Forum
Tipps
News
Menu-Icon

Virus!!! System alert Spyware

hallo

bei mir öffnet sich immer so ne meldung: und wenn ich drauf geh öffnet sich der inet explorer und will dass ich son pogramm runter laden soll. Bei der fehlermeldung steht dann "System Alert Spyware" oder so was kann mir vieleicht jemand helfen was ich da machen kann.
hier mal das hijackthis.log wenn jemand was damit anfangen kann ob ich schon arg infiziert bin:

Logfile of HijackThis v1.99.1
Scan saved at 02:16:59, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.234\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\eddi\Eigene Dateien\ws.js
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - (no file)
O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: vnbptxlf - {E22B6A50-4AE1-42CC-90F7-6CB1086D3A2D} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165853874812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165853656359
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: qdnkewfa - {6C2C3D9C-8647-43C7-8E1F-DC58311FA97D} - C:\WINDOWS\qdnkewfa.dll
O21 - SSODL: mgsvflkw - {0C49738B-C8EF-4933-8E50-B24409644720} - C:\WINDOWS\mgsvflkw.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)


hoffe auf schnelle antwort
gruß

 



Antworten zu Virus!!! System alert Spyware:

habe jetz ein paar sachen probiert und wollte fragen ob dass problem weg ist hier das neue:


Logfile of HijackThis v1.99.1
Scan saved at 08:48:19, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\PROGRA~1\ICQ6\ICQ.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.359\HijackThis.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.062\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\eddi\Eigene Dateien\ws.js
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - (no file)
O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165853874812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165853656359
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: qdnkewfa - {6C2C3D9C-8647-43C7-8E1F-DC58311FA97D} - C:\WINDOWS\qdnkewfa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)
 

Deine Logfile sind dermaßen verseucht, daß ein mühsamer Versuch ein sauberes System wieder zu erreichen mehr Zeit als eine Neuinstallation braucht.
Ich rate zu einer Neuinstallation mit anschließendem Image auf einer 2. Partition.
Außerdem solltest Du dein System auf dem neusten Stand halten, dazu zählt auch der Internetexplorer 7.
Dein Schutz gegen die kriminelle Außenwelt im Inet sowie dein Surfverhalten sind ebenso zu überdenken.

mfg  Burgeule

Versuche so eine Bereinigung in dieser Reihenfolge, poste alle genannten Reporte:

CounterSpy anwenden, wähle immer REMOVE, poste den Report
http://www.paules-pc-infothek.de/ppf2/viewtopic.php?t=1201

smitfraudfix anwenden
http://siri.urz.free.fr/Fix/SmitfraudFix_De.php
Punkte 1,2,3 abarbeiten, Reporte speichern und posten

Malwarebytes anwenden
http://virus-protect.org/artikel/tools/malwarebytes.html
Wenn der Scan beendet ist, lasse alles Gefundene löschen + klicke: "Scan Berichte"

Kopiere den Report ab (rechte Maustaste - «kopieren« - im Sicherheitsforum - rechte Maustaste - «einfügen«

Windowsscan posten
http://virus-protect.org/artikel/tools/windowsscan.html

CCleaner ausführen
http://www.paules-pc-infothek.de/ppf2/viewtopic.php?t=1138

neuen HijackThis log posten

oder Alternativ: Formatieren und neu aufsetzen. 

ok werde es sofort angehn....... werde gleich reports posten...

der report ist viel zu lang um ihn am stück zu posten deshalb muss ich ihn teilen:


Scan History Details
Start Date: 08.04.2008 12:13:35
End Date: 08.04.2008 13:00:44
Total Time: 47 Min 9 Sec
Detected security risks

CasinoOnNet Potentially Unwanted Program  more information...
Details: CasinoOnNet is an online gambling application that requires users to download software in order to play.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINONETINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINONETINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINONETINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\SDL
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\SDL
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\SDL
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\SETTINGS
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\POKERINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\POKERINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\POKERINSTALLER


Morpheus P2P Program  more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT


WhenU.Save Adware (General)  more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Files detected
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc11\ACM.dll
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc11\ffext.mod
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc11\Save.exe

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\CURVER
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\CURVER
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\WUSE.1
HKEY_LOCAL_MACHINE\Software\Classes\WUSE.1
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
 

MyWebSearch Toolbar Potentially Unwanted Program  more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}


My Search Bar Potentially Unwanted Program  more information...
Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID


WhenU.WhenUSearch Low Risk Adware  more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Files detected
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\65_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\66_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\67_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\68_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\69_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\70_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\71_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\72_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\73_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\74_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\75_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\76_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\77_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\78_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\79_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\80_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\81_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\82_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\83_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\84_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\85_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\87_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\88_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\89_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\90_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\91_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\92_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\93_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\94_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\instructions.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\loading.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\module_weather_prefs_main.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\module_weather_print.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\movement.js
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\open_search.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\quick_instructions.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\splash.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\instructions.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\loading.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\module_weather_prefs_main.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\module_weather_print.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\movement.js
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\open_search.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\quick_instructions.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\splash.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\search.dll
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\search.htm

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH


WebDir Adware (General)  more information...
Details: WebDir is spyware implemented as a Browser Helper Object (BHO) that modifies legitimate affiliate web sites with its own affiliate code.
Status: Deleted
 

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\APPID\DLP.DLL
HKEY_LOCAL_MACHINE\Software\Classes\APPID\DLP.DLL
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ.1
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ.1
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\HELPDIR
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\iexplore
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\iexplore
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\iexplore
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\iexplore


Backdoor.Rbot.steam Backdoor  more information...
Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Files detected
C:\Programme\Valve\platform\steam_dev.exe


Vegas Red Casino Potentially Unwanted Program  more information...
Details: Vegas Red Casino is an online casino game that requires a software download to the user's machine.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\mro
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\mro
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\rodz
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\rodz
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\sb
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\sb
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO


 

TitanPoker Potentially Unwanted Program  more information...
Details: TitanPoker is an online casino game that requires a software download to the user's machine.
Status: Deleted

Files detected
C:\Dokumente und Einstellungen\All Users\Startmenü\Titan Poker.lnk

Registry entries detected
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER

 

PartyPoker Potentially Unwanted Program  more information...
Details: PartyPoker is an online gambling application that requires the user to download its software in order to play.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER


SpamTool.Win32.Mailbot.az Trojan  more information...
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PE386
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PE386


Trojan-Downloader.Win32.VB.fn Trojan Downloader  more information...
Status: Deleted

Files detected
C:\WINDOWS\SYSTEM32\SBO

 

smitfraudfix reports:


SmitFraudFix v2.309

Scan done at 13:13:34,35, 08.04.2008
Run from C:\Dokumente und Einstellungen\eddi\Desktop\Zeugs\tools\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\eddi


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\eddi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\eddi\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: AVM FRITZ!WLAN USB Stick v1.1 - Paketplaner-Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



 

2er report:

SmitFraudFix v2.309

Scan done at 13:14:43,42, 08.04.2008
Run from C:\Dokumente und Einstellungen\eddi\Desktop\Zeugs\tools\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
127.0.0.1  serial.alcohol-soft.com


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: AVM FRITZ!WLAN USB Stick v1.1 - Paketplaner-Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry
Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

@Burgeule so verseucht ist es doch garnicht!!

Erstelle nun ein neuen Hijackthis Logfile.

 

Logfile of HijackThis v1.99.1
Scan saved at 13:53:16, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\explorer.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.843\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\eddi\Eigene Dateien\ws.js
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165853874812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165853656359
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: qdnkewfa - {6C2C3D9C-8647-43C7-8E1F-DC58311FA97D} - C:\WINDOWS\qdnkewfa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)


Bin noch nicht ganz mit den schritten durch die mir geraten wurden hat es schon was gebracht bin ich noch infiziert???

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

Ja es hat was gebracht, ist aber noch nicht ganz sauber:

Hake folgende Einträge mit Hijackthis an und klicke fix checked, danach neustart und neues Logfile posten.

O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O21 - SSODL: qdnkewfa - {6C2C3D9C-8647-43C7-8E1F-DC58311FA97D} - C:\WINDOWS\qdnkewfa.dll

Malwarebytes anwenden
http://virus-protect.org/artikel/tools/malwarebytes.html
Wenn der Scan beendet ist, lasse alles Gefundene löschen + klicke: "Scan Berichte"

Kopiere den Report ab (rechte Maustaste - «kopieren« - im Sicherheitsforum - rechte Maustaste - «einfügen«

Windowsscan posten
http://virus-protect.org/artikel/tools/windowsscan.html

CCleaner ausführen
http://www.paules-pc-infothek.de/ppf2/viewtopic.php?t=1138

neuen HijackThis log posten
 

hier der neuste zwischenstand:


Logfile of HijackThis v1.99.1
Scan saved at 14:22:53, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.782\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\eddi\Eigene Dateien\ws.js
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165853874812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165853656359
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)


Wie siehts aus????

 

Malwarebytes Report:


Malwarebytes' Anti-Malware 1.11
Datenbank Version: 599

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 133092
Scan Dauer: 37 minute(s), 7 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 1
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\WINDOWS\qdnkewfa.dll (Trojan.FalkeAlert) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6c2c3d9c-8647-43c7-8e1f-dc58311fa97d} (Trojan.FalkeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qdnkewfa (Trojan.FalkeAlert) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP6\PdmHist\f44.236D74F401C89961.history\00000019.bak (Adware.WhenUSave) -> Delete on reboot.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP6\PdmHist\f44.236D74F401C89961.history\0000001b.bak (Adware.WhenUSave) -> Delete on reboot.
C:\System Volume Information\_restore{17D12135-822C-45F6-9BA9-3F35727B1CF4}\RP542\A0574165.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{17D12135-822C-45F6-9BA9-3F35727B1CF4}\RP542\A0574166.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\qdnkewfa.dll (Trojan.FalkeAlert) -> Delete on reboot.
 

hier der WindowsScan:



Die 30 neuesten Dateien im Ordner Windows:
 
***** ***** ***** ***** ***** 
***** Scanning C:\WINDOWS ***** 
***** ***** ***** ***** ***** 
 
 08.04.2008 WindowsUpdate.log 14 28:1.437.951 
 08.04.2008 0.log 14 22:0 
 08.04.2008 wiadebug.log 14 21:159 
 08.04.2008 wiaservc.log 14 21:50 
 08.04.2008 bootstat.dat 14 21:2.048 
 08.04.2008 SchedLgU.Txt 14 20:32.576 
 08.04.2008 setupact.log 13 17:593 
 08.04.2008 NeroDigital.ini 09 00:116 
 08.04.2008 ntbtlog.txt 08 43:474.326 
 08.04.2008 spupdsvc.log 01 52:8.014 
 08.04.2008 KB890046.log 00 51:56.596 
 08.04.2008 tsoc.log 00 51:271.512 
 08.04.2008 imsins.log 00 51:1.355 
 08.04.2008 ntdtcsetup.log 00 51:120.487 
 08.04.2008 KB899587.log 00 51:52.574 
 08.04.2008 comsetup.log 00 51:197.134 
 08.04.2008 ocmsn.log 00 51:32.691 
 08.04.2008 iis6.log 00 51:658.068 
 08.04.2008 tabletoc.log 00 51:29.545 
 08.04.2008 ocgen.log 00 51:288.678 
 08.04.2008 MedCtrOC.log 00 51:41.157 
 08.04.2008 netfxocm.log 00 51:103.963 
 08.04.2008 msgsocm.log 00 51:29.923 
 08.04.2008 FaxSetup.log 00 51:592.201 
 08.04.2008 msmqinst.log 00 51:182.394 
 08.04.2008 updspapi.log 00 51:80.944 
 08.04.2008 KB927779.log 00 51:52.420 
 
 
Die 50 neuesten Dateien im Ordner Windows\system32:
 
***** ***** ***** ***** ***** 
***** Scanning C:\WINDOWS\system32 ***** 
***** ***** ***** ***** ***** 
 
 08.04.2008 perfh009.dat 14 26:417.304 
 08.04.2008 perfc009.dat 14 26:69.664 
 08.04.2008 perfh007.dat 14 26:435.120 
 08.04.2008 perfc007.dat 14 26:84.244 
 08.04.2008 PerfStringBackup.INI 14 26:1.018.702 
 08.04.2008 tmp.txt 13 15:0 
 08.04.2008 tmp.reg 13 15:1.892 
 08.04.2008 SBFC.dat 12 13:0 
 08.04.2008 SBRC.dat 12 13:0 
 08.04.2008 FNTCACHE.DAT 00 54:142.832 
 08.04.2008 TZLog.log 00 37:138.558 
 30.03.2008 wpa.dbl 17 35:2.206 
 28.03.2008 VACFix.exe 23 19:86.528 
 26.03.2008 IEDFix.exe 08 50:82.432 
 19.03.2008 CmdLineExt03.dll 21 12:43.520 
 04.03.2008 wk32.dll 18 23:18.944 
 04.03.2008 ic32.dll 18 23:3.584 
 04.03.2008 MSWINSCK.OCX 18 23:124.688 
 19.01.2008 jupdate-1.6.0_03-b05.log 19 49:5.686 
 15.01.2008 PnkBstrB.exe 22 00:103.736 
 15.01.2008 PnkBstrA.exe 22 00:66.872 
 15.01.2008 pbsvc.exe 22 00:669.184 
 04.12.2007 oleaut32.dll 20 40:550.912 
 30.11.2007 ssldivx.dll 00 30:200.704 
 30.11.2007 libdivx.dll 00 30:1.044.480 
 22.11.2007 jupdate-1.6.0_02-b05.log 14 41:5.214 
 13.11.2007 tzchange.exe 13 31:60.416 
 13.11.2007 PhysXLoader.dll 11 54:70.944 
 07.11.2007 lsasrv.dll 11 27:729.600 
 30.10.2007 quartz.dll 00 42:1.293.312 
 25.10.2007 wmasf.dll 09 28:222.720 
 22.10.2007 xactengine2_10.dll 04 39:267.272 
 22.10.2007 X3DAudio1_2.dll 04 37:17.928 
 12.10.2007 d3dx9_36.dll 16 14:3.734.536 
 12.10.2007 D3DCompiler_36.dll 16 14:1.374.232 
 03.10.2007 WS2Fix.exe 23 36:25.600 
 02.10.2007 d3dx10_36.dll 10 56:444.776 
 25.09.2007 javacpl.cpl 00 31:69.632 
 25.09.2007 javaws.exe 00 31:139.264 
 24.09.2007 javaw.exe 23 30:135.168 
 24.09.2007 java.exe 23 30:135.168 
 05.09.2007 VCCLSID.exe 23 22:289.144 
 27.08.2007 SBBD.exe 10 26:27.120 
 21.08.2007 inetcomm.dll 08 16:683.520 
 13.08.2007 ieudinit.exe 19 39:13.312 
 28.07.2007 nvapps.xml 16 28:80.944 
 23.07.2007 AgCPanelSpanish.dll 10 03:53.248 
 
 
***** ***** ***** ***** ***** 
***** Scanning C:\WINDOWS\system32\drivers\etc\hosts ***** 
***** ***** ***** ***** ***** 
 
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Dies ist eine HOSTS-Beispieldatei, die von Microsoft TCP/IP
# für Windows 2000 verwendet wird.
#
# Diese Datei enthält die Zuordnungen der IP-Adressen zu Hostnamen.
# Jeder Eintrag muss in einer eigenen Zeile stehen. Die IP-
# Adresse sollte in der ersten Spalte gefolgt vom zugehörigen
# Hostnamen stehen.
# Die IP-Adresse und der Hostname müssen durch mindestens ein
# Leerzeichen getrennt sein.
#
# Zusätzliche Kommentare (so wie in dieser Datei) können in
# einzelnen Zeilen oder hinter dem Computernamen eingefügt werden,
# aber müssen mit dem Zeichen '#' eingegeben werden.
#
# Zum Beispiel:
#
#      102.54.94.97     rhino.acme.com          # Quellserver
#       38.25.63.10     x.acme.com              # x-Clienthost

127.0.0.1       localhost
127.0.0.1  serial.alcohol-soft.com

 
 

***** ***** ***** ***** ***** 
***** Scanning Processe ***** 
***** ***** ***** ***** ***** 
 

Abbildname                  PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process           0 Console                   0            16 K
System                        4 Console                   0           248 K
smss.exe                    480 Console                   0           420 K
csrss.exe                   572 Console                   0         4.340 K
winlogon.exe                756 Console                   0         4.156 K
services.exe                800 Console                   0         3.620 K
lsass.exe                   812 Console                   0         1.616 K
ati2evxx.exe                968 Console                   0         3.488 K
svchost.exe                 980 Console                   0         5.388 K
svchost.exe                1036 Console                   0         4.480 K
svchost.exe                1096 Console                   0        28.028 K
ati2evxx.exe               1180 Console                   0         3.860 K
svchost.exe                1220 Console                   0         3.500 K
svchost.exe                1256 Console                   0         4.240 K
spoolsv.exe                1320 Console                   0         5.040 K
WLanNetService.exe         1436 Console                   0         4.424 K
avp.exe                    1496 Console                   0        13.988 K
PnkBstrA.exe               1572 Console                   0         2.756 K
SBCSSvc.exe                1628 Console                   0        12.316 K
svchost.exe                1860 Console                   0         4.476 K
alg.exe                     248 Console                   0         3.816 K
explorer.exe               1660 Console                   0        28.980 K
wscntfy.exe                1548 Console                   0         2.340 K
WLanGUI.exe                 504 Console                   0         3.416 K
XBoxStat.exe                580 Console                   0         5.220 K
SBCSTray.exe                600 Console                   0         3.828 K
avp.exe                     620 Console                   0         4.440 K
RocketDock.exe              652 Console                   0         7.116 K
wmiprvse.exe               2244 Console                   0         5.256 K
firefox.exe                3940 Console                   0        53.780 K
cmd.exe                    1552 Console                   0         1.892 K
tasklist.exe               3952 Console                   0         4.436 K
wmiprvse.exe               3980 Console                   0         5.620 K
 
 

Microsoft Windows XP [Version 5.1.2600]
 
 
http://www.paules-pc-forum.de 
***** Malware Team ***** 
 
 
***** Ende des Scans 08.04.2008 um 14:32:23,39 *** 
 
 
 

Logfile of HijackThis v1.99.1
Scan saved at 14:41:44, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.843\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\eddi\Eigene Dateien\ws.js
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165853874812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165853656359
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)


So hab jetz alles gemacht hoffe es hat was gebracht und ich bin jetz virenfrei wenn nicht, und ich was falschgemacht hab sagt es mit bitte und ich bitte noch um ein paar tips wie ich mmich in zukunft schützen kann.

Ich bedanke mich hier mal für eure hilfe und gedult

öffne das HijackThis -- Button "scan" -- vor diese Einträge ein Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)


HINWEIS: ComboFix Donwload ist gerade gestört, müsste aber spätestens in einer Stunde wieder gehen!


Führe ComboFix noch aus
http://virus-protect.org/artikel/tools/combofix.html
Beende nun dein Antiviren- & evtl. Antispywareprogramm
Doppelklicken auf: combofix.exe
Gib eine 1 ein, um den Scan zu starten, wenn du danach gefragt wirst.
Die Datenträgerbereinigung abwarten  (bis ca. 20 Min/ Neustart kann erfolgen)
mit der rechten Maustaste den Text markieren -> kopieren -> vollständig posten



In Zukunft: Kein Filesharing. Eingeschränktes Benutzerkonto verwenden und Sandboxie nutzen. Aktuelles Kaspersky verwenden! Version 7

lese auch hier:
http://www.paules-pc-infothek.de/ppf2/viewtopic.php?t=872

ok danke

werde warten bis der download wieder geht oder kann man des auch woanders ziehn

ComboFix 08-04-07.5 - eddi 2008-04-08 15:38:16.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1031.18.621 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\eddi\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((   Dateien erstellt von 2008-03-08 bis 2008-04-08  ))))))))))))))))))))))))))))))
.

2008-04-08 14:35 . 2008-04-08 14:35   <DIR>   d--------   C:\Programme\Yahoo!
2008-04-08 14:35 . 2008-04-08 14:35   <DIR>   d--------   C:\Programme\CCleaner
2008-04-08 13:28 . 2008-04-08 13:28   <DIR>   d--------   C:\Programme\Malwarebytes' Anti-Malware
2008-04-08 13:28 . 2008-04-08 13:28   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\Malwarebytes
2008-04-08 13:28 . 2008-04-08 13:28   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-08 12:13 . 2008-04-08 12:13   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\Sunbelt Software
2008-04-08 12:13 . 2008-04-08 12:13   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sunbelt Software
2008-04-08 12:13 . 2008-04-08 12:13   0   --a------   C:\WINDOWS\system32\SBRC.dat
2008-04-08 12:13 . 2008-04-08 12:13   0   --a------   C:\WINDOWS\system32\SBFC.dat
2008-04-08 12:12 . 2008-04-08 12:12   <DIR>   d--------   C:\Programme\Sunbelt Software
2008-04-08 08:34 . 2008-04-08 13:15   1,892   --a------   C:\WINDOWS\system32\tmp.reg
2008-04-08 08:33 . 2008-04-08 08:37   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\SmitfraudFix
2008-04-08 08:33 . 2007-09-05 23:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-04-08 08:33 . 2006-04-27 16:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-04-08 08:33 . 2008-03-28 23:19   86,528   --a------   C:\WINDOWS\system32\VACFix.exe
2008-04-08 08:33 . 2008-03-26 08:50   82,432   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-04-08 08:33 . 2003-06-05 20:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-04-08 08:33 . 2004-07-31 17:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-04-08 08:33 . 2007-10-03 23:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-04-08 02:12 . 2008-04-08 02:12   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\DoctorWeb
2008-04-08 02:05 . 2008-04-08 02:05   <DIR>   d--------   C:\Programme\ClearProg
2008-04-08 01:52 . 2008-04-08 01:52   <DIR>   d--------   C:\Programme\microsoft frontpage
2008-04-08 01:03 . 2008-04-08 01:03   <DIR>   d--------   C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
2008-04-07 23:13 . 2008-04-07 23:13   <DIR>   d--------   C:\Programme\Kaspersky Lab
2008-04-07 23:13 . 2008-04-07 23:13   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-04-07 23:13 . 2008-04-08 15:39   3,962,144   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-07 23:13 . 2008-04-08 14:20   52,532   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-07 23:13 . 2008-04-08 15:40   47,648   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-07 23:13 . 2008-04-08 14:20   5,012   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-07 19:22 . 2008-04-08 02:38   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\TmpRecentIcons
2008-04-07 13:22 . 2006-03-31 10:55   104,076   --a------   C:\Dokumente und Einstellungen\eddi\Swat.4.-_the_stetchkov_syndicate_keygen-tsrh.zip
2008-04-06 20:28 . 2008-04-06 20:28   <DIR>   d--------   C:\Programme\Sierra
2008-04-04 21:33 . 2008-04-04 21:33   <DIR>   d--------   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
2008-04-04 21:32 . 2008-04-04 21:33   48   --ahs----   C:\WINDOWS\S2ED918C3.tmp
2008-04-04 17:02 . 2008-04-04 17:02   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\CDRoller
2008-04-04 15:48 . 2008-04-04 15:48   <DIR>   d--------   C:\Programme\Gemeinsame Dateien\Adobe
2008-04-04 14:30 . 2008-04-04 14:30   <DIR>   d--------   C:\Neuer Ordner
2008-04-04 13:59 . 2005-12-15 20:37   86,095   --a------   C:\WINDOWS\system32\ImageDrive.cpl
2008-04-02 21:15 . 2008-04-02 21:15   <DIR>   d--------   C:\Programme\Natural Voice Reader Standard
2008-04-01 14:41 . 2008-04-01 20:33   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\flightgear.org
2008-03-28 05:09 . 2008-04-07 22:56   <DIR>   d--------   C:\WINDOWS\system32\de-de
2008-03-28 05:09 . 2001-08-18 16:00   68,608   --a------   C:\WINDOWS\system32\plugin.ocx
2008-03-28 05:09 . 2001-08-18 16:00   68,608   --a------   C:\WINDOWS\system32\dllcache\plugin.ocx
2008-03-28 05:07 . 2008-04-08 00:50   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-03-26 14:57 . 2008-03-26 14:57   <DIR>   d--------   C:\Programme\DAEMON Tools Lite
2008-03-26 14:54 . 2008-03-26 14:54   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\DAEMON Tools
2008-03-25 22:46 . 2001-08-17 15:02   9,600   --a------   C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-25 22:46 . 2008-04-08 00:51   1,355   --a------   C:\WINDOWS\imsins.BAK
2008-03-25 22:46 . 2008-03-25 22:46   0   --ah-----   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-03-25 22:46 . 2008-03-25 22:46   0   --ah-----   C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-03-25 22:44 . 2008-03-25 22:44   <DIR>   d--------   C:\Programme\Microsoft Xbox 360 Accessories
2008-03-25 22:44 . 2007-02-26 19:15   1,421,216   --a------   C:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-03-25 22:44 . 2007-02-26 19:15   61,984   --a------   C:\WINDOWS\system32\drivers\xusb21.sys
2008-03-20 20:56 . 2008-03-31 21:18   <DIR>   d--------   C:\Programme\Postal2STP
2008-03-20 17:21 . 2008-03-20 17:21   <DIR>   d--------   C:\Programme\PLAYLOGIC
2008-03-18 03:37 . 2008-03-18 03:37   0   -ra------   C:\logwmemory.bin
2008-03-18 03:36 . 2008-03-18 03:36   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\Soldat
2008-03-13 18:40 . 2008-03-13 18:40   <DIR>   d--------   C:\WINDOWS\system32\AGEIA
2008-03-13 18:40 . 2008-03-13 18:40   <DIR>   d--------   C:\Programme\AGEIA Technologies
2008-03-13 18:39 . 2007-10-12 16:14   3,734,536   --a------   C:\WINDOWS\system32\d3dx9_36.dll
2008-03-13 18:39 . 2007-10-12 16:14   1,374,232   --a------   C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-13 18:39 . 2007-10-02 10:56   444,776   --a------   C:\WINDOWS\system32\d3dx10_36.dll
2008-03-13 18:39 . 2007-10-22 04:39   267,272   --a------   C:\WINDOWS\system32\xactengine2_10.dll
2008-03-13 18:39 . 2007-07-20 01:57   267,112   --a------   C:\WINDOWS\system32\xactengine2_9.dll
2008-03-09 15:11 . 2008-03-09 15:11   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\TeamViewer
2008-03-09 15:10 . 2008-03-09 15:10   <DIR>   d--------   C:\Programme\TeamViewer3
2008-03-09 15:10 . 2008-03-09 15:10   <DIR>   d--------   C:\Dokumente und Einstellungen\eddi\temp

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 06:52   ---------   d---a-w   C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-04-07 22:28   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\OpenOffice.org2
2008-04-07 20:47   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\ICQ
2008-04-07 16:06   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\dvdcss
2008-04-06 23:02   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\Azureus
2008-04-06 19:02   ---------   d--h--w   C:\Programme\InstallShield Installation Information
2008-04-04 13:14   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\Ahead
2008-04-02 19:15   ---------   d-----w   C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-03-28 00:32   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\Hamachi
2008-03-26 16:19   ---------   d-----w   C:\Programme\mIRC
2008-03-26 12:54   717,296   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2008-03-25 19:09   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\teamspeak2
2008-03-25 17:56   ---------   d-----w   C:\Programme\Hamachi
2008-03-25 17:55   25,280   ----a-w   C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-20 21:02   ---------   d-----w   C:\Programme\Teamspeak2_RC2
2008-03-19 19:12   43,520   ----a-w   C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-06 18:01   ---------   d-----w   C:\Programme\ICQ6
2008-03-05 14:15   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\InstallShield
2008-03-04 16:23   3,584   ----a-w   C:\WINDOWS\system32\ic32.dll
2008-03-04 16:23   18,944   ----a-w   C:\WINDOWS\system32\wk32.dll
2008-03-04 14:44   ---------   d-----w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\uTorrent
2008-02-20 11:04   ---------   d-----w   C:\Programme\Steam
2008-01-15 20:01   22,328   ----a-w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\PnkBstrK.sys
2008-01-15 20:00   669,184   ----a-w   C:\WINDOWS\system32\pbsvc.exe
2008-01-15 20:00   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-01-15 20:00   103,736   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2007-01-11 22:26   81,920   ----a-w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\ezpinst.exe
2007-01-11 22:26   47,360   ----a-w   C:\Dokumente und Einstellungen\eddi\Anwendungsdaten\pcouffin.sys
.

((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Programme\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"ICQ"="C:\PROGRA~1\ICQ6\ICQ.exe" [2007-12-19 16:48 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="C:\Programme\avmwlanstick\wlangui.exe" [2006-07-31 02:02 1544192]
"XboxStat"="c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28 155751]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= mcdvd_32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Steam"="C:\Programme\Steam\Steam.exe" -silent
"NBJ"="C:\Programme\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
"nwiz"=nwiz.exe /install
"C-Media Mixer"=Mixer.exe /startup
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"WinampAgent"=C:\Programme\Winamp\winampa.exe
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SBCSTray"=C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"C:\\Programme\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Programme\\Valve\\Counter-Strike Source\\hl2.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programme\\Valve\\hl.exe"=
"C:\\Programme\\mIRC\\mirc.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"C:\\Programme\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55555:TCP"= 55555:TCP:Quorks

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 08:23]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:58]
R3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-07-31 02:02]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c11ddc8-9772-11db-a5ad-001921350f57}]
\Shell\AutoRun\command - N:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fa545c8-fbc0-11db-b65b-00040efc01fb}]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2522d190-1c4a-11dc-b05d-00040efc01fb}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96da0a7a-4a5a-11dc-a46d-00040efc01fb}]
\Shell\AutoRun\command - J:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b05a961d-023e-11dd-9735-f4ec04988626}]
\Shell\AutoRun\command - E:\pushinst.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-04-07 17:37:31 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 15:40:40
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-08 15:41:23
ComboFix-quarantined-files.txt  2008-04-08 13:41:07
              19 Verzeichnis(se),  5,214,138,368 Bytes frei
              22 Verzeichnis(se),  5,203,050,496 Bytes frei




 

ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK"

Ändere alle wichtigen Passwörter

F-SECURE Onlinescan
http://support.f-secure.de/ger/home/ols.shtml
Benötigt wird ActiveX --> Internet Explorer
Report posten


« Virus Problem, brauche dringent Hilfe!!!Sandboxie »
 

Schnelle Hilfe: Hier nach ähnlichen Fragen und passenden Tipps suchen!

Fremdwörter? Erklärungen im Lexikon!
Betriebssystem
Das Betriebssystem ist das Steuerungsprogramm des Computers, das als eines der ersten Programme beim Hochfahren des Rechners geladen wird. Arbeitsspeicher, Festplatten, E...

Binärsystem
Unter dem Begriff Binärsystem (oder Dualsystem) versteht man ein Zahlensystem, das lediglich zwei Zustände oder Werte kennt: Null (0) und Eins (1). Es bildet di...

Bus System
Ein Bus ist ein System zur Datenübertragung. Durch einen Bus können mehrere Teilnehmer über eine Leitung miteinander verbunden werden, ohne dabei an der Da...