hallo,
hab euch mal mien log gepostet.. hab seit einiger zeit große probleme mim internet speed.
hoffe ihr findet die fehler?!
danke für eure hoffentlich schnelle hilfe!
Logfile of HijackThis v1.99.1
Scan saved at 20:01:51, on 16.02.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\NetLimiter 2 Pro\nlsvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Raptor-Gaming\RGM2\Panel.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Valve\Steam\Steam.exe
C:\Programme\Trillian\trillian.exe
c:\programme\valve\steam\steamapps\_pinkninja_\counter-strike\hl.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\_pinkninja_\Desktop\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Raptor-Gaming M2] C:\Programme\Raptor-Gaming\RGM2\Panel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {C6349D82-6D4A-4A65-A35D-0D9A65971C18} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {C6349D82-6D4A-4A65-A35D-0D9A65971C18} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programme\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
°hijackthislog° bitte angucken
9 Beiträge • Seite 1 von 1
von Nikita am 17.02.2006, 13:35
1.
FlashGet deinstallieren
2.
C:\Programme\Raptor-Gaming --> was ist das ???
FlashGet deinstallieren
2.
C:\Programme\Raptor-Gaming --> was ist das ???
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von _ninja_ am 17.02.2006, 16:42
alles klar, flash get ist deinstalliert
und das raptor gaming ist der treiber meiner maus.
was soll ich jetzt machen??
und das raptor gaming ist der treiber meiner maus.
was soll ich jetzt machen??
- _ninja_
- Beiträge: 39
- Registriert: 31.01.2006, 18:23
von Nikita am 17.02.2006, 16:51
counterspy
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab.
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab.
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von _ninja_ am 17.02.2006, 19:23
Spyware Scan Details
Start Date: 17.02.2006 17:28:32
End Date: 17.02.2006 17:49:08
Total Time: 20 mins 36 secs
Detected spyware
BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Deleted
Infected files detected
c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\bearshare.exe
c:\programme\bearshare\bsidle.dll
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\history.txt
c:\programme\bearshare\install.log
c:\programme\bearshare\runmsc.dll
c:\programme\bearshare\unwise.exe
c:\programme\bearshare\webstats.bat
c:\programme\bearshare\webstats.exe
c:\programme\bearshare\webstats.ini
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\connect.txt
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\db\hostiles-chat.txt
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.2.db
c:\programme\bearshare\db\library.2.db.lastgoodload.bak
c:\programme\bearshare\db\library.db
c:\programme\bearshare\db\library.db.lastgoodload.bak
c:\programme\bearshare\db\searches.ini
c:\programme\bearshare\logs\hosts-state.txt
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt
c:\programme\bearshare\logs\streams.txt
c:\programme\bearshare\sounds\notify.wav
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.dat
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.dat.bak
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.exe
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.tiger
Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella
HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8
HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.1.0.27
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.com/help.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare
ReJump Time Tracker Surveillance more information...
Details: The system collects information about active applications and windows and calculates quantity of keystrokes and mouse clicks
Status: Deleted
Infected files detected
c:\windows\system32\hook.dll
WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Deleted
Infected files detected
c:\programme\save\save.exe
c:\programme\save\acm.dll
C:\Programme\BearShare\RunMSC.dll
C:\Programme\BearShare\Webstats.exe
C:\Programme\BearShare\Webstats.ini
Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\wusn.1
HKEY_LOCAL_MACHINE\software\classes\wusn.1 WUSN_Id
HKEY_LOCAL_MACHINE\software\whenusave
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE Partner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE InstallTime 20060210231458
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE PartnerDesc BearShare
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE PartnerFile C:\Programme\BearShare\BearShare.exe
HKEY_LOCAL_MACHINE\software\whenusave db_script_update 1002700828
HKEY_LOCAL_MACHINE\software\whenusave InstallDir C:\Programme\Save
HKEY_LOCAL_MACHINE\software\whenusave pats_url http://akapp.whenu.com/OffersDataGZ
