BearShare, webstats.bat, BearShare.exe, bearshare.dll, bsidle.dll

startseite Gastbuch Kontakt
BearShare
BearShare

BearShare, webstats.bat, BearShare.exe, bearshare.dll, bsidle.dll



Bearshare ist Spyware

Quelle: shortnews.stern.de
Altötting: Tauschbörse BearShare benutzt und erwischt - Familie zahlt über 1.000 Euro Strafe Eine 16-Jährige aus dem Landkreis Altötting bekam im November letzten Jahres einen Brief von der Rechtsanwaltskanzlei Rasch, indem mehrere Medienkonzerne vertreten waren. Es ging um 736 Songs, die sie bei der Tauschbörse BearShare heruntergeladen hat. Es wurden 7.000 Euro Schadensersatz gefordert. Dank der Hilfe einer Anwältin aus München müssen ihre Eltern nun eine Strafe von 1.500 Euro zahlen. Weitere 500 Euro bekam die Anwältin. Damit dies nicht wieder vorkommt, unterschrieben die Eltern eine Unterlassungserklärung. Sie bestimmt, dass sie in Zukunft pro illegal geladenen Song 5.000 Euro Strafe zahlen müssen.




HijackThis

O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause


Counterspy
http://virus-protect.org/counterspy1.html

C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENü\PROGRAMME\BEARSHARE.LNK
C:\Dokumente und Einstellungen\%Username%\Desktop\BearShare Downloads.lnk
C:\Dokumente und Einstellungen\%Username%\Desktop\BearShare.lnk
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\BearShare
C:\Programme\BearShare Applications
C:\Programme\BearShare MediaBar
C:\Programme\BearShare


c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\connect.txt
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\db\hostiles-chat.txt
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.2.db
c:\programme\bearshare\db\library.2.db.lastgoodload.bak
c:\programme\bearshare\db\library.db
c:\programme\bearshare\db\library.db.lastgoodload.bak
c:\programme\bearshare\db\searches.ini
c:\programme\bearshare\logs\hosts-state.txt
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt
c:\programme\bearshare\logs\streams.txt


HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}

HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll

HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0

HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\

HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library

HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}

HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll

HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0

HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\

HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library


C:\Programme\BearShare\RunMSC.dll
C:\Programme\BearShare\Webstats.exe
C:\Programme\BearShare\Webstats.ini


C:\Programme\BearShare\BearShare.exe
C:\Programme\BearShare\bearshare.dll
C:\Programme\BearShare\bsidle.dll
C:\Programme\BearShare\freepeers.ini
C:\Programme\BearShare\webstats.bat
C:\Programme\BearShare\webstats.ini
C:\Programme\BearShare\installer\bsproinstall.exe
C:\Programme\BearShare\bearshare\db\config.bin

C:\Programme\BearShare\Installer\saveinstwm.exe
C:\Programme\BearShare\installer\bsproinstall.exe

bearshare.dat
bearshare.exe-2a0c795d.pf
bsinstallit.exe
bsproinstall.exe-09623c04.pf
commonprograms+\bearshare.lnk
connect.dat
connect.txt
console.txt
desktopdir+\bearshare downloads.lnk
desktopdir+\bearshare.lnk
glb4.tmp-2f6bfa1a.pf
gnucache.dat
hbcache.dat
history.txt
hostiles.txt
install.log
library.dat
memory.txt
ordinal.txt
programfilesdir+\bearshare\bsidle.dll
programfilesdir+\bearshare\db\config.bin
C:\Programme\BearShare\freepeers.ini
programfilesdir+\bearshare\html\index.htm
programfilesdir+\bearshare\installer\bsproinstall.exe
C:\Programme\BearShare\webstats.bat
programfilesdir+\bearshare\webstats.ini


BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Ignored


c:\programme\bearshare\bearshare.exe
c:\programme\bearshare\bsidle.dll
c:\programme\bearshare\runmsc.dll
c:\programme\bearshare\webstats.bat
c:\programme\bearshare\webstats.exe
c:\programme\bearshare\webstats.ini
c:\programme\bearshare\history.txt
c:\programme\bearshare\install.log
c:\programme\bearshare\bearshare.dat
c:\programme\bearshare\freepeers.ini
c:\programme\bearshare\unwise.exe
c:\programme\bearshare\unwise.ini
c:\programme\bearshare\sounds\notify.wav
c:\programme\bearshare\installer\bsinstallde.exe
c:\programme\bearshare\db\hbcache.dat
c:\programme\bearshare\db\gnucache.dat
c:\programme\bearshare\db\connect.txt
c:\programme\bearshare\db\config.bin
c:\programme\bearshare\db\hostiles.txt
c:\programme\bearshare\db\library.dat
c:\programme\bearshare\db\gwebcache.dat
c:\programme\bearshare\logs\memory.txt
c:\programme\bearshare\logs\ordinal.txt

Infected registry entries detected

HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella
HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8
HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 4.6.1.2DE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare



Directory of C:\Program Files\BearShare\db

10/11/2005 23:15 1,062 config.bin
07/09/2005 12:41 165,942 connect.txt
10/11/2005 23:14 59,392 library.2.db
10/11/2005 23:14 59,392 library.2.db.lastgoodload.bak
10/11/2005 23:14 59,392 library.db
10/11/2005 23:14 59,392 library.db.lastgoodload.bak
6 File(s) 404,572 bytes
2 Dir(s) 26,602,360,832 bytes free


virus-protect.org Valid HTML 4.0 Ranking-Hits