|
|
| Kazaa Need2FindBar P2PNetworking InstaFinderK Peer Points Manager RXToolBar
|
|
Kazaa , Need2FindBar , P2PNetworking , InstaFinderK , Peer Points Manager , RXToolBar
HijackTHis
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483}- C:\Program Files\RXToolBar\sfcont.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Programme\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -
O8 - Extra context menu item: Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
Killbox
C:\WINDOWS\System32\P2P Networking
C:\Programme\Need2Find
C:\Programme\RXToolBar
C:\Kazaa
C:\Program Files\Altnet
Spyware.P2PNetworking
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2P Networking]
[-HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking]
[-HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
[-HKEY_CLASSES_ROOT\CLSID\{CC7A6223-3759-4075-8CEA-971F5CFC0ED2}]
[-HKEY_CLASSES_ROOT\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
[-HKEY_CLASSES_ROOT\WebP2PInstaller.Installer]
[-HKEY_CLASSES_ROOT\JCDE_Stack]
[-HKEY_CLASSES_ROOT\JCDE_Stack.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0}]
[-HKEY_CLASSES_ROOT\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}]
[-HKEY_CLASSES_ROOT\WebP2PInstaller.Installer.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Extended Properties\{305CA226-D286-468e-B848-2B2E8E697B74}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking]
|
C:\Dokumente und Einstellungen\Username\Lokale Einstellungen\Temp\p2psetup.exe
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll ->> TrojanDownloader.WebP2PInstaller
C:\WINDOWS\system32\P2P Networking\MARSHAL.DLL
C:\WINDOWS\system32\P2P Networking
c:\windows\system32\p2p networking\p2p networking.eng
c:\windows\system32\p2p networking\cache\database\file-1001-595.sig
c:\windows\system32\p2p networking\cache\database\index256.dbb
c:\windows\downloaded program files\webp2pinstaller.dll
c:\windows\system32\p2p networking v126.cpl
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Need2FindBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar
HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner
|
C:\!Submit\1.bin\ND2FNBAR.DLL
C:\!Submit\1.bin\NPND2FN.DLL
C:\!Submit\bar\1.bin\N2PLUGIN.DLL
C:\!Submit\bar\1.bin\ND2FNBAR.DLL
C:\!Submit\bar\1.bin\NPND2FN.DLL
C:\Programme\Need2Find
Altnet\Download Manager
C:\Program Files\Altnet\Download Manager\adm25.dll
C:\Program Files\Altnet\Download Manager\adm4.dll
C:\Program Files\Altnet\Download Manager\admdloader.dll
C:\Program Files\Altnet\Download Manager\admfdi.dll
C:\Program Files\Altnet\Download Manager\admprog.dll
C:\Program Files\Altnet\Download Manager\altnetuninstall.exe
C:\Program Files\Altnet\Download Manager\asmend.exe
C:\Program Files\Altnet\Points Manager\setup.cab/PMuninstall.bde
C:\Program Files\Altnet\Points Manager\sysdetect.dll - Adware.BrilliantDigital
C:\Kazaa\TopSearch.dll - Spyware.Altnet
[-HKEY_LOCAL_MACHINE\software\altnet]
[-HKEY_CLASSES_ROOT\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}]
[-HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}]
[-HKEY_CLASSES_ROOT\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43}]
[-HKEY_CLASSES_ROOT\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}]
[-HKEY_CLASSES_ROOT\SigningModule.SigningModule]
[-HKEY_CLASSES_ROOT\SigningModule.SigningModule.1]
RxToolbar
c:\programme\rxtoolbar\rx.xml
c:\programme\rxtoolbar\rxwebsearches.xsl
c:\programme\rxtoolbar\sfcont.bin
c:\programme\rxtoolbar\graphics\additional.gif
c:\programme\rxtoolbar\graphics\additional_active.gif
c:\programme\rxtoolbar\graphics\background.jpg
c:\programme\rxtoolbar\graphics\blue_hr_horz.gif
c:\programme\rxtoolbar\graphics\gray_hr_horz.gif
c:\programme\rxtoolbar\graphics\thumbtack.gif
c:\programme\rxtoolbar\graphics\thumbtack_active.gif
c:\programme\rxtoolbar\graphics\thumbtack_click.gif
c:\programme\rxtoolbar\html\content.htm
c:\programme\rxtoolbar\html\main.htm
c:\programme\rxtoolbar\semantic insight\bkpack01.01.dat
c:\programme\rxtoolbar\semantic insight\bkpack01.01.sig
c:\programme\rxtoolbar\semantic insight\bkpack01.dat
c:\programme\rxtoolbar\semantic insight\bkpack01.sig
c:\programme\rxtoolbar\semantic insight\blabels01.dat
c:\programme\rxtoolbar\semantic insight\blabels01.sig
c:\programme\rxtoolbar\semantic insight\customersecret.key
c:\programme\rxtoolbar\semantic insight\customersecret.sig
c:\programme\rxtoolbar\semantic insight\nlabels01.dat
c:\programme\rxtoolbar\semantic insight\nlabels01.sig
HKEY_LOCAL_MACHINE\Software\RXResults
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar
MyGlobalSearch.Toolbar
c:\programme\myglobalsearch\bar\history\search
[-HKEY_CLASSES_ROOT\MyGlobalSearchBar.ToolbarPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch]
HijackThis
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Programme\RXToolBar\RXToolBar.dll (file missing)
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [rdirector] C:\WINDOWS\System32\rdirector.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [rdirector] C:\WINDOWS\System32\rdirector.exe
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
C:\WINDOWS\SYSTEM32\AdCache -> Adware.Cydoor
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXToolBar.TBInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RXToolBar.TBInfo\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{1D6711C8-7154-40BB-8380-3DEA45B69CBF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AltnetDM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar
HKU\S-1-5-21-1823710139-2704508892-1694447197-1005\Software\Kazaa\Promotions\Cydoor
|
stelle den Cleaner genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html
Counterspy
http://virus-protect.org/counterspy1.html
* nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
|
|
|