HKEY_LOCAL_MACHINE\software\whenusave pat_chunks_url http://akapp.whenu.com/DataChunksGZ
HKEY_LOCAL_MACHINE\software\whenusave script_url http://akweb.whenu.com/offscript2.html
HKEY_LOCAL_MACHINE\software\whenusave update_url http://akdwl.whenu.com/saveupdate.exe
HKEY_LOCAL_MACHINE\software\whenusave ver_url http://www.whenu.com/versions.html
HKEY_LOCAL_MACHINE\software\whenusave Version 3.50
HKEY_LOCAL_MACHINE\software\whenusave timedDBUpdate_rs Y
HKEY_LOCAL_MACHINE\software\whenusave SystemParam_rs dt=WhenU Save;q=;i=1
HKEY_LOCAL_MACHINE\software\whenusave extra_url http://spweb.whenu.com/extra.exe
HKEY_LOCAL_MACHINE\software\whenusave extraver_url http://spweb.whenu.com/extraver.html
HKEY_LOCAL_MACHINE\software\whenusave ziptomsa_url http://spapp.whenu.com/ziptomsa
HKEY_LOCAL_MACHINE\software\whenusave InstallTime 20060210231458
HKEY_LOCAL_MACHINE\software\whenusave LastPartner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave SetupCmdLine http://web.whenu.com/Offers?iou=i&clp=E ... 0001&pip=0
HKEY_LOCAL_MACHINE\software\whenusave zip
HKEY_LOCAL_MACHINE\software\whenusave acm_rs 1.02
HKEY_LOCAL_MACHINE\software\whenusave TotalPartner 1
HKEY_LOCAL_MACHINE\software\whenusave newuser_rs Y
HKEY_LOCAL_MACHINE\software\whenusave Partner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave PartnerB EEPE
HKEY_LOCAL_MACHINE\software\whenusave PartnerDesc BearShare
HKEY_LOCAL_MACHINE\software\whenusave SetupCount 4
HKEY_LOCAL_MACHINE\software\whenusave TotalPopup ;;;;;;0;0;10;10
HKEY_LOCAL_MACHINE\software\whenusave HeartbeatTime 1139609711123
HKEY_LOCAL_MACHINE\software\whenusave HeartbeatCount 1
HKEY_LOCAL_MACHINE\software\whenusave FullDBTime N
HKEY_LOCAL_MACHINE\software\whenusave db_fail_cnt 1
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_fail_cnt 1
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE Partner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE InstallTime 20060210231458
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE PartnerDesc BearShare
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE PartnerFile C:\Programme\BearShare\BearShare.exe
HKEY_LOCAL_MACHINE\software\whenusave InstallDir C:\Programme\Save
HKEY_LOCAL_MACHINE\software\whenusave pats_url http://akapp.whenu.com/OffersDataGZ
HKEY_LOCAL_MACHINE\software\whenusave pat_chunks_url http://akapp.whenu.com/DataChunksGZ
HKEY_LOCAL_MACHINE\software\whenusave Version 3.50
HKEY_LOCAL_MACHINE\software\whenusave timedDBUpdate_rs Y
HKEY_LOCAL_MACHINE\software\whenusave SystemParam_rs dt=WhenU Save;q=;i=1
HKEY_LOCAL_MACHINE\software\whenusave InstallTime 20060210231458
HKEY_LOCAL_MACHINE\software\whenusave LastPartner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave SetupCmdLine http://web.whenu.com/Offers?iou=i&clp=E ... 0001&pip=0
HKEY_LOCAL_MACHINE\software\whenusave TotalPartner 1
HKEY_LOCAL_MACHINE\software\whenusave newuser_rs Y
HKEY_LOCAL_MACHINE\software\whenusave Partner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave PartnerB EEPE
HKEY_LOCAL_MACHINE\software\whenusave PartnerDesc BearShare
HKEY_LOCAL_MACHINE\software\whenusave SetupCount 4
HKEY_LOCAL_MACHINE\software\whenusave TotalPopup ;;;;;;0;0;10;10
HKEY_LOCAL_MACHINE\software\whenusave HeartbeatTime 1139609711123
HKEY_LOCAL_MACHINE\software\whenusave HeartbeatCount 1
HKEY_LOCAL_MACHINE\software\whenusave FullDBTime N
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave heartbeattime
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave timeddbupdate_rs
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayName WhenU Save
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayIcon C:\Programme\Save\save.exe,1
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayVersion 3.50
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg HelpLink http://www.whenu.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg UrlInfoAbout http://www.whenu.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg Publisher WhenU.com, Inc.
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg UninstallString "C:\Programme\Save\SaveUninst.exe" /w /d"WhenU Save"
HKEY_CLASSES_ROOT\ACM.ACMFactory
HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class
HKEY_CLASSES_ROOT\ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM
HKEY_CLASSES_ROOT\AppID\ACM.DLL
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
Adware.Webredir Adware more information...
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}
WhenU.WhenUSearch Low Risk Adware more information...
Details: a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id
SearchNugget Browser Plug-in more information...
Details: SearchNugget is a Browser Helper Object that displays a toolbar in Internet Explorer as well as a button and changes the Internet Explorer home page.
