Danke Gipsy für die Hilfe schon mal vorne weg
hab von sowas keine ahnung

meine logfile ist:

Logfile of HijackThis v1.99.1
Scan saved at 6:48:43 PM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HWPad.exe
C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programme\Gemeinsame Dateien\AOL\1165442133\ee\AOLSoftware.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Dokumente und Einstellungen\Miss Rain\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://animexx.onlinewelten.com/mitglie ... 46efac9e96
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.jword.jp/jwd_sb_srchasst.htm?ielang={SUB_RFC1766}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.jword.jp/jwd_sb_srchcust.htm?ielang={SUB_RFC1766}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = DHCP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: MyUrlSrcHook Class - {D2A5245A-B682-4C26-A507-173A774B2E70} - C:\WINDOWS\DOWNLO~1\CNSMIN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - (no file)
O2 - BHO: IDN Helper Object - {118CE65F-5D86-4AEA-A9BD-94F92B89119F} - C:\WINDOWS\DOWNLO~1\CNSMIN~1.DLL
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Programme\TrustIn Contextual\trustincontext.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165442133\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinPop] C:\Programme\WinPop\winpop.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Miss Rain\Startmenü\Programme\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://220.221.248.80/kxhcm10.ocx
O16 - DPF: {477E2667-7E7A-4737-BFF5-121D68EF7816} (AOL Download Assistent) - http://musikdownloads.aol.de/imcdms-sta ... istent.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/D ... Player.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://61.199.228.140/activex/AxisCamControl.ocx
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2 ... n=1,0,0,10
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/BugsLoader20041018.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites ... tallDE.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: system32 - {40424CD5-084B-443F-A4CD-91B716BE3985} - sysprinters.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ChatSpace - Unknown owner - C:\PROGRA~1\CHATSP~1\COMMUN~1\CSServer\Programs\CHATSP~1.EXE (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWTabletService - HanWang Technology Group - C:\WINDOWS\system32\HWPad.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

1. Cleanup, so wie hier beschrieben, anwenden + (PC neu starten)
http://www.gipsy-computer.de/downloads/ ... /index.php
______________________________________________________________________________________

2. öffne das HijackThis --> Button "scan" --> Häkchen setzen --> Button "Fix checked" --> PC neustarten

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - (no file)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Programme\TrustIn Contextual\trustincontext.dll (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Miss Rain\Startmenü\Programme\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O21 - SSODL: system32 - {40424CD5-084B-443F-A4CD-91B716BE3985} - sysprinters.dll (file missing)

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)

______________________________________________________________________________________

3. Danach lade CounterSpy und mache die dazugehörige Updates und trennst dann das Internet.
Wenn die alle Updates erfolgreich installiert wurden, mache einen vollständigen Scan!

Nach dem Scan unter > Action (Default) wählen, was man mit der Malware machen will:
*Ignore
*Quarantine
*Remove

Wähle bei jeder einzelnen gefundenen Malware immer -> *Remove
poste bitte den Scanreport
http://virus-protect.org/counterspy1.html
______________________________________________________________________________________

4. Mache bitte einen PandaOnlineScan und poste den Report (see Report --> save Report --> hier posten)
http://virus-protect.org/onlinescan.html

Bitte wieder zurückmelden

Hallo,

Ich habe alles so gemacht wie es da steht. Ich habe am Ende ein Scan mit CounterSpy durchgeführt und die Scan History gespeichert, bin mir aber nicht sicher ob es das ist was ich hier posten soll? Ist das der Scanreport? Ich hatte Msn den ganzen Tag an und keinen Vorfall mehr, ich nehm an es ist gelöscht auch wenn ich das lieber nicht zu laut sage ^^;

liebe Grüsse
mi

Miyuki hat geschrieben:Ich habe am Ende ein Scan mit CounterSpy durchgeführt und die Scan History gespeichert, bin mir aber nicht sicher ob es das ist was ich hier posten soll? Ist das der Scanreport?

Ja das ist der Scanreport und bitte hier posten!
Mache bitte zur Sicherheit einen PandaOnlineScan und poste den Report

Gruß

gipsy111

ok ich poste zuerst den scanreport von CounterSpy hier:

Scan History Details
Start Date: 7/2/2007 9:11:01 PM
End Date: 7/2/2007 11:23:25 PM
Total Time: 132 Min 24 Sec
Detected security risks

Cookie: AdKnowledge.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss rain@adknowledge[2].txt


Cookie: AdsRemote.Scripps.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@adsremote.scripps[1].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@atdmt[2].txt


Cookie: BeloInteractive.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@belointeractive[1].txt


Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss rain@cgi-bin[2].txt


3721 Chinese Keywords (CNSMin) Browser Plug-in more information...
Details: 3721 Chinese Keywords, also known as CNSMin or Adware.CDN, is keyword-lookup provider that takes over the search feature of IE's address bar. It is aimed at providing keywords using Chinese characters.
Status: Deleted

Files detected
c:\WINDOWS\Downloaded Program Files\CnsMinIdn.dll
C:\WINDOWS\Downloaded Program Files\idnlite.dll

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47387079-DA8D-48AB-98C7-0017812D51EA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D2A5245A-B682-4C26-A507-173A774B2E70}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ADVANCEDOPTIONS\!CNS\UDOption
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\CNSMIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\CNSMIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\CNSMIN
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\3721
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\3721\CnsMin
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\3721\CnsMin
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\3721\CnsMin\Variant
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\3721\CnsMin\Variant
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\3721\CnsMin\Variant
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING


Cookie: Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@com[1].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@doubleclick[1].txt


Cookie: FastClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@fastclick[2].txt


Cookie: GeoCities Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss rain@geocities[2].txt
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@geocities[2].txt


Cookie: OKCounter Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@okcounter[1].txt


Cookie: Ru4.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@edge.ru4[2].txt


Cookie: SageAnalyst Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss rain@sageanalyst[1].txt


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0A65CA2B-EDB9-48B1-92DA-1D92C72498E4}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0A65CA2B-EDB9-48B1-92DA-1D92C72498E4}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0A65CA2B-EDB9-48B1-92DA-1D92C72498E4}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0A65CA2B-EDB9-48B1-92DA-1D92C72498E4}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0A65CA2B-EDB9-48B1-92DA-1D92C72498E4}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{0A65CA2B-EDB9-48B1-92DA-1D92C72498E4}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\UCONTROLSCANANDREMOVE.UCONTROLSCANNER
HKEY_LOCAL_MACHINE\Software\Classes\UCONTROLSCANANDREMOVE.UCONTROLSCANNER
HKEY_LOCAL_MACHINE\Software\Classes\UCONTROLSCANANDREMOVE.UCONTROLSCANNER\Clsid
HKEY_LOCAL_MACHINE\Software\Classes\UCONTROLSCANANDREMOVE.UCONTROLSCANNER\Clsid


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@advertising[2].txt


Cookie: ValueClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@valueclick[1].txt


Cookie: Tripod Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@tripod[2].txt


Cookie: WWW.Angelfire Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@www.angelfire[2].txt


WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{BEAE14DB-A12A-442D-BF77-4644E3661211}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{BEAE14DB-A12A-442D-BF77-4644E3661211}
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{BEAE14DB-A12A-442D-BF77-4644E3661211}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{BEAE14DB-A12A-442D-BF77-4644E3661211}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{BEAE14DB-A12A-442D-BF77-4644E3661211}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\INTERFACE\{BEAE14DB-A12A-442D-BF77-4644E3661211}\ProxyStubClsid32


Cookie: cookie.monster Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@cookie.monster[2].txt


Cookie: adriver Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@adriver[1].txt


WindUpdates.MediaAccess Adware (General) more information...
Details: WindUpdates.MediaAccess is an adware program that spawns pop-ups on the desktop.
Status: Deleted

Files detected
C:\Program Files\Media Access\MediaAccess.exe


SpyKeySpy Commercial Key Logger more information...
Details: SpyKeySpy is a powerful, low-level stealth keystroke (including username and passwords) monitoring application with e-mail delivery feature for remote monitoring, and much more!
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\DSS8
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\DSS8
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\Global
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\Global
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\Global
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\Global
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\Global
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\VB AND VBA PROGRAM SETTINGS\DSS\LFV


Cookie: RegNow Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss rain@www.regnow[2].txt


Cookie: Radar Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss rain@yourmedia[1].txt


Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss rain@a[2].txt


Cookie: a.websponsors Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss rain@a.websponsors[2].txt


Cookie: ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\miss rain\cookies\miss_rain@ad.yieldmanager[1].txt


Trustin.Bar Toolbar more information...
Status: Deleted

Files detected
C:\PROGRAMME\TRUSTIN CONTEXTUAL

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER.1
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER.1
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\BOT.CLICKER\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}\ProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}\Programmable
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{631F7200-642E-11DB-BD13-0800200C9A66}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{631F7200-642E-11DB-BD13-0800200C9A66}
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F7200-642E-11DB-BD13-0800200C9A66}
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F7200-642E-11DB-BD13-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F7200-642E-11DB-BD13-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F7200-642E-11DB-BD13-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F7200-642E-11DB-BD13-0800200C9A66}\iexplore
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{631F7200-642E-11DB-BD13-0800200C9A66}\iexplore


Hacktool.PWSteal Password Cracker/Stealer more information...
Status: Deleted

Files detected
C:\WINDOWS\mfnsys.dll


Trustin.URLChanger Browser Plug-in more information...
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO.1
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO.1
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO.1\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO\CLSID
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO\CurVer
HKEY_LOCAL_MACHINE\Software\Classes\CHANGERBHO.CHANGERBHO\CurVer


BSplayer Adware Bundler more information...
Details: BSplayer is bundle with WhenU Save. You cannot even run the software without WhenU Save.
Status: Deleted

Files detected
C:\PROGRAMME\Webteh\BSplayer\Thumbs.db:encryptable
C:\PROGRAMME\Webteh\BSplayer\bscap0000.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0001.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0002.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0003.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0004.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0005.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0006.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0007.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0008.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0009.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0010.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0011.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0012.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0013.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0014.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0015.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0016.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0017.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0018.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0019.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0020.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0021.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0022.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0023.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0024.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0025.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0026.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0027.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0028.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0029.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0030.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0031.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0032.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0033.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0034.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0035.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0036.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0037.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0038.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0039.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0040.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0041.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0042.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0043.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0044.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0045.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0046.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0047.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0048.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0049.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0050.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0051.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0052.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0053.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0054.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0055.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0056.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0057.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0058.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0059.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0060.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0061.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0062.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0063.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0064.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0065.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0066.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0067.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0068.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0069.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0070.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0071.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0072.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0073.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0074.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0075.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0076.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0077.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0078.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0079.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0080.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0081.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0082.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0083.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0084.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0085.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0086.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0087.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0088.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0089.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0090.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0091.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0092.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0093.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0094.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0095.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0096.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0097.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0098.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0099.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0100.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0101.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0102.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0103.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0104.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0105.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0106.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0107.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0108.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0109.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0110.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0111.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0112.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0113.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0114.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0115.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0116.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0117.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0118.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0119.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0120.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0121.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0122.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0123.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0124.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0125.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0126.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0127.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0128.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0129.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0130.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0131.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0132.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0133.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0134.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0135.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0136.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0137.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0138.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0139.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0140.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0141.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0142.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0143.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0144.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0145.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0146.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0147.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0148.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0149.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0150.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0151.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0152.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0153.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0154.jpg
C:\PROGRAMME\Webteh\BSplayer\bscap0155.jpg
C:\PROGRAMME\Webteh\BSplayer\Thumbs.db
C:\PROGRAMME\WEBTEH
C:\PROGRAMME\WEBTEH\BSPLAYER

Registry entries detected
HKEY_USERS\S-1-5-21-1601211345-2633884648-1330875588-1006\SOFTWARE\BST



der scanreport von panda folgt