Forum
Tipps
News
Menu-Icon

Virus!!! System alert Spyware

hallo

bei mir öffnet sich immer so ne meldung: und wenn ich drauf geh öffnet sich der inet explorer und will dass ich son pogramm runter laden soll. Bei der fehlermeldung steht dann "System Alert Spyware" oder so was kann mir vieleicht jemand helfen was ich da machen kann.
hier mal das hijackthis.log wenn jemand was damit anfangen kann ob ich schon arg infiziert bin:

Logfile of HijackThis v1.99.1
Scan saved at 02:16:59, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.234\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\eddi\Eigene Dateien\ws.js
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - (no file)
O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: vnbptxlf - {E22B6A50-4AE1-42CC-90F7-6CB1086D3A2D} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165853874812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165853656359
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: qdnkewfa - {6C2C3D9C-8647-43C7-8E1F-DC58311FA97D} - C:\WINDOWS\qdnkewfa.dll
O21 - SSODL: mgsvflkw - {0C49738B-C8EF-4933-8E50-B24409644720} - C:\WINDOWS\mgsvflkw.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)


hoffe auf schnelle antwort
gruß

 



Antworten zu Virus!!! System alert Spyware:

habe jetz ein paar sachen probiert und wollte fragen ob dass problem weg ist hier das neue:


Logfile of HijackThis v1.99.1
Scan saved at 08:48:19, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\PROGRA~1\ICQ6\ICQ.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.359\HijackThis.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.062\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\eddi\Eigene Dateien\ws.js
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - (no file)
O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165853874812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165853656359
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: qdnkewfa - {6C2C3D9C-8647-43C7-8E1F-DC58311FA97D} - C:\WINDOWS\qdnkewfa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)
 

Deine Logfile sind dermaßen verseucht, daß ein mühsamer Versuch ein sauberes System wieder zu erreichen mehr Zeit als eine Neuinstallation braucht.
Ich rate zu einer Neuinstallation mit anschließendem Image auf einer 2. Partition.
Außerdem solltest Du dein System auf dem neusten Stand halten, dazu zählt auch der Internetexplorer 7.
Dein Schutz gegen die kriminelle Außenwelt im Inet sowie dein Surfverhalten sind ebenso zu überdenken.

mfg  Burgeule

Versuche so eine Bereinigung in dieser Reihenfolge, poste alle genannten Reporte:

CounterSpy anwenden, wähle immer REMOVE, poste den Report
http://www.paules-pc-infothek.de/ppf2/viewtopic.php?t=1201

smitfraudfix anwenden
http://siri.urz.free.fr/Fix/SmitfraudFix_De.php
Punkte 1,2,3 abarbeiten, Reporte speichern und posten

Malwarebytes anwenden
http://virus-protect.org/artikel/tools/malwarebytes.html
Wenn der Scan beendet ist, lasse alles Gefundene löschen + klicke: "Scan Berichte"

Kopiere den Report ab (rechte Maustaste - «kopieren« - im Sicherheitsforum - rechte Maustaste - «einfügen«

Windowsscan posten
http://virus-protect.org/artikel/tools/windowsscan.html

CCleaner ausführen
http://www.paules-pc-infothek.de/ppf2/viewtopic.php?t=1138

neuen HijackThis log posten

oder Alternativ: Formatieren und neu aufsetzen. 

ok werde es sofort angehn....... werde gleich reports posten...

der report ist viel zu lang um ihn am stück zu posten deshalb muss ich ihn teilen:


Scan History Details
Start Date: 08.04.2008 12:13:35
End Date: 08.04.2008 13:00:44
Total Time: 47 Min 9 Sec
Detected security risks

CasinoOnNet Potentially Unwanted Program  more information...
Details: CasinoOnNet is an online gambling application that requires users to download software in order to play.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINONETINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINONETINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINONETINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\init
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\SDL
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\SDL
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\SDL
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\CASINOONNET\casino\SETTINGS
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\POKERINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\POKERINSTALLER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\POKERINSTALLER


Morpheus P2P Program  more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT


WhenU.Save Adware (General)  more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Files detected
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc11\ACM.dll
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc11\ffext.mod
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc11\Save.exe

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{C285D18D-43A2-4AEF-83FB-BF280E660A97}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\CURVER
HKEY_LOCAL_MACHINE\Software\Classes\RUNMSC.LOADER\CURVER
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\WUSE.1
HKEY_LOCAL_MACHINE\Software\Classes\WUSE.1
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1
HKEY_LOCAL_MACHINE\Software\Classes\WUSN.1
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
 

MyWebSearch Toolbar Potentially Unwanted Program  more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}


My Search Bar Potentially Unwanted Program  more information...
Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\IMSIDE1EGATE.APPLICATION.1\CLSID


WhenU.WhenUSearch Low Risk Adware  more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Files detected
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\65_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\66_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\67_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\68_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\69_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\70_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\71_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\72_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\73_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\74_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\75_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\76_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\77_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\78_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\79_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\80_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\81_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\82_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\83_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\84_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\85_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\87_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\88_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\89_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\90_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\91_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\92_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\93_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\94_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\_wtext.gif
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\instructions.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\loading.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\module_weather_prefs_main.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\module_weather_print.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\movement.js
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\open_search.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\quick_instructions.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\images\sb.daemon1\splash.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\instructions.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\loading.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\module_weather_prefs_main.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\module_weather_print.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\movement.js
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\open_search.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\quick_instructions.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\Content\splash.html
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\search.dll
C:\RECYCLER\S-1-5-21-1708537768-688789844-839522115-500\Dc15\search.htm

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\Partners\desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH\WHSE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSEARCH


WebDir Adware (General)  more information...
Details: WebDir is spyware implemented as a Browser Helper Object (BHO) that modifies legitimate affiliate web sites with its own affiliate code.
Status: Deleted
 

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\APPID\DLP.DLL
HKEY_LOCAL_MACHINE\Software\Classes\APPID\DLP.DLL
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\Control
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\MiscStatus\1
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\Version
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ.1
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ.1
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\DLP.DLPOBJ\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{B1E22EB8-2AE8-4E8E-96AE-74F2A1764533}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\0
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Classes\TYPELIB\{BDBEBF18-7615-4971-9AC3-BD6FFB7AD6C1}\1.0\HELPDIR
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\iexplore
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\iexplore
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\iexplore
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}\iexplore


Backdoor.Rbot.steam Backdoor  more information...
Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Files detected
C:\Programme\Valve\platform\steam_dev.exe


Vegas Red Casino Potentially Unwanted Program  more information...
Details: Vegas Red Casino is an online casino game that requires a software download to the user's machine.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\mro
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\mro
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\rodz
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\rodz
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\sb
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO\sb
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\VEGAS RED CASINO


 

TitanPoker Potentially Unwanted Program  more information...
Details: TitanPoker is an online casino game that requires a software download to the user's machine.
Status: Deleted

Files detected
C:\Dokumente und Einstellungen\All Users\Startmenü\Titan Poker.lnk

Registry entries detected
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\lobby_favouritegames
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262\QuickSearch
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER\TTR69716262
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\TITAN POKER

 

PartyPoker Potentially Unwanted Program  more information...
Details: PartyPoker is an online gambling application that requires the user to download its software in order to play.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER
HKEY_USERS\S-1-5-21-1708537768-688789844-839522115-1003\SOFTWARE\PARTYGAMING\PARTYPOKER


SpamTool.Win32.Mailbot.az Trojan  more information...
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PE386
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PE386


Trojan-Downloader.Win32.VB.fn Trojan Downloader  more information...
Status: Deleted

Files detected
C:\WINDOWS\SYSTEM32\SBO

 

smitfraudfix reports:


SmitFraudFix v2.309

Scan done at 13:13:34,35, 08.04.2008
Run from C:\Dokumente und Einstellungen\eddi\Desktop\Zeugs\tools\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\eddi


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\eddi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\eddi\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: AVM FRITZ!WLAN USB Stick v1.1 - Paketplaner-Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



 

2er report:

SmitFraudFix v2.309

Scan done at 13:14:43,42, 08.04.2008
Run from C:\Dokumente und Einstellungen\eddi\Desktop\Zeugs\tools\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
127.0.0.1  serial.alcohol-soft.com


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: AVM FRITZ!WLAN USB Stick v1.1 - Paketplaner-Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0DE2AF40-DE1D-4F16-AB3B-9AE8540323E2}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry
Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

@Burgeule so verseucht ist es doch garnicht!!

Erstelle nun ein neuen Hijackthis Logfile.

 

Logfile of HijackThis v1.99.1
Scan saved at 13:53:16, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\explorer.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\eddi\LOKALE~1\Temp\Rar$EX00.843\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Dokumente und Einstellungen\eddi\Eigene Dateien\ws.js
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.05\MediaManager\grab.html
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165853874812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165853656359
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: qdnkewfa - {6C2C3D9C-8647-43C7-8E1F-DC58311FA97D} - C:\WINDOWS\qdnkewfa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Programme\Windows Media Player\WMPNetwk.exe (file missing)


Bin noch nicht ganz mit den schritten durch die mir geraten wurden hat es schon was gebracht bin ich noch infiziert???

Hat dir diese Antwort geholfen?

Danke ButtonHilfreiche Antwort Button

Ja es hat was gebracht, ist aber noch nicht ganz sauber:

Hake folgende Einträge mit Hijackthis an und klicke fix checked, danach neustart und neues Logfile posten.

O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O3 - Toolbar: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Programme\Natural Voice Reader Standard\read.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O21 - SSODL: qdnkewfa - {6C2C3D9C-8647-43C7-8E1F-DC58311FA97D} - C:\WINDOWS\qdnkewfa.dll


« Virus Problem, brauche dringent Hilfe!!!Sandboxie »
 

Schnelle Hilfe: Hier nach ähnlichen Fragen und passenden Tipps suchen!

Fremdwörter? Erklärungen im Lexikon!
Betriebssystem
Das Betriebssystem ist das Steuerungsprogramm des Computers, das als eines der ersten Programme beim Hochfahren des Rechners geladen wird. Arbeitsspeicher, Festplatten, E...

Binärsystem
Unter dem Begriff Binärsystem (oder Dualsystem) versteht man ein Zahlensystem, das lediglich zwei Zustände oder Werte kennt: Null (0) und Eins (1). Es bildet di...

Bus System
Ein Bus ist ein System zur Datenübertragung. Durch einen Bus können mehrere Teilnehmer über eine Leitung miteinander verbunden werden, ohne dabei an der Da...