Status: Deleted
Infected files detected
c:\programme\save\acm.dll
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1 ACMFactory Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
Start Date: 17.02.2006 17:28:32
End Date: 17.02.2006 17:49:08
Total Time: 20 mins 36 secs
Detected spyware
BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Deleted
Infected files detected
c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\bearshare.exe
c:\programme\bearshare\bsidle.dll
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\history.txt
c:\programme\bearshare\install.log
c:\programme\bearshare\runmsc.dll
c:\programme\bearshare\unwise.exe
c:\programme\bearshare\webstats.bat
c:\programme\bearshare\webstats.exe
c:\programme\bearshare\webstats.ini
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\connect.txt
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\db\hostiles-chat.txt
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.2.db
c:\programme\bearshare\db\library.2.db.lastgoodload.bak
c:\programme\bearshare\db\library.db
c:\programme\bearshare\db\library.db.lastgoodload.bak
c:\programme\bearshare\db\searches.ini
c:\programme\bearshare\logs\hosts-state.txt
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt
c:\programme\bearshare\logs\streams.txt
c:\programme\bearshare\sounds\notify.wav
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.dat
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.dat.bak
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.exe
c:\programme\bearshare\temp\tmpbsinstall5.2.1.2.tiger
Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella
HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8
HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.1.0.27
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.com/help.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare
ReJump Time Tracker Surveillance more information...
Details: The system collects information about active applications and windows and calculates quantity of keystrokes and mouse clicks
Status: Deleted
Infected files detected
c:\windows\system32\hook.dll
WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Deleted
Infected files detected
c:\programme\save\save.exe
c:\programme\save\acm.dll
C:\Programme\BearShare\RunMSC.dll
C:\Programme\BearShare\Webstats.exe
C:\Programme\BearShare\Webstats.ini
Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\wusn.1
HKEY_LOCAL_MACHINE\software\classes\wusn.1 WUSN_Id
HKEY_LOCAL_MACHINE\software\whenusave
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE Partner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE InstallTime 20060210231458
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE PartnerDesc BearShare
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE PartnerFile C:\Programme\BearShare\BearShare.exe
HKEY_LOCAL_MACHINE\software\whenusave db_script_update 1002700828
HKEY_LOCAL_MACHINE\software\whenusave InstallDir C:\Programme\Save
HKEY_LOCAL_MACHINE\software\whenusave pats_url http://akapp.whenu.com/OffersDataGZ
HKEY_LOCAL_MACHINE\software\whenusave pat_chunks_url http://akapp.whenu.com/DataChunksGZ
HKEY_LOCAL_MACHINE\software\whenusave script_url http://akweb.whenu.com/offscript2.html
HKEY_LOCAL_MACHINE\software\whenusave update_url http://akdwl.whenu.com/saveupdate.exe
HKEY_LOCAL_MACHINE\software\whenusave ver_url http://www.whenu.com/versions.html
HKEY_LOCAL_MACHINE\software\whenusave Version 3.50
HKEY_LOCAL_MACHINE\software\whenusave timedDBUpdate_rs Y
HKEY_LOCAL_MACHINE\software\whenusave SystemParam_rs dt=WhenU Save;q=;i=1
HKEY_LOCAL_MACHINE\software\whenusave extra_url http://spweb.whenu.com/extra.exe
HKEY_LOCAL_MACHINE\software\whenusave extraver_url http://spweb.whenu.com/extraver.html
HKEY_LOCAL_MACHINE\software\whenusave ziptomsa_url http://spapp.whenu.com/ziptomsa
HKEY_LOCAL_MACHINE\software\whenusave InstallTime 20060210231458
HKEY_LOCAL_MACHINE\software\whenusave LastPartner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave SetupCmdLine http://web.whenu.com/Offers?iou=i&clp=E ... 0001&pip=0
HKEY_LOCAL_MACHINE\software\whenusave zip
HKEY_LOCAL_MACHINE\software\whenusave acm_rs 1.02
HKEY_LOCAL_MACHINE\software\whenusave TotalPartner 1
HKEY_LOCAL_MACHINE\software\whenusave newuser_rs Y
HKEY_LOCAL_MACHINE\software\whenusave Partner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave PartnerB EEPE
HKEY_LOCAL_MACHINE\software\whenusave PartnerDesc BearShare
HKEY_LOCAL_MACHINE\software\whenusave SetupCount 4
HKEY_LOCAL_MACHINE\software\whenusave TotalPopup ;;;;;;0;0;10;10
HKEY_LOCAL_MACHINE\software\whenusave HeartbeatTime 1139609711123
HKEY_LOCAL_MACHINE\software\whenusave HeartbeatCount 1
HKEY_LOCAL_MACHINE\software\whenusave FullDBTime N
HKEY_LOCAL_MACHINE\software\whenusave db_fail_cnt 1
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_fail_cnt 1
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE Partner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE InstallTime 20060210231458
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE PartnerDesc BearShare
HKEY_LOCAL_MACHINE\software\whenusave\Partners\EEPE PartnerFile C:\Programme\BearShare\BearShare.exe
HKEY_LOCAL_MACHINE\software\whenusave InstallDir C:\Programme\Save
HKEY_LOCAL_MACHINE\software\whenusave pats_url http://akapp.whenu.com/OffersDataGZ
HKEY_LOCAL_MACHINE\software\whenusave pat_chunks_url http://akapp.whenu.com/DataChunksGZ
HKEY_LOCAL_MACHINE\software\whenusave Version 3.50
HKEY_LOCAL_MACHINE\software\whenusave timedDBUpdate_rs Y
HKEY_LOCAL_MACHINE\software\whenusave SystemParam_rs dt=WhenU Save;q=;i=1
HKEY_LOCAL_MACHINE\software\whenusave InstallTime 20060210231458
HKEY_LOCAL_MACHINE\software\whenusave LastPartner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave SetupCmdLine http://web.whenu.com/Offers?iou=i&clp=E ... 0001&pip=0
HKEY_LOCAL_MACHINE\software\whenusave TotalPartner 1
HKEY_LOCAL_MACHINE\software\whenusave newuser_rs Y
HKEY_LOCAL_MACHINE\software\whenusave Partner EEPE0105010001
HKEY_LOCAL_MACHINE\software\whenusave PartnerB EEPE
HKEY_LOCAL_MACHINE\software\whenusave PartnerDesc BearShare
HKEY_LOCAL_MACHINE\software\whenusave SetupCount 4
HKEY_LOCAL_MACHINE\software\whenusave TotalPopup ;;;;;;0;0;10;10
HKEY_LOCAL_MACHINE\software\whenusave HeartbeatTime 1139609711123
HKEY_LOCAL_MACHINE\software\whenusave HeartbeatCount 1
HKEY_LOCAL_MACHINE\software\whenusave FullDBTime N
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave heartbeattime
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave timeddbupdate_rs
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayName WhenU Save
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayIcon C:\Programme\Save\save.exe,1
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg DisplayVersion 3.50
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg HelpLink http://www.whenu.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg UrlInfoAbout http://www.whenu.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg Publisher WhenU.com, Inc.
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WhenUSaveMsg UninstallString "C:\Programme\Save\SaveUninst.exe" /w /d"WhenU Save"
HKEY_CLASSES_ROOT\ACM.ACMFactory
HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class
HKEY_CLASSES_ROOT\ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM
HKEY_CLASSES_ROOT\AppID\ACM.DLL
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
Adware.Webredir Adware more information...
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}
WhenU.WhenUSearch Low Risk Adware more information...
Details: a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id
SearchNugget Browser Plug-in more information...
Details: SearchNugget is a Browser Helper Object that displays a toolbar in Internet Explorer as well as a button and changes the Internet Explorer home page.
Status: Deleted
Infected files detected
c:\programme\save\acm.dll
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ACM.ACMFactory.1 ACMFactory Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
- _ninja_
- Beiträge: 39
- Registriert: 31.01.2006, 18:23
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von _ninja_ am 18.02.2006, 22:51
soooo, hab das panda scan auch nochmal durchgeführt, hat keine probleme gefunden..
jetzt ist aber folgendes, dieses problem mit dem internet besteht nur bei mir daheim. bei freunden hab ich den ganz normalen speed ohne einschränkungen...
woran kann denn das noch liegen? hab auch schon bei arcor angerufen, und die meineten das die leitungen von mir ganz normal aussehen!
vlt noch ein paar andere lösungsvorschläge woran das liegen könnte??
danke im vorraus!
jetzt ist aber folgendes, dieses problem mit dem internet besteht nur bei mir daheim. bei freunden hab ich den ganz normalen speed ohne einschränkungen...
woran kann denn das noch liegen? hab auch schon bei arcor angerufen, und die meineten das die leitungen von mir ganz normal aussehen!
vlt noch ein paar andere lösungsvorschläge woran das liegen könnte??
danke im vorraus!
- _ninja_
- Beiträge: 39
- Registriert: 31.01.2006, 18:23
von Nikita am 18.02.2006, 23:33
was du zuletzt geschrieben hast... poste es in DFÜ Netzwerk Internet
http://www.informationsarchiv.net/foren/forum-34.html
http://www.informationsarchiv.net/foren/forum-34.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
9 Beiträge • Seite 1 von 1
Ähnliche Themen
| HILFE ALLE MEINE ORDNERBERECHTIGUNG SIND WEG HILFE BITTE Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
brauche BITTE mal ganz dringend hilfe!!! Forum: Software-Hilfe Autor: blue-sky Antworten: |
USB Hub tot?? Bitte um hilfe!! Forum: Hardware-Hilfe Autor: Ponny2 Antworten: |
CRC- Check bitte dringend Hilfe Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
pc geht garnicht erst an! bitte dringend um hilfe! Forum: Hardware-Hilfe Autor: nicbar Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste