4.dll (ID = 49779)
    13:17:   adm25.dll (ID = 49782)
    13:17:   admdata.dll (ID = 49784)
    13:17:   admdloader.dll (ID = 49786)
    13:17:   admfdi.dll (ID = 49789)
    13:17:   setup.exe (ID = 49875)
    13:17:   adm.exe (ID = 111765)
    13:17:   dminfo3.cab (ID = 49824)
    13:18:   nuclab.sys (ID = 193)
    13:19:   cmesys.exe (ID = 61297)
    13:22:   gmt.exe.manifest (ID = 61434)
    13:22:   egieprocess.dll (ID = 61344)
    13:22:   gatorres.dll (ID = 61405)
    13:22:   gator.log (ID = 61386)
    13:22:   appmgrgui.zip (ID = 61281)
    13:22:   egnsengine.dll (ID = 61346)
    13:22:   eggcengine.dll (ID = 61340)
    13:22:   hfixcfg (ID = 61483)
    13:22:   ztoolbar[1].xml (ID = 50365)
    13:22:   egieengine.dll (ID = 61343)
    13:23:   zsettings.dll (ID = 148640)
    13:23:   Gefunden Adware: spysheriff
    13:23:   desktop.html (ID = 178574)
    13:23:   ztoolbar[1].bmp (ID = 107200)
    13:23:   ztoolbar.xml (ID = 50365)
    13:23:   ztoolbar.bmp (ID = 107200)
    13:24:   guninstaller.exe (ID = 61468)
    13:24:   adm25.dll (ID = 49782)
    13:24:   admprog.dll (ID = 49790)
    13:25:   cmediagnostics.log (ID = 61291)
    13:25:   adm4.dll (ID = 49779)
    13:25:   admdloader.dll (ID = 49786)
    13:25:   asmps.dll (ID = 49808)
    13:25:   adm4005.exe (ID = 111765)
    13:26:   topsearch.dll (ID = 79735)
    13:26:   points manager.exe (ID = 49861)
    13:26:   gatorstubsetup.exe (ID = 61412)
    13:26:   points manager.exe.manifest (ID = 49859)
    13:27:   peer points manager.lnk (ID = 49852)
    13:27:   about gain publishing.lnk (ID = 61270)
    13:27:   skin.xml (ID = 49876)
    13:28:   mepcme.dat (ID = 61517)
    13:28:   gatorsupportinfo.txt (ID = 61414)
    13:28:   gain publishing web site.url (ID = 61372)
    13:28:   bundle.inf (ID = 61287)
    13:28:   selectdir.txt (ID = 49864)
    13:28:   selectdir1st.txt (ID = 49865)
    13:28:   Gefunden Trojan Horse: mspm-bot
    13:28:   ddr64.dll (ID = 150006)
    13:28:   latest movies.url (ID = 145675)
    13:28:   today's specials.url (ID = 131129)
    13:28:   check new antiviruses.url (ID = 145706)
    13:28:   data encryption.url (ID = 145707)
    13:28:   free virus scan.url (ID = 145708)
    13:28:   mail worms.url (ID = 145709)
    13:28:   popup blocker.url (ID = 145710)
    13:28:   protect your finances.url (ID = 145711)
    13:28:   read about new viruses.url (ID = 145712)
    13:28:   your personal firewall.url (ID = 145713)
    13:28:   breast enlargement.url (ID = 145687)
    13:28:   diet pills.url (ID = 145688)
    13:28:   euro pharmacy shops.url (ID = 145689)
    13:28:   free prescriptions shops.url (ID = 145690)
    13:28:   loof for hydrocodone.url (ID = 145691)
    13:28:   look for ambien.url (ID = 145692)
    13:28:   look for cialis.url (ID = 145693)
    13:28:   look for lexapro.url (ID = 145694)
    13:28:   look for phentermine.url (ID = 145695)
    13:28:   look for propecia.url (ID = 145696)
    13:28:   look for soma.url (ID = 145697)
    13:28:   look for tramadol.url (ID = 145698)
    13:28:   look for ultram.url (ID = 145699)
    13:28:   look for valium.url (ID = 145700)
    13:28:   look for viagra.url (ID = 145701)
    13:28:   look for wellbutrin.url (ID = 145702)
    13:28:   look for xanax.url (ID = 145703)
    13:28:   look for zyrtec.url (ID = 145704)
    13:28:   penis enlargement.url (ID = 145705)
    13:28:   best blackjack strategy.url (ID = 145659)
    13:28:   best table games.url (ID = 145660)
    13:28:   casino's tips and tricks.url (ID = 145661)
    13:28:   find online-casino for fun.url (ID = 145662)
    13:28:   free card games.url (ID = 145663)
    13:28:   free poker.url (ID = 145664)
    13:28:   horses.url (ID = 145665)
    13:28:   lotto.url (ID = 145666)
    13:28:   play texas holdem.url (ID = 145667)
    13:28:   sports betting.url (ID = 145668)
    13:28:   ultimate roulette strategy.url (ID = 145669)
    13:28:   anime sites.url (ID = 145670)
    13:28:   dating online.url (ID = 145671)
    13:28:   favourite web cams.url (ID = 145672)
    13:28:   flowers online.url (ID = 145673)
    13:28:   home business.url (ID = 145674)
    13:28:   mobile ringtones.url (ID = 145676)
    13:28:   mp3 archives.url (ID = 145677)
    13:28:   music store.url (ID = 145678)
    13:28:   my horoscope.url (ID = 145679)
    13:28:   online books market.url (ID = 145680)
    13:28:   online shopping.url (ID = 145681)
    13:28:   play online games.url (ID = 145682)
    13:28:   swingers evenings.url (ID = 145683)
    13:28:   tabloids.url (ID = 145684)
    13:28:   top rated video games.url (ID = 145685)
    13:28:   world travels.url (ID = 145686)
    13:28:   auto racing.url (ID = 145714)
    13:28:   baseball news.url (ID = 145715)
    13:28:   basketball news.url (ID = 145716)
    13:28:   billiard.url (ID = 145717)
    13:28:   foosball.url (ID = 145718)
    13:28:   football news.url (ID = 145719)
    13:28:   hockey news.url (ID = 145720)
    13:28:   make a bet.url (ID = 145721)
    13:28:   water sport.url (ID = 145722)
    13:28:   winter sport.url (ID = 145723)
    13:28:   best blowjob sites.url (ID = 145640)
    13:28:   best bondage sites.url (ID = 145641)
    13:28:   best cheerleaders sites.url (ID = 145642)
    13:28:   best domination sites.url (ID = 145643)
    13:28:   best ebony sites.url (ID = 145644)
    13:28:   best fetish sites.url (ID = 145645)
    13:28:   best gay sites.url (ID = 145646)
    13:28:   best group *** sites.url (ID = 145647)
    13:28:   best hardcore sites.url (ID = 145648)
    13:28:   best lesbian sites.url (ID = 145649)
    13:28:   best mature sites.url (ID = 145650)
    13:28:   best shemales sites.url (ID = 145651)
    13:28:   best up-skirt sites.url (ID = 145652)
    13:28:   best voyeur sites.url (ID = 145653)
    13:28:   best xxx cartoons.url (ID = 145654)
    13:28:   best xxx dvd.url (ID = 145655)
    13:28:   free hot porno!.url (ID = 145656)
    13:28:   *** webcams.url (ID = 145657)
    13:28:   virgin's ***.url (ID = 145658)
    13:28:   gstartup.lnkcommon startup (ID = 61437)
    13:28:   peer points manager.lnk (ID = 49861)
    13:28:   about gain publishing.lnk (ID = 61437)
    13:28: Suchvorgang in Dateien abgeschlossen, Dauer: 00:43:14
    13:28: Die Vollsuche wurde abgeschlossen. Abgelaufene Zeit 01:01:13
    13:28: Gefundene Spuren: 9601
    13:32: Löschvorgang eingeleitet
    13:32:   Alle Spuren werden isoliert: spysheriff
    13:32:   Alle Spuren werden isoliert: trojan-backdoor-5sec
    13:32:   Alle Spuren werden isoliert: trojan-backdoor-satellite
    13:32:   Alle Spuren werden isoliert: azsearch toolbar
    13:33:   Alle Spuren werden isoliert: commonname
    13:33:   Alle Spuren werden isoliert: coolwebsearch (cws)
    13:33:   Alle Spuren werden isoliert: cram toolbar
    13:33:   Alle Spuren werden isoliert: mspm-bot
    13:33:   Alle Spuren werden isoliert: trojan-backdoor-core.psyche-evolution.com
    13:33:   Alle Spuren werden isoliert: trojan-backdoor-nuclear grabber
    13:33:   Alle Spuren werden isoliert: trojan-downloader-2pursuit
    13:33:   Alle Spuren werden isoliert: altnet
    13:34:   altnet wird verwendet. Wird bei Neustart gelöscht.
    13:34:     peer points manager.lnk wird verwendet. Wird bei Neustart gelöscht.
    13:34:   Alle Spuren werden isoliert: bullguard popup ad
    13:34:   Alle Spuren werden isoliert: cydoor peer-to-peer dependency
    13:34:   Alle Spuren werden isoliert: find.fm toolbar
    13:34:   Alle Spuren werden isoliert: instafinder
    13:34:   Alle Spuren werden isoliert: rx toolbar
    13:34:   Alle Spuren werden isoliert: simplebar toolbar
    13:34:   Alle Spuren werden isoliert: topnetsearch hijack
    13:34:   Alle Spuren werden isoliert: topsearch
    13:34:   Alle Spuren werden isoliert: gain - common components
    13:34:   gain - common components wird verwendet. Wird bei Neustart gelöscht.
    13:34:     about gain publishing.lnk wird verwendet. Wird bei Neustart gelöscht.
    13:34:   Alle Spuren werden isoliert: gator ewallet
    13:35: Löschvorgang abgeschlossen. Abgelaufene Zeit 00:03:00
    ********
    12:20: |       Beginn der Sitzung, Dienstag, 20. Dezember 2005       |
    12:20: Spy Sweeper gestartet
    12:21: Messenger-Dienst wurde deaktiviert.
    12:21: Ihre Spyware-Definitionen wurden aktualisiert.
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt falkag cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt belnk cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt casalemedia cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***tracker cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***tracker cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***list cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***tracker cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt gator cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt sandboxer cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt sandboxer cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt 247realmedia cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt 2o7.net cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt 888 cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt 888 cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt yieldmanager cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt hbmediapro cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt fortunecity cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt adtech cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt adultfriendfinder cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt advertising cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt falkag cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt falkag cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt falkag cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt atlas dmt cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt atwola cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt belnk cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt casalemedia cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt cassava cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***tracker cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***tracker cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***tracker cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt desktop kazaa cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt belnk cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt fe.lea.lycos.com cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt touchclarity cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt fastclick cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ugo cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt paycounter cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt falkag cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt servedby advertising cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt serving-sys cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***list cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt ***tracker cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt zedo cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt reliablestats cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt tracking cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt tradedoubler cookie
    12:25: IE-Tracking Cookies-Schutzschild: Entfernt trafficmp cookie
    12:26: IE-Tracking Cookies-Schutzschild: Entfernt gator cookie
    12:26: IE-Tracking Cookies-Schutzschild: Entfernt paypopup cookie
    12:26: IE-Tracking Cookies-Schutzschild: Entfernt xiti cookie
    12:26: IE-Tracking Cookies-Schutzschild: Entfernt adserver cookie
    12:26: Standardseite (System)
    12:26: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    12:26: Search Bar (Benutzer)
    12:26: "http://home.microsoft.com/search/lobby/search.asp"
    12:26: Ihre Standardsuchseite ist jetzt:
    12:26: "http://home.microsoft.com/access/allinone.asp"
    12:26: Ihre Standardhomepage in Internet Explorer lautet jetzt:
    12:26: "file://C:\WINDOWS\blank.mht"
    12:27: |       Ende der Sitzung, Dienstag, 20. Dezember 2005       |

  2. #12
    Einsteiger
    Registriert seit
    27.11.2005
    Beiträge
    12

    AW: Spyware infect

    So hallo,
    kurz gebootet und dann PandaScan ausgeführt was folgendes Ergebnis brachte:

    Code:
    Incident                      Status                        Location                                                                                                                                                                                                                                                        
    
    Adware:adware/adsmart         Not desinfected               C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\pi.sys                                                                                                                                                                                       
    Adware:adware/p2pnetworking   Not desinfected               C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl                                                                                                                                                                                                                     
    Adware:adware/azesearch       Not desinfected               C:\WINDOWS\SYSTEM32\zlokdfs9.leo                                                                                                                                                                                                                                
    Adware:adware/cws.searchmeup  Not desinfected               C:\WINDOWS\flag.bla                                                                                                                                                                                                                                             
    Adware:adware/gator           Not desinfected               C:\WINDOWS\GatorPatch.log                                                                                                                                                                                                                                       
    Spyware:application/bestoffer Not desinfected               C:\WINDOWS\smdat32a.sys                                                                                                                                                                                                                                         
    Spyware:spyware/altnet        Not desinfected               C:\PROGRAM FILES\Altnet                                                                                                                                                                                                                                         
    Spyware:spyware/cydoor        Not desinfected               C:\WINDOWS\SYSTEM32\AdCache                                                                                                                                                                                                                                     
    Adware:adware/ist.istbar      Not desinfected               C:\Dokumente und Einstellungen\Sebastian\Favoriten\Adult Sites                                                                                                                                                                                                  
    Adware:adware/ilookup         Not desinfected               C:\Dokumente und Einstellungen\Sebastian\Favoriten\Gambling                                                                                                                                                                                                     
    Adware:adware/brilliantdigitalNot desinfected               Windows Registry                                                                                                                                                                                                                                                
    Hacktool:HackTool/OptixPatch  Not desinfected               C:\atomix\Atomix MP3 2.1 Dj Mixer\AceCrack Atomixmp3 2.1F.EXE                                                                                                                                                                                                   
    Hacktool:HackTool/OptixPatch  Not desinfected               C:\atomix\Atomix MP3 2.1 Dj Mixer\Atomixmp3_v2.1 Patch.zip[AceCrack Atomixmp3 2.1F.EXE]                                                                                                                                                                         
    Hacktool:HackTool/OptixPatch  Not desinfected               C:\atomix\Dj Mixer Atomix MP3 2.1 +.zip[AceCrack Atomixmp3 2.1F.EXE]                                                                                                                                                                                            
    Spyware:Spyware/Sparkasse     Not desinfected               C:\Dokumente und Einstellungen\Sebastian\Cookies\sebastian@sparkasse[3].txt                                                                                                                                                                                     
    Spyware:Spyware/Altnet        Not desinfected               C:\Program Files\Altnet\Download Manager\asm.exe                                                                                                                                                                                                                
    Adware:Adware/Gator           Not desinfected               C:\Programme\Gemeinsame Dateien\CMEII\GController.dll                                                                                                                                                                                                           
    Adware:Adware/Gator           Not desinfected               C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll                                                                                                                                                                                                                 
    Adware:Adware/Gator           Not desinfected               C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll                                                                                                                                                                                                                
    Adware:Adware/Gator           Not desinfected               C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll                                                                                                                                                                                                          
    Adware:Adware/Gator           Not desinfected               C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll                                                                                                                                                                                                                
    Hacktool:HackTool/OptixPatch  Not desinfected               C:\Tauscheordner\atomix\Atomix MP3 2.1 Dj Mixer\AceCrack Atomixmp3 2.1F.EXE                                                                                                                                                                                     
    Hacktool:HackTool/OptixPatch  Not desinfected               C:\Tauscheordner\atomix\Atomix MP3 2.1 Dj Mixer\Atomixmp3_v2.1 Patch.zip[AceCrack Atomixmp3 2.1F.EXE]                                                                                                                                                           
    Hacktool:HackTool/OptixPatch  Not desinfected               C:\Tauscheordner\atomix\Dj Mixer Atomix MP3 2.1 +.zip[AceCrack Atomixmp3 2.1F.EXE]                                                                                                                                                                              
    Possible Virus.               Not desinfected               C:\WINDOWS\system\svwhost.exe                                                                                                                                                                                                                                   
    Adware:Adware/P2PNetworking   Not desinfected               C:\WINDOWS\system32\P2P Networking v126.cpl
    Vielen Dank für eure Hilfe
    Sebastian
    Geändert von sebiwinckler (20.12.2005 um 14:21 Uhr)

  3. #13
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: Spyware infect

    Guten Morgen Sebiwinckler

    Code:
    => Wenn vorhanden: starte Spybot S&D, deaktiviere den "Resident
    "TeaTimer".
    (Klicke auf "Advanced mode" > "JA" > "Tools" Menu > Klick
    auf "Resident" > das Häkchen entfernen aus der "Resident "TeaTimer" (Schutz
    aller Systemeinstellungen) aKtiv." Box > exit.)
    
    => Wenn vorhanden: Ad-Watch während der Reinigungsarbeiten bitte ebenfalls abstellen!
    
    => Wenn vorhanden: Microsoft AntiSpyware ausstellen
    Öffne Microsoft AntiSpyware > Klick auf "Tools", "Settings" > klicke auf der
    linken Seite auf "Real-time Protection" [Vollzeit Schutz] > unter "Startup
    Options" ["Startup Einstellungen"] das Häkchen rausnehmen bei "Enable the
    Microsoft AntiSpyware Security Agents on startup (recommended)" ["Aktiviere
    Microsoft AntiSpyware Security Agents beim Menustart (empfohlen)"] > Unter
    "Real-time spyware threat protection" [Vollzeit-Spyware-Schutz ] das
    Häkchen rausnehmen für "Enable real-time spyware threat protection
    (recommended)" ["Sktiviere den Vollzeit Spyware Schutz (empfohlen)".]
    Klick auf "Save" [Speichern] und schliesse die Microsoft AntiSpyware.
    Rechts-Klick auf das Microsoft AntiSpyware Icon auf dem System Tray >
    wähle "Shutdown Microsoft AntiSpyware" ["Beende Microsoft AntiSpyware"].
    
    (Deaktiviere diese Programme während der Reinigungsarbeiten,
    sie verhindern die Reinigung.)
    1
    Lass HijackThis laufen -> config -> misc tools --> delete a file on reboot,
    wähle die zu löschende Datei:

    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\pi.sys
    C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
    C:\WINDOWS\SYSTEM32\zlokdfs9.leo
    C:\WINDOWS\flag.bla
    C:\WINDOWS\GatorPatch.log
    C:\WINDOWS\smdat32a.sys
    C:\Dokumente und Einstellungen\Sebastian\Favoriten\Adult Sites
    C:\Dokumente und Einstellungen\Sebastian\Favoriten\Gambling
    C:\atomix\Atomix MP3 2.1 Dj Mixer\AceCrack Atomixmp3 2.1F.EXE
    C:\atomix\Atomix MP3 2.1 Dj Mixer\Atomixmp3_v2.1 Patch.zip[AceCrack Atomixmp3 2.1F.EXE]
    C:\atomix\Dj Mixer Atomix MP3 2.1 +.zip[AceCrack Atomixmp3 2.1F.EXE]
    C:\Dokumente und Einstellungen\Sebastian\Cookies\sebastian@sparkasse[3].txt
    C:\Program Files\Altnet\Download Manager\asm.exe
    C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
    C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
    C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
    C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
    C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
    C:\Tauscheordner\atomix\Atomix MP3 2.1 Dj Mixer\AceCrack Atomixmp3 2.1F.EXE
    C:\Tauscheordner\atomix\Atomix MP3 2.1 Dj Mixer\Atomixmp3_v2.1 Patch.zip[AceCrack Atomixmp3 2.1F.EXE]
    C:\Tauscheordner\atomix\Dj Mixer Atomix MP3 2.1 +.zip[AceCrack Atomixmp3 2.1F.EXE]
    C:\WINDOWS\system\svwhost.exe
    C:\WINDOWS\system32\P2P Networking v126.cpl

    beantworte auf die Frage zum Neustart nach Eingabe der letzten Datei mit JA
    Starte deinen Rechner neu auf.

    2
    Boote in den abgesicherten Modus (Anleitung).

    3
    Lösche mit dem Windows Explorer folgende Ordner

    C:\PROGRAM FILES\Altnet
    C:\WINDOWS\SYSTEM32\AdCache
    C:\Programme\Gemeinsame Dateien\CMEII
    C:\Tauscheordner\atomix\Atomix MP3 2.1 Dj Mixer

    4
    Boote in den normalen Modus.

    5
    START > ausführen (schreib rein): cleanmgr > ok/[enter].
    Vergewissere dich, dass die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) geleert werden.
    Klicke ok.

    6
    START > ausführen (schreib rein): %temp% > ok/[enter].
    Mach das für jedes Benutzerkonto.
    Du leerst damit den/die Ordner C:\Dokumente und Einstellungen\Dein Name\Lokale Einstellungen\Temp

    7
    Lade eine kostenlose Trialversion von CounterSpy runter (Anleitung).

    Update das Programm online.
    Beende die Internet-Verbindung.
    Starte deinen Rechner neu auf in den abgesicherten Modus (Anleitung).
    Scanne deinen Rechner mit CounterSpy im abgesicherten Modus.
    Stelle das Programm so ein, dass es alles entfernt, was es findet.
    Speichere das Logfile.

    -> Poste bitte das CounterSpy Logfile. Danke.

    Das Programm hat keinen funktionierenden Uninstaller, wähle daher eines dieser beiden Programme:

    Total Installer scannt Registry und Dateisystem vor der Installation eines Programms und kann so Änderungen feststellen, die während der Installation vorgenommen werden. Bei der Deinstallation lassen sich alle Spuren eines Programms vom Rechner löschen. Sprache: multilingual, deutsch (Windows 95 / 98 / ME / NT / 2000 / XP)

    Uninstall Cleaner 1.0: Programme deinstallieren, fehlerhafte Einträge und gespeicherte Uninstall-Einträge aus der Registry entfernen. Sprache: deutsch, (Windows 98 / ME / NT / 2000 / XP) (Die dazugehörige Website bietet viel an interessanter Information rund um Netz und Sicherheit.)


    8
    Lade den EasyCleaner runter.
    (Hinweis zur weiteren Verwendung über diese Reinigung hinaus:
    nach jeder Sitzung im Netz anwenden.)


    Lass den EasyCleaner laufen
    klicke auf die einzelnen Abbildungen, dann auf 'Suche' und wenn der Scan zu ende ist auf 'Lösche'. Mach das am besten mit allen Abbildungen, auuser mit der Funktion Duplicate, um deinen Rechner von überflussigen Dateien und Registry-Einträgen zu reinigen und Spyware keine Chance zu geben auf diese Weise auf deinem System Fuss zu fassen.


    9
    Dein Betriebssystem ist veraltet: -> bitte www.windowsupdate.com besuchen, das SP2 runterladen und aufspielen, den IE updaten! Der IE muss aktuell sein, auch dann, wenn du ihn nicht verwendest. Alle Software auf einem System MUSS auf dem aktuellen Stand sein, sonst hat das System Lücken, durch die Malware eindringen kann.

    10
    Nun die Systemwiederherstellung im Wechsel deaktivieren und aktivieren, dazwischen jedes mal neu booten. Zum Schluss muss die Systemwiederherstellung aktiviert, also angestellt sein. Bitte einen neuen Systemwiederherstellungspunkt erstellen.

    11
    Lass HijackThis laufen.
    Erstelle und poste ein neues HJT Logfile.

  4. #14
    Einsteiger
    Registriert seit
    27.11.2005
    Beiträge
    12

    AW: Spyware infect

    Guten Abend,
    habe alles mit Erfolg durchgeführt, allein 8 tempfiles konnten (weil gerade in Verwendung!?) nicht gelöscht werden.
    Code:
    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\~DFD8A3.tmp 	512 	TMP-Datei 	21.12.2005 22:56:40 	A 		
    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\~DF568F.tmp 	16384 	TMP-Datei 	21.12.2005 22:56:26 	A 		
    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\~DF933E.tmp 	16384 	TMP-Datei 	21.12.2005 22:56:28 	A 		
    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\~DFD744.tmp 	16384 	TMP-Datei 	21.12.2005 22:56:40 	A 		
    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\~DFEE5A.tmp 	16384 	TMP-Datei 	21.12.2005 22:57:02 	A 		
    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\~DFA466.tmp 	32768 	TMP-Datei 	21.12.2005 22:57:36 	A 		
    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\~DFD3E0.tmp 	32768 	TMP-Datei 	21.12.2005 22:57:02 	A 		
    C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Temp\~DF70D1.tmp 	49152 	TMP-Datei 	21.12.2005 22:56:28
    hier ist der CounterSpy Logfile:

    Code:
    Spyware Scan Details
    Start Date: 21.12.2005 21:57:36
    End Date: 21.12.2005 22:34:23
    Total Time: 36 mins 47 secs 
    
    Detected spyware
    
    KaZaA P2P  more information...
    Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer.
    Status: Deleted
    
    Infected files detected
    c:\programme\kazaa\bdupd.dll
    c:\programme\kazaa\kazaa.exe
    c:\programme\kazaa\kazaa.url
    c:\programme\kazaa\kzscan.dll
    c:\programme\kazaa\magnet.exe
    c:\programme\kazaa\bgp2p\bdcore.dll
    c:\programme\kazaa\bgp2p\bdupd.dll
    c:\programme\kazaa\bgp2p\libfn.dll
    c:\programme\kazaa\bgp2p\plugins\ace.xmd
    c:\programme\kazaa\bgp2p\plugins\adsntfs.xmd
    c:\programme\kazaa\bgp2p\plugins\alz.xmd
    c:\programme\kazaa\bgp2p\plugins\arc.xmd
    c:\programme\kazaa\bgp2p\plugins\arj.xmd
    c:\programme\kazaa\bgp2p\plugins\bach.xmd
    c:\programme\kazaa\bgp2p\plugins\bzip2.xmd
    c:\programme\kazaa\bgp2p\plugins\cab.xmd
    c:\programme\kazaa\bgp2p\plugins\cevakrnl.cvd
    c:\programme\kazaa\bgp2p\plugins\cevakrnl.ivd
    c:\programme\kazaa\bgp2p\plugins\cevakrnl.rvd
    c:\programme\kazaa\bgp2p\plugins\cevakrnl.xmd
    c:\programme\kazaa\bgp2p\plugins\ceva_dll.cvd
    c:\programme\kazaa\bgp2p\plugins\ceva_emu.cvd
    c:\programme\kazaa\bgp2p\plugins\ceva_vfs.cvd
    c:\programme\kazaa\bgp2p\plugins\chm.xmd
    c:\programme\kazaa\bgp2p\plugins\cpio.xmd
    c:\programme\kazaa\bgp2p\plugins\cran.cvd
    c:\programme\kazaa\bgp2p\plugins\cran.ivd
    c:\programme\kazaa\bgp2p\plugins\cran.xmd
    c:\programme\kazaa\bgp2p\plugins\dbx.xmd
    c:\programme\kazaa\bgp2p\plugins\docfile.xmd
    c:\programme\kazaa\bgp2p\plugins\emalware.cvd
    c:\programme\kazaa\bgp2p\plugins\emalware.ivd
    c:\programme\kazaa\bgp2p\plugins\emalware.xmd
    c:\programme\kazaa\bgp2p\plugins\epoc.xmd
    c:\programme\kazaa\bgp2p\plugins\gzip.xmd
    c:\programme\kazaa\bgp2p\plugins\ha.xmd
    c:\programme\kazaa\bgp2p\plugins\hlp.xmd
    c:\programme\kazaa\bgp2p\plugins\hpe.cvd
    c:\programme\kazaa\bgp2p\plugins\hpe.xmd
    c:\programme\kazaa\bgp2p\plugins\hqx.xmd
    c:\programme\kazaa\bgp2p\plugins\html.xmd
    c:\programme\kazaa\bgp2p\plugins\imp.xmd
    c:\programme\kazaa\bgp2p\plugins\inno.xmd
    c:\programme\kazaa\bgp2p\plugins\instyler.xmd
    c:\programme\kazaa\bgp2p\plugins\iso.xmd
    c:\programme\kazaa\bgp2p\plugins\java.cvd
    c:\programme\kazaa\bgp2p\plugins\java.xmd
    c:\programme\kazaa\bgp2p\plugins\jpeg.xmd
    c:\programme\kazaa\bgp2p\plugins\lha.xmd
    c:\programme\kazaa\bgp2p\plugins\lnk.xmd
    c:\programme\kazaa\bgp2p\plugins\mbox.xmd
    c:\programme\kazaa\bgp2p\plugins\mbx.xmd
    c:\programme\kazaa\bgp2p\plugins\mdx.xmd
    c:\programme\kazaa\bgp2p\plugins\mdx_97.cvd
    c:\programme\kazaa\bgp2p\plugins\mdx_97.ivd
    c:\programme\kazaa\bgp2p\plugins\mdx_w95.cvd
    c:\programme\kazaa\bgp2p\plugins\mdx_x95.cvd
    c:\programme\kazaa\bgp2p\plugins\mdx_xf.cvd
    c:\programme\kazaa\bgp2p\plugins\mime.xmd
    c:\programme\kazaa\bgp2p\plugins\mso.xmd
    c:\programme\kazaa\bgp2p\plugins\na.cvd
    c:\programme\kazaa\bgp2p\plugins\na.xmd
    c:\programme\kazaa\bgp2p\plugins\nelf.cvd
    c:\programme\kazaa\bgp2p\plugins\nelf.xmd
    c:\programme\kazaa\bgp2p\plugins\nsis.xmd
    c:\programme\kazaa\bgp2p\plugins\objd.xmd
    c:\programme\kazaa\bgp2p\plugins\pdf.xmd
    c:\programme\kazaa\bgp2p\plugins\pst.xmd
    c:\programme\kazaa\bgp2p\plugins\rar.xmd
    c:\programme\kazaa\bgp2p\plugins\regscan.cvd
    c:\programme\kazaa\bgp2p\plugins\rpm.xmd
    c:\programme\kazaa\bgp2p\plugins\rtf.xmd
    c:\programme\kazaa\bgp2p\plugins\rup.cvd
    c:\programme\kazaa\bgp2p\plugins\rup.xmd
    c:\programme\kazaa\bgp2p\plugins\sdx.cvd
    c:\programme\kazaa\bgp2p\plugins\sdx.ivd
    c:\programme\kazaa\bgp2p\plugins\sdx.xmd
    c:\programme\kazaa\bgp2p\plugins\sfx.xmd
    c:\programme\kazaa\bgp2p\plugins\swf.xmd
    c:\programme\kazaa\bgp2p\plugins\tar.xmd
    c:\programme\kazaa\bgp2p\plugins\td0.xmd
    c:\programme\kazaa\bgp2p\plugins\thebat.xmd
    c:\programme\kazaa\bgp2p\plugins\tnef.xmd
    c:\programme\kazaa\bgp2p\plugins\unpack.cvd
    c:\programme\kazaa\bgp2p\plugins\unpack.ivd
    c:\programme\kazaa\bgp2p\plugins\unpack.xmd
    c:\programme\kazaa\bgp2p\plugins\update.txt
    c:\programme\kazaa\bgp2p\plugins\uudecode.xmd
    c:\programme\kazaa\bgp2p\plugins\ve.cvd
    c:\programme\kazaa\bgp2p\plugins\ve.ivd
    c:\programme\kazaa\bgp2p\plugins\ve.xmd
    c:\programme\kazaa\bgp2p\plugins\vedata.cvd
    c:\programme\kazaa\bgp2p\plugins\viza.xmd
    c:\programme\kazaa\bgp2p\plugins\wise.xmd
    c:\programme\kazaa\bgp2p\plugins\xishield.xmd
    c:\programme\kazaa\bgp2p\plugins\z.xmd
    c:\programme\kazaa\bgp2p\plugins\zip.xmd
    c:\programme\kazaa\bgp2p\plugins\zoo.xmd
    c:\programme\kazaa\bgp2p\plugins.htm
    c:\programme\kazaa\bgp2p\versions.dat
    c:\programme\kazaa\data\{2afaf1d5-54c4-6753-3371-b871284b3681}
    c:\programme\kazaa\data\{2def1c4c-37e9-1221-90b2-a7e0979c24e8}
    c:\programme\kazaa\data\{97944970-9140-edf2-2a6d-29444f51dba8}
    c:\programme\kazaa\data\{a5935280-fd82-9300-a815-ba68be4d04c2}
    c:\programme\kazaa\db\ctx4-051016.cab
    c:\programme\kazaa\db\data1024.dbb
    c:\programme\kazaa\db\data256.dbb
    c:\programme\kazaa\db\k7tqkgkk_tssv125.dat
    c:\programme\kazaa\db\np.tmp
    c:\programme\kazaa\db\ova4-051106.cab
    c:\programme\kazaa\db\tsi4-051103a.cab
    c:\programme\kazaa\db\tss4.cab
    c:\programme\kazaa\help\arrow.gif
    c:\programme\kazaa\help\arrow_sml.gif
    c:\programme\kazaa\help\background.gif
    c:\programme\kazaa\help\h_mykazaa.gif
    c:\programme\kazaa\help\h_mymedia.gif
    c:\programme\kazaa\help\h_myplaylists.gif
    c:\programme\kazaa\help\icon_gold_kap.gif
    c:\programme\kazaa\help\mykapsules.gif
    c:\programme\kazaa\help\mykapsules.htm
    c:\programme\kazaa\help\mykazaa.css
    c:\programme\kazaa\help\mykazaa.htm
    c:\programme\kazaa\help\mymedia.htm
    c:\programme\kazaa\help\myplaylists.htm
    c:\programme\kazaa\help\spacer.gif
    c:\programme\kazaa\my channels\bin\crazyplaygames.kcd
    c:\programme\kazaa\my channels\bin\dating.kcd
    c:\programme\kazaa\my channels\bin\emerging_artists.kcd
    c:\programme\kazaa\my channels\bin\g_spot.kcd
    c:\programme\kazaa\my channels\bin\onelove_browse.kcd
    c:\programme\kazaa\my channels\bin\ringtonechannel.kcd
    c:\programme\kazaa\my channels\bin\rshiphop.kcd
    c:\programme\kazaa\my channels\images\crazyplaygames.bmp
    c:\programme\kazaa\my channels\images\dating.bmp
    c:\programme\kazaa\my channels\images\emerging_artists.bmp
    c:\programme\kazaa\my channels\images\g_spot.bmp
    c:\programme\kazaa\my channels\images\onelove_browse.bmp
    c:\programme\kazaa\my channels\images\ringtonechannel.bmp
    c:\programme\kazaa\my channels\images\rshiphop_browse.bmp
    c:\programme\kazaa\my shared folder\50 cent - disco inferno.mp3
    c:\programme\kazaa\my shared folder\albumartsmall.jpg
    c:\programme\kazaa\my shared folder\albumart_{1497c27f-d690-4c73-9c2a-eb427b73754a}_large.jpg
    c:\programme\kazaa\my shared folder\albumart_{1497c27f-d690-4c73-9c2a-eb427b73754a}_small.jpg
    c:\programme\kazaa\my shared folder\audio - alternative rock.kpl
    c:\programme\kazaa\my shared folder\audio - barrington levy.kpl
    c:\programme\kazaa\my shared folder\audio - electronica.kpl
    c:\programme\kazaa\my shared folder\audio - fine arts militia album.kpl
    c:\programme\kazaa\my shared folder\audio - folk.kpl
    c:\programme\kazaa\my shared folder\audio - funk.kpl
    c:\programme\kazaa\my shared folder\audio - hip hop.kpl
    c:\programme\kazaa\my shared folder\audio - jazz.kpl
    c:\programme\kazaa\my shared folder\audio - pop rock.kpl
    c:\programme\kazaa\my shared folder\audio - public enemy revolverlution album.kpl
    c:\programme\kazaa\my shared folder\audio - r&b.kpl
    c:\programme\kazaa\my shared folder\audio - reggae.kpl
    c:\programme\kazaa\my shared folder\audio - the honey palace album.kpl
    c:\programme\kazaa\my shared folder\bon jovi - proud mary (live cover).mp3
    c:\programme\kazaa\my shared folder\bushido - nie ein rapper (1).mp3
    c:\programme\kazaa\my shared folder\candy shop.mp3
    c:\programme\kazaa\my shared folder\ccr - proud mary.mp3
    c:\programme\kazaa\my shared folder\college spring break orgie *** in public - beach fuckfest - *** on public beach party.mpg
    c:\programme\kazaa\my shared folder\desktop.ini
    c:\programme\kazaa\my shared folder\dont' phunk with my heart.mp3
    c:\programme\kazaa\my shared folder\download11318072684543543.dat
    c:\programme\kazaa\my shared folder\drop it like its hot.mp3
    c:\programme\kazaa\my shared folder\dvd fuck anal ***.wmv
    c:\programme\kazaa\my shared folder\folder.jpg
    c:\programme\kazaa\my shared folder\fucking huge cum facial on teen hooker.mpg.wmv
    c:\programme\kazaa\my shared folder\kazaa300_en.exe
    c:\programme\kazaa\my shared folder\paris hilton *** tape (with sound!!) (1).mpg
    c:\programme\kazaa\my shared folder\paris hilton *** tape (with sound!!).mpg
    c:\programme\kazaa\my shared folder\paris hilton *** tape.wmv
    c:\programme\kazaa\my shared folder\paris_hilton_full.wmv
    c:\programme\kazaa\my shared folder\sahra conner.mp3
    c:\programme\kazaa\my shared folder\skypesetup.exe
    c:\programme\kazaa\my shared folder\snoop dogg ft. justin timberlake - signs.wma
    c:\programme\kazaa\my shared folder\toxic.mp3
    c:\programme\kazaa\promotions\play poker now.ico
    c:\programme\kazaa\promotions\play poker now.url
    c:\programme\kazaa\promotions\your free casino chips.ico
    c:\programme\kazaa\promotions\your free casino chips.url
    c:\programme\kazaa\skins\black glass\license.txt
    c:\programme\kazaa\skins\black glass\mainbar_mykazaa.bmp
    c:\programme\kazaa\skins\black glass\mainbar_mykazaa_dis.bmp
    c:\programme\kazaa\skins\black glass\mainbar_mykazaa_over.bmp
    c:\programme\kazaa\skins\black glass\mainbar_mykazaa_sel.bmp
    c:\programme\kazaa\skins\black glass\mainbar_peer.bmp
    c:\programme\kazaa\skins\black glass\mainbar_peer_dis.bmp
    c:\programme\kazaa\skins\black glass\mainbar_peer_over.bmp
    c:\programme\kazaa\skins\black glass\mainbar_peer_sel.bmp
    c:\programme\kazaa\skins\black glass\mainbar_search.bmp
    c:\programme\kazaa\skins\black glass\mainbar_search_dis.bmp
    c:\programme\kazaa\skins\black glass\mainbar_search_over.bmp
    c:\programme\kazaa\skins\black glass\mainbar_search_sel.bmp
    c:\programme\kazaa\skins\black glass\mainbar_shop.bmp
    c:\programme\kazaa\skins\black glass\mainbar_shop_dis.bmp
    c:\programme\kazaa\skins\black glass\mainbar_shop_over.bmp
    c:\programme\kazaa\skins\black glass\mainbar_shop_sel.bmp
    c:\programme\kazaa\skins\black glass\mainbar_start.bmp
    c:\programme\kazaa\skins\black glass\mainbar_start_dis.bmp
    c:\programme\kazaa\skins\black glass\mainbar_start_over.bmp
    c:\programme\kazaa\skins\black glass\mainbar_start_sel.bmp
    c:\programme\kazaa\skins\black glass\mainbar_tell.bmp
    c:\programme\kazaa\skins\black glass\mainbar_tell_dis.bmp
    c:\programme\kazaa\skins\black glass\mainbar_tell_over.bmp
    c:\programme\kazaa\skins\black glass\mainbar_tell_sel.bmp
    c:\programme\kazaa\skins\black glass\mainbar_theatre.bmp
    c:\programme\kazaa\skins\black glass\mainbar_theatre_dis.bmp
    c:\programme\kazaa\skins\black glass\mainbar_theatre_over.bmp
    c:\programme\kazaa\skins\black glass\mainbar_theatre_sel.bmp
    c:\programme\kazaa\skins\black glass\mainbar_traffic.bmp
    c:\programme\kazaa\skins\black glass\mainbar_traffic_dis.bmp
    c:\programme\kazaa\skins\black glass\mainbar_traffic_over.bmp
    c:\programme\kazaa\skins\black glass\mainbar_traffic_sel.bmp
    c:\programme\kazaa\skins\black glass\mediabar_addtoplay.bmp
    c:\programme\kazaa\skins\black glass\mediabar_addtoplay_dis.bmp
    c:\programme\kazaa\skins\black glass\mediabar_addtoplay_over.bmp
    c:\programme\kazaa\skins\black glass\mediabar_addtoplay_sel.bmp
    c:\programme\kazaa\skins\black glass\mediabar_next.bmp
    c:\programme\kazaa\skins\black glass\mediabar_next_dis.bmp
    c:\programme\kazaa\skins\black glass\mediabar_next_over.bmp
    c:\programme\kazaa\skins\black glass\mediabar_next_sel.bmp
    c:\programme\kazaa\skins\black glass\mediabar_pause.bmp
    c:\programme\kazaa\skins\black glass\mediabar_pause_dis.bmp
    c:\programme\kazaa\skins\black glass\mediabar_pause_over.bmp
    c:\programme\kazaa\skins\black glass\mediabar_pause_sel.bmp
    c:\programme\kazaa\skins\black glass\mediabar_play.bmp
    c:\programme\kazaa\skins\black glass\mediabar_play_dis.bmp
    c:\programme\kazaa\skins\black glass\mediabar_play_over.bmp
    c:\programme\kazaa\skins\black glass\mediabar_play_sel.bmp
    c:\programme\kazaa\skins\black glass\mediabar_prev.bmp
    c:\programme\kazaa\skins\black glass\mediabar_prev_dis.bmp
    c:\programme\kazaa\skins\black glass\mediabar_prev_over.bmp
    c:\programme\kazaa\skins\black glass\mediabar_prev_sel.bmp
    c:\programme\kazaa\skins\black glass\mediabar_slider.bmp
    c:\programme\kazaa\skins\black glass\mediabar_sliderthumb.bmp
    c:\programme\kazaa\skins\black glass\mediabar_sliderthumb_over.bmp
    c:\programme\kazaa\skins\black glass\mediabar_stop.bmp
    c:\programme\kazaa\skins\black glass\mediabar_stop_dis.bmp
    c:\programme\kazaa\skins\black glass\mediabar_stop_over.bmp
    c:\programme\kazaa\skins\black glass\mediabar_stop_sel.bmp
    c:\programme\kazaa\skins\black glass\mediabar_volume.bmp
    c:\programme\kazaa\skins\black glass\mediabar_volume_dis.bmp
    c:\programme\kazaa\skins\black glass\mediabar_volume_over.bmp
    c:\programme\kazaa\skins\black glass\mediabar_volume_sel.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_delete.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_delete_dis.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_delete_over.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_delete_sel.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_folders.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_folders_dis.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_folders_over.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_folders_sel.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_moreinfo.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_moreinfo_dis.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_moreinfo_over.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_moreinfo_sel.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_share.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_share_dis.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_share_over.bmp
    c:\programme\kazaa\skins\black glass\mykazaabar_share_sel.bmp
    c:\programme\kazaa\skins\black glass\searchbar_closetabs.bmp
    c:\programme\kazaa\skins\black glass\searchbar_closetabs_dis.bmp
    c:\programme\kazaa\skins\black glass\searchbar_closetabs_over.bmp
    c:\programme\kazaa\skins\black glass\searchbar_closetabs_sel.bmp
    c:\programme\kazaa\skins\black glass\searchbar_download.bmp
    c:\programme\kazaa\skins\black glass\searchbar_download_dis.bmp
    c:\programme\kazaa\skins\black glass\searchbar_download_over.bmp
    c:\programme\kazaa\skins\black glass\searchbar_download_sel.bmp
    c:\programme\kazaa\skins\black glass\searchbar_messageuser.bmp
    c:\programme\kazaa\skins\black glass\searchbar_messageuser_dis.bmp
    c:\programme\kazaa\skins\black glass\searchbar_messageuser_over.bmp
    c:\programme\kazaa\skins\black glass\searchbar_messageuser_sel.bmp
    c:\programme\kazaa\skins\black glass\searchbar_newsearch.bmp
    c:\programme\kazaa\skins\black glass\searchbar_newsearch_dis.bmp
    c:\programme\kazaa\skins\black glass\searchbar_newsearch_over.bmp
    c:\programme\kazaa\skins\black glass\searchbar_newsearch_sel.bmp
    c:\programme\kazaa\skins\black glass\searchbar_searchuser.bmp
    c:\programme\kazaa\skins\black glass\searchbar_searchuser_dis.bmp
    c:\programme\kazaa\skins\black glass\searchbar_searchuser_over.bmp
    c:\programme\kazaa\skins\black glass\searchbar_searchuser_sel.bmp
    c:\programme\kazaa\skins\black glass\searchbar_showsearch.bmp
    c:\programme\kazaa\skins\black glass\searchbar_showsearch_dis.bmp
    c:\programme\kazaa\skins\black glass\searchbar_showsearch_over.bmp
    c:\programme\kazaa\skins\black glass\searchbar_showsearch_sel.bmp
    c:\programme\kazaa\skins\black glass\skin.xml
    c:\programme\kazaa\skins\black glass\startbar_back.bmp
    c:\programme\kazaa\skins\black glass\startbar_back_dis.bmp
    c:\programme\kazaa\skins\black glass\startbar_back_over.bmp
    c:\programme\kazaa\skins\black glass\startbar_back_sel.bmp
    c:\programme\kazaa\skins\black glass\startbar_fwd.bmp
    c:\programme\kazaa\skins\black glass\startbar_fwd_dis.bmp
    c:\programme\kazaa\skins\black glass\startbar_fwd_over.bmp
    c:\programme\kazaa\skins\black glass\startbar_fwd_sel.bmp
    c:\programme\kazaa\skins\black glass\startbar_home.bmp
    c:\programme\kazaa\skins\black glass\startbar_home_dis.bmp
    c:\programme\kazaa\skins\black glass\startbar_home_over.bmp
    c:\programme\kazaa\skins\black glass\startbar_home_sel.bmp
    c:\programme\kazaa\skins\black glass\startbar_refresh.bmp
    c:\programme\kazaa\skins\black glass\startbar_refresh_dis.bmp
    c:\programme\kazaa\skins\black glass\startbar_refresh_over.bmp
    c:\programme\kazaa\skins\black glass\startbar_refresh_sel.bmp
    c:\programme\kazaa\skins\black glass\startbar_stop.bmp
    c:\programme\kazaa\skins\black glass\startbar_stop_dis.bmp
    c:\programme\kazaa\skins\black glass\startbar_stop_over.bmp
    c:\programme\kazaa\skins\black glass\startbar_stop_sel.bmp
    c:\programme\kazaa\skins\black glass\theatrebar_fullscreen.bmp
    c:\programme\kazaa\skins\black glass\theatrebar_fullscreen_dis.bmp
    c:\programme\kazaa\skins\black glass\theatrebar_fullscreen_over.bmp
    c:\programme\kazaa\skins\black glass\theatrebar_fullscreen_sel.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_cancel.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_cancel_dis.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_cancel_over.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_cancel_sel.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_pause.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_pause_dis.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_pause_over.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_pause_sel.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_resume.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_resume_dis.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_resume_over.bmp
    c:\programme\kazaa\skins\black glass\trafficbar_resume_sel.bmp
    c:\programme\kazaa\skins\black glass\windowbar_close.bmp
    c:\programme\kazaa\skins\black glass\windowbar_close_dis.bmp
    c:\programme\kazaa\skins\black glass\windowbar_close_over.bmp
    c:\programme\kazaa\skins\black glass\windowbar_close_sel.bmp
    c:\programme\kazaa\skins\black glass\windowbar_maximise.bmp
    c:\programme\kazaa\skins\black glass\windowbar_maximise_dis.bmp
    c:\programme\kazaa\skins\black glass\windowbar_maximise_over.bmp
    c:\programme\kazaa\skins\black glass\windowbar_maximise_sel.bmp
    c:\programme\kazaa\skins\black glass\windowbar_minimise.bmp
    c:\programme\kazaa\skins\black glass\windowbar_minimise_dis.bmp
    c:\programme\kazaa\skins\black glass\windowbar_minimise_over.bmp
    c:\programme\kazaa\skins\black glass\windowbar_minimise_sel.bmp
    c:\programme\kazaa\skins\black glass\windowbar_restore.bmp
    c:\programme\kazaa\skins\black glass\windowbar_restore_dis.bmp
    c:\programme\kazaa\skins\black glass\windowbar_restore_over.bmp
    c:\programme\kazaa\skins\black glass\windowbar_restore_sel.bmp
    c:\programme\kazaa\skins\black glass\window_btm.bmp
    c:\programme\kazaa\skins\black glass\window_btmleft.bmp
    c:\programme\kazaa\skins\black glass\window_btmright.bmp
    c:\programme\kazaa\skins\black glass\window_left.bmp
    c:\programme\kazaa\skins\black glass\window_right.bmp
    c:\programme\kazaa\skins\black glass\window_top.bmp
    c:\programme\kazaa\skins\black glass\window_topleft.bmp
    c:\programme\kazaa\skins\black glass\window_topright.bmp
    
    Infected registry entries detected
    HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} 
    HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
    HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both
    HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer
    HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} 
    HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\LocalServer32 C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\ProgID JCDE_Stack.1
    HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\VersionIndependentProgID JCDE_Stack
    HKEY_LOCAL_MACHINE\software\classes\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} P2P Stack for Joltid Content Distribution Environment
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa 
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:kzhash 0
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type urn:topsearch 0
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa\Type http 0
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Kazaa Media Desktop
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa kt 0
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa Description Download files using Kazaa Media Desktop
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa ShellExecute "C:\Programme\Kazaa\kazaa.exe" /url "%URL"
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeApplication Kazaa
    HKEY_LOCAL_MACHINE\software\magnet\handlers\kazaa DdeTopic URL
    HKEY_LOCAL_MACHINE\software\classes\jcde_stack 
    HKEY_LOCAL_MACHINE\software\classes\jcde_stack\CLSID {CC7A6223-3759-4075-8CEA-971F5CFC0ED2}
    HKEY_LOCAL_MACHINE\software\classes\jcde_stack\CurVer JCDE_Stack.1
    HKEY_LOCAL_MACHINE\software\classes\jcde_stack P2P Stack for Joltid Content Distribution Environment
    HKEY_LOCAL_MACHINE\software\sharman networks ltd 
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking 
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache 
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0
    HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} 
    HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\LocalServer32 C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\ProgID JCDE_Stack.1
    HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2}\VersionIndependentProgID JCDE_Stack
    HKEY_CLASSES_ROOT\clsid\{cc7a6223-3759-4075-8cea-971f5cfc0ed2} P2P Stack for Joltid Content Distribution Environment
    HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} 
    HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
    HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}\InProcServer32 ThreadingModel Both
    HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0} PSFactoryBuffer
    HKEY_LOCAL_MACHINE\software\p2p networking 
    HKEY_LOCAL_MACHINE\software\p2p networking\Clients 
    HKEY_LOCAL_MACHINE\software\p2p networking\Clients ASM 1
    HKEY_LOCAL_MACHINE\software\p2p networking\Clients Kazaa 1
    HKEY_LOCAL_MACHINE\software\p2p networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1
    HKEY_LOCAL_MACHINE\software\p2p networking\Clients Peer Points Manager 1
    HKEY_LOCAL_MACHINE\software\p2p networking\Clients Altnet TopSearch 1
    HKEY_LOCAL_MACHINE\software\p2p networking\Clients Kazaa Media Desktop 1
    HKEY_LOCAL_MACHINE\software\p2p networking\Clients Bullguard Updater 1
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl
    HKEY_LOCAL_MACHINE\software\p2p networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    
    
    Altnet P2P Networking Adware  more information...
    Details: P2P Networking is a component that enables other applications to use adware based Peer-to-Peer functionality.
    Status: Deleted
    
    Infected files detected
    c:\windows\system32\p2p networking\p2p networking.eng
    c:\windows\system32\p2p networking\cache\database\file-10000-0x0b8af91255458847b2abbb20049bc17f.sig
    c:\windows\system32\p2p networking\cache\database\file-10000-0x24cd4ad0e749ed490a1a941ed48e8d73.sig
    c:\windows\system32\p2p networking\cache\database\file-10000-0x6d5c35d9fccb38b9613209f11a5d86ae.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-100.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1015212898.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1124858112.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1188864950.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1261764941.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-138959604.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1442347460.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1517263426.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1522176057.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1596992954-1.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1756686595-1.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1810728-1.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1814237188.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-1845361121.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-2003654240.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-2400483514.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-2495497997.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-256424881-1.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-2748166104.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-278503073.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-2963917903.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-2970486638.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-2993522414.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-3028732693.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-3134944623.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-324103014.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-3529278551.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-3590943219.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-3622943342.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-382518680.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-3888146315.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-4057327418.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-4172034805.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-501199047.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-633118051.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-656269983.sig
    c:\windows\system32\p2p networking\cache\database\file-10001-836436275.sig
    c:\windows\system32\p2p networking\cache\database\file-1005-1010079.sig
    c:\windows\system32\p2p networking\cache\database\file-5001-4208336456.sig
    c:\windows\system32\p2p networking\cache\database\index256.dbb
    
    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs 
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks 
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} 
    HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\NumMethods 17
    HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
    HKEY_LOCAL_MACHINE\software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0} JCDE_ISystem
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74} 2 %SystemRoot%\System32\P2P Networking v126.cpl 
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files 
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking 
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients 
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients ASM 1
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Kazaa 1
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients P2PGUI_9639EF0C-2178-4d8f-BD67-21F0103EFE45 1
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Peer Points Manager 1
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Altnet TopSearch 1
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Kazaa Media Desktop 1
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Clients Bullguard Updater 1
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking C:\WINDOWS\System32\P2P Networking
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\WINDOWS\System32\P2P Networking\Cache C:\WINDOWS\System32\P2P Networking\Cache
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Dirs C:\Documents And Settings C:\Documents And Settings
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.eng C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking v126.cpl C:\WINDOWS\System32\P2P Networking v126.cpl
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\Files C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ActiveX File C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks Marshal file C:\WINDOWS\System32\P2P Networking\MARSHAL.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks ENG Language File C:\WINDOWS\System32\P2P Networking\P2P Networking.eng
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks CPL file C:\WINDOWS\System32\P2P Networking v126.cpl
    HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking\Installation History\P2P Chunks P2P Networking file C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    
    
    Cydoor Adware  more information...
    Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer.
    Status: Deleted
    
    Infected files detected
    c:\windows\system32\adcache\thumbs.db
    
    
    Twain Tech Adware  more information...
    Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
    Status: Ignored
    
    Infected files detected
    c:\windows\smdat32m.sys
    
    
    CoolWebSearch.MWSearch Spyware  more information...
    Details: MWSearch adds a search toolbar to Internet Explorer and hijacks the default search page.
    Status: Deleted
    
    Infected files detected
    c:\windows\efefdfddfsdh.tmp
    
    Infected registry entries detected
    HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} 
    HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib {84C94803-B5EC-4491-B2BE-7B113E013B77}
    HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib Version 1.0
    HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} IStockBar
    
    
    Trojan.vxgame Trojan  more information...
    Status: Deleted
    
    Infected files detected
    c:\windows\system32\vx.tll
    c:\windows\system32\zlbw.dll
    c:\windows\system32\svcp.csv
    c:\windows\system32\winsub.xml
    
    
    Cydoor.TOPicks Adware  more information...
    Details: TOPicks is adware implemented as an Internet Explorer toolbar. TOPicks shows targeted links to sponsored sites.
    Status: Deleted
    
    Infected registry entries detected
    HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} 
    HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\NumMethods 6
    HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
    HKEY_LOCAL_MACHINE\software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099} JCDE_IChannel
    HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} 
    HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\NumMethods 3
    HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
    HKEY_LOCAL_MACHINE\software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd} JCDE_IEventSink_Channel
    HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} 
    HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\NumMethods 7
    HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
    HKEY_LOCAL_MACHINE\software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662} JCDE_IMessageHandler
    HKEY_LOCAL_MACHINE\software\classes\interface\{258a3625-183b-4477-aee2-ea54df6d878d} 
    HKEY_LOCAL_MACHINE\software\classes\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
    HKEY_LOCAL_MACHINE\software\classes\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
    HKEY_LOCAL_MACHINE\software\classes\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\TypeLib {676F6D1D-C559-42A9-860B-27C1477B7179}
    HKEY_LOCAL_MACHINE\software\classes\interface\{258a3625-183b-4477-aee2-ea54df6d878d}\TypeLib Version 1.0
    HKEY_LOCAL_MACHINE\software\classes\interface\{258a3625-183b-4477-aee2-ea54df6d878d} IDMan25
    HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} 
    HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\NumMethods 24
    HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
    HKEY_LOCAL_MACHINE\software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405} JCDE_IFile
    HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} 
    HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\NumMethods 4
    HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}\ProxyStubClsid32 {C91E8926-D4BE-4685-99F4-0D996B96BAC0}
    HKEY_LOCAL_MACHINE\software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e} JCDE_IEventSink_File
    
    
    Adw.Need2Find.Toolbar Toolbar  more information...
    Details: Adw.Need2Find.Toolbar is an IE plugin with its own Search Field.
    Status: Deleted
    
    Infected registry entries detected
    HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 
    HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046}
    HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.32590)
    
    
    Srv.Atomic-KeyLogger Surveillance  more information...
    Details: Srv.Atomic-KeyLogger is a program used to steal information from the infected machine.
    Status: Deleted
    
    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB NextInstance 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 DeviceDesc NOD AV service
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 Class LegacyDriver
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 ConfigFlags 0
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 Legacy 1
    Und hier der Hijack logfile:
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 23:42:54, on 21.12.2005
    Platform: Windows XP  (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Programme\ICQLite\ICQLite.exe
    C:\Programme\WinBar\WinBar.exe
    C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
    C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServAlert.exe
    C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    C:\Programme\HijackThis\HijackThis.exe\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: WinBar.lnk = C:\Programme\WinBar\WinBar.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133095254150
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135202820385
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    Vielen Dank und gn8

    Sebastian

  5. #15
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: Spyware infect

    Hallo und guten Morgen Sebiwinckler

    leere bitte den Quarantäne oder Backup-Ordner von Counterspy und wiederhole den Scan mit Counterspy, update das Programm zuvor online. Zeige uns wieder die Ergebnisse.

    Lass den EasyCleaner in abgesicherten Modus laufen und entferne nun wieder alles bis auf die Duplikate mit dem Reinigungsprogramm.

    Poste das neue Counterspy Logfile.

  6. #16
    Einsteiger
    Registriert seit
    27.11.2005
    Beiträge
    12

    AW: Spyware infect

    Moin moin,
    habe alles durchgeführt:

    Code:
    Spyware Scan Details
    Start Date: 22.12.2005 09:52:17
    End Date: 22.12.2005 10:22:01
    Total Time: 29 mins 44 secs 
    
    Detected spyware
    
    KaZaA P2P  more information...
    Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer.
    Status: Deleted
    
    Infected files detected
    c:\dokumente und einstellungen\sebastian\anwendungsdaten\microsoft\internet explorer\quick launch\launch kazaa.lnk
    
    Infected registry entries detected
    HKEY_CURRENT_USER\Software\Kazaa\Advanced 
    HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 1
    HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed
    HKEY_CURRENT_USER\Software\Kazaa\Advanced ScWeeklyDate 12-11-2005
    HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 50
    HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 0
    HKEY_CURRENT_USER\software\kazaa 
    HKEY_CURRENT_USER\software\kazaa\Advanced ScanFolder 1
    HKEY_CURRENT_USER\software\kazaa\Advanced Status Installed
    HKEY_CURRENT_USER\software\kazaa\Advanced ScWeeklyDate 12-11-2005
    HKEY_CURRENT_USER\software\kazaa\Advanced MaxSearchResult 50
    HKEY_CURRENT_USER\software\kazaa\Advanced SuperNode 0
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES ChannelFile crazyplaygames.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES ChannelType BROWSE
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES DisplayName Crazy Play Games
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES IconFile crazyplaygames.bmp
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES IconPath /us/crazyplaygames/
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES IconServer ssm.kazaa.com
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES Position 0
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES Source Crazy Play
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES SsmUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES TargetUrl http://ssm.kazaa.com/us/crazyplaygames/index.htm
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\CRAZYPLAYGAMES Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING ChannelType SEARCH
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING Source Matchnet
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING DisplayName Love and Dating
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING SsmUrl http://static.matchnet.com/misc/kazaa/search2.html
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING TargetUrl http://www.americansingles.com/default.asp
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING ChannelFile dating.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING IconServer 
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING IconPath 
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING IconFile 
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING Position 3
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE ChannelType BROWSE
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE Source Matchnet
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE DisplayName Love and Dating
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE SsmUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE TargetUrl http://static.matchnet.com/misc/kazaa/splash.html
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE ChannelFile dating.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE IconServer static.matchnet.com
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE IconPath /misc/kazaa/images/
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE IconFile dating.bmp
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE Position 1
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\DATING_BROWSE Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE ChannelType BROWSE
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE Source Altnet
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE DisplayName Emerging Artists
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE SsmUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE TargetUrl http://www.altnet.com/channels/emerging_artists/index.htm
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE ChannelFile emerging_artists.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE IconServer www.altnet.com
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE IconPath /channels/emerging_artists/
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE IconFile emerging_artists.bmp
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE Position 2
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\EMERGING_ARTISTS_BROWSE Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE ChannelType BROWSE
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE Source Altnet
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE DisplayName G-Spot
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE SsmUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE TargetUrl http://www.altnet.com/channels/g-spot/index.htm
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE ChannelFile g_spot.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE IconServer www.altnet.com
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE IconPath /channels/g-spot/
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE IconFile g_spot.bmp
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE Position 3
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\G_SPOT_BROWSE Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE ChannelType BROWSE
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE Source Altnet
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE DisplayName One Love
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE SsmUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE TargetUrl http://www.altnet.com/channels/onelove/onelove.htm
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE ChannelFile onelove_browse.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE IconServer www.altnet.com
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE IconPath /channels/onelove/
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE IconFile onelove_browse.bmp
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE Position 4
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\ONELOVE_BROWSE Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P ChannelType SEARCH
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P Source Sharman Networks
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P DisplayName P2P Search
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P SsmUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P TargetUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P ChannelFile 
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P IconServer 
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P IconPath 
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P IconFile 
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P Mandatory 1
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P Position 0
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\P2P Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE ChannelType BROWSE
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE Source Ringtone Channel
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE DisplayName Ringtone Channel
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE SsmUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE TargetUrl http://www.ringtonechannel.com
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE ChannelFile ringtonechannel.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE IconServer www.ringtonechannel.com
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE IconPath /images/
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE IconFile ringtonechannel.bmp
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE Position 5
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_BROWSE Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH ChannelType SEARCH
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH Source Ringtone Channel
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH DisplayName Ringtone Channel
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH SsmUrl http://www.ringtonechannel.com/kmd/search.php
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH TargetUrl http://www.ringtonechannel.com/kmd/search_type.php
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH ChannelFile ringtonechannel.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH IconServer 
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH IconPath 
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH IconFile 
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH Position 4
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RINGTONECHANNEL_SEARCH Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE ChannelType BROWSE
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE Source Altnet
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE DisplayName Hip Hop
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE SsmUrl 
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE TargetUrl http://www.altnet.com/channels/hiphop/hiphop.htm
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE ChannelFile rshiphop.kcd
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE IconServer www.altnet.com
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE IconPath /channels/hiphop/
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE IconFile rshiphop_browse.bmp
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE Mandatory 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE Position 6
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\RSHIPHOP_BROWSE Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE ChannelFile 
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE ChannelType SEARCH
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE DisplayName Skype Contacts
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE IconFile 
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE IconPath 
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE IconServer 
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE Mandatory 1
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE Position 1
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE Source Sharman Networks
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE SsmUrl http://www.skype.com
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE TargetUrl http://www.skype.com
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\Channels\SKYPE Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH ChannelType SEARCH
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH Source Sharman Networks
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH DisplayName Web Search
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH SsmUrl http://ssm.kazaa.com/us/websearch/search.htm
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH TargetUrl http://search.kazaa.com/us/search.php
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH ChannelFile 
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH IconServer 
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH IconPath 
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH IconFile 
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH Mandatory 1
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH Visible 1
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH Position 2
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH NotAdded 0
    HKEY_CURRENT_USER\software\kazaa\Channels\WEBSEARCH Uninstalled 0
    HKEY_CURRENT_USER\software\kazaa\DontShow CancelUpload 0
    HKEY_CURRENT_USER\software\kazaa\DontShow CloseToSystray 1
    HKEY_CURRENT_USER\software\kazaa\DontShow CancelDownload 0
    HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoreAll 1
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 0 235
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 1 160
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 2 80
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 3 50
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 4 50
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 5 70
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 6 72
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 7 82
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 8 60
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 9 64
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 10 76
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 11 76
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 12 64
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 13 50
    HKEY_CURRENT_USER\software\kazaa\Kazaa\AudioWidth 14 180
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 0 181
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 1 107
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 2 54
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 3 79
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 4 54
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 5 100
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 6 108
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 7 101
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Download Width 8 108
    HKEY_CURRENT_USER\software\kazaa\Kazaa\MyKazaaStates My Media 1
    HKEY_CURRENT_USER\software\kazaa\Kazaa\MyKazaaStates My Kapsules 0
    HKEY_CURRENT_USER\software\kazaa\Kazaa\MyKazaaStates My Playlists 1
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Settings WindowPos 0,3,-1,-1,-1,-1,0,0,1024,715
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Settings SACol1 75
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Settings SACol2 50
    HKEY_CURRENT_USER\software\kazaa\Kazaa\Settings SACol3 125
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 0 355
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 1 108
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 2 80
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 3 50
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 4 50
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 5 70
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 6 72
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 7 82
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 8 60
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 9 64
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 10 76
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 11 76
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 12 180
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 13 64
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 14 50
    HKEY_CURRENT_USER\software\kazaa\Kazaa\VideoWidth 15 64
    HKEY_CURRENT_USER\software\kazaa\LocalContent ChannelsDir C:\Programme\Kazaa\My Channels
    HKEY_CURRENT_USER\software\kazaa\LocalContent SearchAgents C:\Programme\Kazaa\My Search Agents
    HKEY_CURRENT_USER\software\kazaa\LocalContent DisableListFiles 0
    HKEY_CURRENT_USER\software\kazaa\LocalContent Dir0 012345:c:\neuer ordner
    HKEY_CURRENT_USER\software\kazaa\LocalContent DisableSharing 1
    HKEY_CURRENT_USER\software\kazaa\ResultsFilter firewall_filter 1
    HKEY_CURRENT_USER\software\kazaa\ResultsFilter adult_filter_level 1
    HKEY_CURRENT_USER\software\kazaa\ResultsFilter virus_filter 0
    HKEY_CURRENT_USER\software\kazaa\ResultsFilter bogus_filter 1
    HKEY_CURRENT_USER\software\kazaa\Search 0 Jƒz¼i‚ýv^S—̺
    HKEY_CURRENT_USER\software\kazaa\Search 1 oyº
    HKEY_CURRENT_USER\software\kazaa\Search 2 hy¶
    HKEY_CURRENT_USER\software\kazaa\Search 3 Wl¶,¤ývTOÙþ«d
    HKEY_CURRENT_USER\software\kazaa\Search 4 NmÿeÔÿ"OI˜Ù
    HKEY_CURRENT_USER\software\kazaa\Search 5 Nmÿe‡ñ]vS@?
    HKEY_CURRENT_USER\software\kazaa\Search 6 Sf¶
    HKEY_CURRENT_USER\software\kazaa\Search 7 Cm¼,…úgIO–
    HKEY_CURRENT_USER\software\kazaa\Search 8 I{ÿe‚´/cKQœß
    HKEY_CURRENT_USER\software\kazaa\Search 9 ty±
    HKEY_CURRENT_USER\software\kazaa\Search 10 Cq¯]e˜´kPD
    HKEY_CURRENT_USER\software\kazaa\Search 11 t$±uÌÇmK
    HKEY_CURRENT_USER\software\kazaa\Search 12 Dp»,¿ür
    HKEY_CURRENT_USER\software\kazaa\Search 13 }l°]xƒ´gIN
    HKEY_CURRENT_USER\software\kazaa\Search 14 Wk±
    HKEY_CURRENT_USER\software\kazaa\Search 15 Wqª,¡õ{
    HKEY_CURRENT_USER\software\kazaa\Settings AutoUpdateSkype 0
    HKEY_CURRENT_USER\software\kazaa\Settings +
    HKEY_CURRENT_USER\software\kazaa\Settings Date 5-12-2005
    HKEY_CURRENT_USER\software\kazaa\Settings UseCount 0
    HKEY_CURRENT_USER\software\kazaa\Settings UserId 4856330827569773955
    HKEY_CURRENT_USER\software\kazaa\SOCKS Enabled 0
    HKEY_CURRENT_USER\software\kazaa\Transfer +
    HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 1
    HKEY_CURRENT_USER\software\kazaa\Transfer CacheHost 0
    HKEY_CURRENT_USER\software\kazaa\Transfer CachePort 0
    HKEY_CURRENT_USER\software\kazaa\Transfer CacheDiscoveryTime 1131805103
    HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0 C:\Programme\Kazaa\My Shared Folder
    HKEY_CURRENT_USER\software\kazaa\Transfer UploadBandwidth 0
    HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentDownloads 3
    HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentUploads 0
    HKEY_CURRENT_USER\software\kazaa\UserDetails AutoConnected 1
    HKEY_CURRENT_USER\software\kazaa\UserDetails +
    HKEY_CURRENT_USER\software\kazaa\UserDetails FirstRunDlg 1
    HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode US
    HKEY_CURRENT_USER\software\kazaa\UserDetails UserName anonymous_user
    HKEY_CURRENT_USER\software\kazaa Tmp 0
    HKEY_CURRENT_USER\software\kazaa LastSearchHash 
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking 
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache 
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0
    HKEY_CURRENT_USER\software\p2p networking 
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10 Image 
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel10001 Image 
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel1005 Image 
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Channels\Channel5001 Image 
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth SlotLength 55262
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In0 30
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth In1 16
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out0 12
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Bandwidth Out1 10
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall UdpInHistory 0
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpInHistory 0
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime HistoryStart 1132416073
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection\Uptime History .... .... .................. ..... ...... ...... .
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\Connection Address 172.178.81.95:18693
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager CacheSize 0
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager AutoBandwith 1
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\FileManager BandwidthLimit 0
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1133010328
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NodeID 2054381227
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent NetworkConfig 
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent LastEligibilityUpdateTime 1132933552
    HKEY_CURRENT_USER\software\p2p networking\JcdeAgent DLStats 
    
    
    Twain Tech Adware  more information...
    Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user’s browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
    Status: Deleted
    
    Infected files detected
    c:\windows\smdat32m.sys
    
    
    CoolWebSearch.MWSearch Spyware  more information...
    Details: MWSearch adds a search toolbar to Internet Explorer and hijacks the default search page.
    Status: Deleted
    
    Infected files detected
    c:\dokumente und einstellungen\sebastian\favoriten\adult sites\
    
    
    Desktop Links Adware  more information...
    Status: Deleted
    
    Infected files detected
    c:\dokumente und einstellungen\sebastian\favoriten\leisure\
    
    
    Altnet P2P Networking Adware  more information...
    Details: P2P Networking is a component that enables other applications to use adware based Peer-to-Peer functionality.
    Status: Deleted
    
    Infected registry entries detected
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 55262
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 30
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 16
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 12
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 10
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1132416073
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History .... .... .................. ..... ...... ...... .
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 172.178.81.95:18693
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 55262
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 30
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 16
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 12
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 10
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager\Downloads 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10001 Image 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel1005 Image 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel5001 Image 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth SlotLength 55262
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In0 30
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth In1 16
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out0 12
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Bandwidth Out1 10
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall UdpInHistory 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpInHistory 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Firewall TcpOutHistory -1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1132416073
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History .... .... .................. ..... ...... ...... .
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection Address 172.178.81.95:18693
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1133010328
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NodeID 2054381227
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent NetworkConfig 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent LastEligibilityUpdateTime 1132933552
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent DLStats 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheDir C:\WINDOWS\System32\P2P Networking\Cache\
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager DatabaseDir C:\WINDOWS\System32\P2P Networking\Cache\Database\
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager CacheSize 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager NoBandwidthLimitWhenIdle 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager AutoBandwith 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\FileManager BandwidthLimit 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime HistoryStart 1132416073
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Connection\Uptime History .... .... .................. ..... ...... ...... .
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\Channels\Channel10 Image 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI 
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ShowIcon 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI MainExe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI DebugLevel 0
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI TimerInterval 2000
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateInterval 14400
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI ReqVersionUpdateInterval 14400
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateTimeSpent 1133010328
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI AutoStart 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI UpdateNotify 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI EnableHistory 1
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepHistorySeconds 604800
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepClientsMax 10
    HKEY_CURRENT_USER\Software\P2P Networking\JcdeAgent\P2PNetworkingGUI KeepDownloadsMax 20
    
    
    Trojan.Desktophijack Trojan  more information...
    Details: Trojan.Desktophijack modifies the home page and desktop settings on a compromised computer.
    Status: Deleted
    
    Infected registry entries detected
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ForceActiveDesktopOn 1
    
    
    Srv.Atomic-KeyLogger Surveillance  more information...
    Details: Srv.Atomic-KeyLogger is a program used to steal information from the infected machine.
    Status: Deleted
    
    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB NextInstance 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 DeviceDesc NOD AV service
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 Class LegacyDriver
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 ConfigFlags 0
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 Legacy 1
    
    
    Mediaplex.com Cookie  more information...
    Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies.
    Status: Deleted
    
    Infected cookies detected
    c:\dokumente und einstellungen\sebastian\cookies\sebastian@mediaplex[1].txt
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:39:45, on 22.12.2005
    Platform: Windows XP  (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Programme\mozilla.org\Mozilla\mozilla.exe
    C:\Programme\ICQLite\ICQLite.exe
    C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Programme\WinBar\WinBar.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programme\HijackThis\HijackThis.exe\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: XBTB00429 - {3FDE0CB5-619F-4227-8961-F2D7ED15B88E} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: WinBar.lnk = C:\Programme\WinBar\WinBar.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133095254150
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135202820385
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    Grüße
    Sebastian

  7. #17
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: Spyware infect

    Hallo Sebiwinckler

    damit machen wir nun weiter, bis Counterspy keine Malware mehr auf deinem Rechner findet. Das heisst, du musst nun wieder den Quarantäne/Backup-Ordner von Counterspy leeren, dann scannst du deinen Rechner wieder und zeigst uns wieder das Ergebnis. Vorläufig kein HJT-Log, erst muss die Malware von deinem System.

    Lass den EasyCleaner im abgesicherten Modus scannen, alle Abbildungen (ausser Duplikate) anklicken, auf "Suche" klicken, dann wenn der Scan zu ende ist auf "Lösche".

    Dann die Systemwiederherstellung im Wechsel deaktivieren und aktivieren, dazwischen jedes mal neu booten. Zum Schluss muss die Systemwiederherstellung aktiviert, also angestellt sein.

    Neues Counterspy-Log bitte.

  8. #18
    Einsteiger
    Registriert seit
    27.11.2005
    Beiträge
    12

    AW: Spyware infect

    Code:
    Spyware Scan Details
    Start Date: 23.12.2005 12:54:35
    End Date: 23.12.2005 13:28:19
    Total Time: 33 mins 44 secs 
    
    Detected spyware
    
    Srv.Atomic-KeyLogger Surveillance  more information...
    Details: Srv.Atomic-KeyLogger is a program used to steal information from the infected machine.
    Status: Deleted
    
    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB NextInstance 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 DeviceDesc NOD AV service
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 Class LegacyDriver
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 ConfigFlags 0
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 Legacy 1
    
    
    ATDMT.com Cookie  more information...
    Status: Deleted
    
    Infected cookies detected
    c:\dokumente und einstellungen\sebastian\cookies\sebastian@atdmt[1].txt
    
    
    Mediaplex.com Cookie  more information...
    Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies.
    Status: Deleted
    
    Infected cookies detected
    c:\dokumente und einstellungen\sebastian\cookies\sebastian@mediaplex[1].txt
    
    
    BS.Serving-Sys Cookie  more information...
    Status: Deleted
    
    Infected cookies detected
    c:\dokumente und einstellungen\sebastian\cookies\sebastian@serving-sys[2].txt
    
    werde das nun mehrere Male machen
    
    Gruß

  9. #19
    Einsteiger
    Registriert seit
    27.11.2005
    Beiträge
    12

    AW: Spyware infect

    Code:
    Spyware Scan Details
    Start Date: 23.12.2005 13:44:38
    End Date: 23.12.2005 14:18:20
    Total Time: 33 mins 42 secs 
    
    Detected spyware
    
    Srv.Atomic-KeyLogger Surveillance  more information...
    Details: Srv.Atomic-KeyLogger is a program used to steal information from the infected machine.
    Status: Deleted
    
    Infected registry entries detected
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB NextInstance 1
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 DeviceDesc NOD AV service
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 Class LegacyDriver
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 ConfigFlags 0
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NUCLAB\0000 Legacy 1
    
    
    Mediaplex.com Cookie  more information...
    Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies.
    Status: Deleted
    
    Infected cookies detected
    c:\dokumente und einstellungen\sebastian\cookies\sebastian@mediaplex[1].txt

  10. #20
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: Spyware infect

    Hallo sebiwinckler

    scanne deinen Rechner solange mit Counterspy, bis Counterspy nichts mehr findet. Bitte nach jedem Scanvorgang den Quarantäne-Ordner von Counterspy leeren. Melde dich dann bitte mit dem letzten Logfile von Counterspy und einem neuen HJT-Logfile wieder bei uns im Forum.

Seite 2 von 3 ErsteErste 123 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Spyware... =(
    Von Achill im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 17.08.2005, 22:56
  2. Spyware help please
    Von whishky im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 23.07.2005, 06:01
  3. Spyware!?
    Von RePLeX im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 01.04.2005, 10:09
  4. Help with spyware
    Von Unregistriert im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 05.03.2005, 02:30
  5. can you help with spyware
    Von littletemper im Forum Archiv
    Antworten: 0
    Letzter Beitrag: 25.01.2005, 20:16

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •