'IEXPLORE.EXE'-Änderungen Total Uninstall, 16.11.04 21:46:37 Arbeitsplatz =============== Dateisystem =============== (VERZEICHNIS) C: (+)(DATEI) 124492.exe = 20:44 16.11.04 26328 Bytes (+)(VERZEICHNIS) C:\Programme\WebSiteViewer (VERZEICHNIS) C:\WINDOWS (+)(DATEI) emdat.tm = 20:45 16.11.04 0 Bytes (+)(DATEI) emdat.tmp = 20:45 16.11.04 0 Bytes (+)(DATEI) loadnew.exe = 20:44 16.11.04 4608 Bytes (+)(DATEI) mstasks1.exe = 20:44 16.11.04 1184 Bytes (+)(DATEI) mstasks2.exe = 20:44 16.11.04 12846 Bytes (+)(DATEI) mstasks3.exe = 20:44 16.11.04 1024 Bytes (+)(DATEI) test = 20:44 16.11.04 0 Bytes (+)(DATEI) toolbar.exe = 20:44 16.11.04 12288 Bytes (*)(DATEI) hosts 20:28 16.11.04 736 Bytes ==> 20:44 16.11.04 628 Bytes (*)(DATEI) SYSTEM.DAT 20:41 16.11.04 4001824 Bytes ==> 20:46 16.11.04 4001824 Bytes (*)(DATEI) USER.DAT 20:37 16.11.04 544800 Bytes ==> 20:44 16.11.04 544800 Bytes (VERZEICHNIS) C:\WINDOWS\APPLOG (*)(DATEI) APPLOG.ind 20:36 16.11.04 9402 Bytes ==> 20:45 16.11.04 9745 Bytes (VERZEICHNIS) C:\WINDOWS\Desktop (+)(DATEI) child.exe = 20:44 16.11.04 11296 Bytes (+)(DATEI) d.exe = 20:45 16.11.04 31834 Bytes (+)(DATEI) msload.exe = 20:44 16.11.04 1424 Bytes (+)(DATEI) pr.exe = 20:44 16.11.04 19258 Bytes (+)(DATEI) twamp0d1.exe = 20:44 16.11.04 1072 Bytes (+)(DATEI) twmp0d1.exe = 20:45 16.11.04 14368 Bytes (VERZEICHNIS) C:\WINDOWS\Downloaded Program Files (+)(DATEI) ISTactivex.dll = 16:37 06.11.04 16384 Bytes (+)(DATEI) WinAdCtlX.dll = 11:47 11.11.04 22528 Bytes (VERZEICHNIS) C:\WINDOWS\Profiles\Tester (*)(DATEI) USER.DAT 20:42 16.11.04 639008 Bytes ==> 20:46 16.11.04 639008 Bytes (VERZEICHNIS) C:\WINDOWS\Profiles\Tester\Anwendungsdaten\Mozilla\Firefox\Profiles\3nq228dz.default (*)(DATEI) bookmarks.bak 20:40 16.11.04 8857 Bytes ==> 20:45 16.11.04 8857 Bytes (*)(DATEI) bookmarks.html 20:40 16.11.04 8857 Bytes ==> 20:45 16.11.04 8857 Bytes (*)(DATEI) history.dat 20:40 16.11.04 590 Bytes ==> 20:45 16.11.04 590 Bytes (*)(DATEI) localstore.rdf 20:40 16.11.04 4576 Bytes ==> 20:45 16.11.04 4402 Bytes (*)(DATEI) prefs.js 20:40 16.11.04 1886 Bytes ==> 20:45 16.11.04 1886 Bytes (VERZEICHNIS) C:\WINDOWS\Profiles\Tester\Anwendungsdaten\Mozilla\Firefox\Profiles\3nq228dz.default\Cache (*)(DATEI) _CACHE_MAP_ 20:40 16.11.04 135168 Bytes ==> 20:45 16.11.04 135168 Bytes (VERZEICHNIS) C:\WINDOWS\Profiles\Tester\Anwendungsdaten\Talkback\MozillaOrg\Firefox10\Win32\2004091322 (*)(DATEI) permdata.box 20:40 16.11.04 371 Bytes ==> 20:45 16.11.04 371 Bytes (VERZEICHNIS) C:\WINDOWS\Profiles\Tester\Cookies (+)(DATEI) tester@tb[1].txt = 20:44 16.11.04 76 Bytes (+)(DATEI) tester@xxxtoolbar[2].txt = 20:44 16.11.04 449 Bytes (+)(VERZEICHNIS) C:\WINDOWS\Profiles\Tester\His6\History.IE5\MSHist012004111620041117 (+)(DATEI) index.dat = 20:45 16.11.04 32768 Bytes (VERZEICHNIS) C:\WINDOWS\SYSTEM (+)(DATEI) child.dll = 20:44 16.11.04 8192 Bytes (+)(DATEI) dktibs.exe = 20:44 16.11.04 25088 Bytes (+)(DATEI) msrexe.exe = 20:45 16.11.04 31744 Bytes (+)(DATEI) systime.exe = 20:44 16.11.04 2560 Bytes (+)(VERZEICHNIS) C:\WINDOWS\SYSTEM\sr64 (+)(DATEI) glnjfinm.exe = 20:44 16.11.04 19258 Bytes (+)(DATEI) sr32.dll = 20:44 16.11.04 7168 Bytes (+)(VERZEICHNIS) C:\WINDOWS\TEMP\ICD1.tmp (+)(DATEI) istactivex.dll = 16:37 06.11.04 16384 Bytes (+)(DATEI) istactivex.inf = 12:37 22.07.04 227 Bytes (+)(VERZEICHNIS) C:\WINDOWS\TEMP\ICD3.tmp (+)(DATEI) MediaTicketsInstaller.INF = 16:56 13.10.04 2140 Bytes (+)(DATEI) MediaTicketsInstaller.ocx = 16:52 15.11.04 139264 Bytes (VERZEICHNIS) C:\WINDOWS\Temporary Internet Files\Content.IE5\0TMJGLMN (+)(DATEI) 0006_regular[1].cab = 20:44 16.11.04 18162 Bytes (+)(DATEI) 0heart_fresh[1].gif = 20:44 16.11.04 1040 Bytes (+)(DATEI) 124492[1].exe = 20:44 16.11.04 26328 Bytes (+)(DATEI) all[1].htm = 20:44 16.11.04 382 Bytes (+)(DATEI) bridge-c18[1].cab = 20:44 16.11.04 26927 Bytes (+)(DATEI) dominaohio[2].htm = 20:43 16.11.04 19329 Bytes (+)(DATEI) durnTICKET[1].gif = 20:43 16.11.04 4491 Bytes (+)(DATEI) EveBanner3[1].gif = 20:43 16.11.04 73021 Bytes (+)(DATEI) mstasks1[1].txt = 20:44 16.11.04 1184 Bytes (+)(DATEI) systime[1].txt = 20:44 16.11.04 2560 Bytes (VERZEICHNIS) C:\WINDOWS\Temporary Internet Files\Content.IE5\89KZ2KD3 (+)(DATEI) adv431[1].htm = 20:44 16.11.04 400 Bytes (+)(DATEI) enter7[1].gif = 20:44 16.11.04 3348 Bytes (+)(DATEI) glx[1].exe = 20:44 16.11.04 1424 Bytes (+)(DATEI) loader2[1].ocx = 20:44 16.11.04 62672 Bytes (+)(DATEI) log_downloads[1].htm = 20:44 16.11.04 56 Bytes (+)(DATEI) proxyrnd[1].exe = 20:45 16.11.04 31834 Bytes (+)(DATEI) rose1[1].gif = 20:43 16.11.04 2728 Bytes (+)(DATEI) rotate_rib[1].gif = 20:44 16.11.04 48906 Bytes (+)(DATEI) yellowba[1].gif = 20:43 16.11.04 995 Bytes (VERZEICHNIS) C:\WINDOWS\Temporary Internet Files\Content.IE5\QD0ZULWN (+)(DATEI) child[1].exe = 20:44 16.11.04 11296 Bytes (+)(DATEI) cntr[1].php = 20:44 16.11.04 0 Bytes (+)(DATEI) exit4[1].gif = 20:44 16.11.04 2230 Bytes (+)(DATEI) mbimg[1].gif = 20:44 16.11.04 6394 Bytes (+)(DATEI) nnk[1].exe = 20:44 16.11.04 1072 Bytes (+)(DATEI) protect[1].php = 20:44 16.11.04 11076 Bytes (+)(DATEI) sb[1].htm = 20:44 16.11.04 535 Bytes (+)(DATEI) set2[1].htm = 20:44 16.11.04 399 Bytes (+)(DATEI) warn3[1].jpg = 20:44 16.11.04 8744 Bytes (+)(DATEI) WinAdCtl[1].exe = 20:44 16.11.04 25088 Bytes (VERZEICHNIS) C:\WINDOWS\Temporary Internet Files\Content.IE5\SHS18HU1 (+)(DATEI) a4[1].htm = 20:44 16.11.04 349 Bytes (+)(DATEI) best-voyeur[1].htm = 20:44 16.11.04 128 Bytes (+)(DATEI) dktibs[1].htm = 20:44 16.11.04 25088 Bytes (+)(DATEI) MediaTicketsInstaller[1].cab = 20:44 16.11.04 106902 Bytes (+)(DATEI) mstasks2[1].txt = 20:44 16.11.04 12846 Bytes (+)(DATEI) mstasks3[1].txt = 20:44 16.11.04 1024 Bytes (+)(DATEI) mtrslib2[1].js = 20:44 16.11.04 8804 Bytes (+)(DATEI) outlooki[1].exe = 20:45 16.11.04 14368 Bytes (+)(DATEI) pr[1].exe = 20:44 16.11.04 19258 Bytes (+)(DATEI) prompt[1].php = 20:44 16.11.04 15019 Bytes (+)(DATEI) toolbar[1].txt = 20:44 16.11.04 12288 Bytes Registry =============== (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\ISTactivex.Installer (+)(REGISTRY-WERT) (Default) = 'Installer Class' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\ISTactivex.Installer\CLSID (+)(REGISTRY-WERT) (Default) = '{386A771C-E96A-421f-8BA7-32F1B706892F}' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\ISTactivex.Installer\CurVer (+)(REGISTRY-WERT) (Default) = 'ISTactivex.Installer.2' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\ISTactivex.Installer.2 (+)(REGISTRY-WERT) (Default) = 'Installer Class' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\ISTactivex.Installer.2\CLSID (+)(REGISTRY-WERT) (Default) = '{386A771C-E96A-421f-8BA7-32F1B706892F}' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\WinAdCtlX.Installer (+)(REGISTRY-WERT) (Default) = 'WinAdCtlX.Installer' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\WinAdCtlX.Installer\CLSID (+)(REGISTRY-WERT) (Default) = '{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Implemented Categories (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\InprocServer32 (+)(REGISTRY-WERT) (Default) = 'C:\WINDOWS\DOWNLOADED PROGRAM FILES\WINADCTLX.DLL' (+)(REGISTRY-WERT) ThreadingModel = 'Apartment' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F} (+)(REGISTRY-WERT) (Default) = 'Installer Class' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\Control (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\InprocServer32 (+)(REGISTRY-WERT) (Default) = 'C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL' (+)(REGISTRY-WERT) ThreadingModel = 'Apartment' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\MiscStatus (+)(REGISTRY-WERT) (Default) = '0' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\MiscStatus\1 (+)(REGISTRY-WERT) (Default) = '132497' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\ProgID (+)(REGISTRY-WERT) (Default) = 'ISTactivex.Installer.2' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\Programmable (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\ToolboxBitmap32 (+)(REGISTRY-WERT) (Default) = 'C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL, 101' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\TypeLib (+)(REGISTRY-WERT) (Default) = '{0985C112-2562-46f2-8DA6-92648BA4630F}' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\Version (+)(REGISTRY-WERT) (Default) = '1.1' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}\VersionIndependentProgID (+)(REGISTRY-WERT) (Default) = 'ISTactivex.Installer' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F} (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32 (+)(REGISTRY-WERT) (Default) = 'C:\WINDOWS\SYSTEM\child.dll' (+)(REGISTRY-WERT) ThreadingModel = 'Apartment' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} (+)(REGISTRY-WERT) (Default) = 'IInstaller' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid (+)(REGISTRY-WERT) (Default) = '{00020424-0000-0000-C000-000000000046}' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\ProxyStubClsid32 (+)(REGISTRY-WERT) (Default) = '{00020424-0000-0000-C000-000000000046}' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib (+)(REGISTRY-WERT) (Default) = '{67907B3C-A6EF-4A01-99AD-3FCD5F526429}' (+)(REGISTRY-WERT) Version = '1.1' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1 (+)(REGISTRY-WERT) (Default) = 'IST 1.1 Type Library' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\0 (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\0\win32 (+)(REGISTRY-WERT) (Default) = 'C:\WINDOWS\DOWNLOADED PROGRAM FILES\ISTACTIVEX.DLL' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\FLAGS (+)(REGISTRY-WERT) (Default) = '0' (+)(REGISTRY-SCHLÜSSEL) HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}\1.1\HELPDIR (+)(REGISTRY-WERT) (Default) = 'C:\WINDOWS\DOWNLOADED PROGRAM FILES\' (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Windows AdControl (+)(REGISTRY-WERT) param = '00a892b6ab044356b4e02e0c0a2ecc0e910fdb09958ed5a8c18b1eb8aefa2176b8bc16:3036623136633633626531653638333461396333623461363138636334633237:Internet Explorer:5.0 0(DigExt):win98:513' (REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Description\Microsoft\Rpc\UuidPersistentData (*)(REGISTRY-WERT) LastTimeAllocated @R...8.. ==> `.2..8.. (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} (+)(REGISTRY-WERT) Installer = 'MSICD' (+)(REGISTRY-WERT) SystemComponent = 0 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains\Files (+)(REGISTRY-WERT) C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll = '' (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\DownloadInformation (+)(REGISTRY-WERT) CODEBASE = 'http://public.windupdates.com/get_file.php?bt=ie&p=714b9e99bb1ec51fadc828f5983e23109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a1fb09d00c5943edceabcca450006' (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion (+)(REGISTRY-WERT) (Default) = '0,0,0,1' (+)(REGISTRY-WERT) LastModified = 'Thu, 11 Nov 2004 20:27:50 GMT' (REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main (+)(REGISTRY-WERT) Default_Page_URL = 'http://213.159.117.134/index.php' (*)(REGISTRY-WERT) Local Page 'C:\WINDOWS\SYSTEM\blank.htm' ==> 'http://213.159.117.134/index.php' (*)(REGISTRY-WERT) Start Page 'about:blank' ==> 'http://213.159.117.134/index.php' (REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains (+)(REGISTRY-WERT) Trusted = '1' (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com (+)(REGISTRY-WERT) * = 2 (REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults (*)(REGISTRY-WERT) http 3 ==> 2 (*)(REGISTRY-WERT) https 3 ==> 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-WERT) :Range = '69.50.161.82' (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinAdCtlX.dll (+)(REGISTRY-WERT) .Owner = '{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}' (+)(REGISTRY-WERT) {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} = '' (REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run (+)(REGISTRY-WERT) System Service = 'C:\WINDOWS\SYSTEM\MSREXE.EXE' (+)(REGISTRY-WERT) SysTime = 'C:\WINDOWS\SYSTEM\systime.exe' (REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs (ERHÖHT) (REGISTRY-WERT) C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll = 1 (erhöht) (REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad (+)(REGISTRY-WERT) OLE Automation Module = '{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}' (REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Welcome (+)(REGISTRY-WERT) 1c3943 = 'q}y|t;p|z' (+)(REGISTRY-WERT) 2340v93 = '`a\]' (+)(REGISTRY-WERT) 398349873 = '<}<‚}qnr{q;}y' (+)(REGISTRY-WERT) 4c34 = '<}<‚}qnr{q;}y' (+)(REGISTRY-WERT) 4lkf83 = 'q}y|t;p|z' (+)(REGISTRY-WERT) c0948273 = '<}<‚}qnr{q;}y' (+)(REGISTRY-WERT) vk8593 = 'q}y|t;p|z' (+)(REGISTRY-SCHLÜSSEL) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Swartax (+)(REGISTRY-WERT) ImagePath = 'C:\WINDOWS\SYSTEM\MSREXE.EXE' (REGISTRY-SCHLÜSSEL) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings (+)(REGISTRY-WERT) MinLevel = 'Code Download' (+)(REGISTRY-WERT) Safety Warning Level = 'SucceedSilent' (+)(REGISTRY-WERT) Security_RunActiveXControls = 16777216 (+)(REGISTRY-WERT) Security_RunScripts = 16777216 (+)(REGISTRY-WERT) Trust Warning Level = 'No Security' (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\WebSiteViewer (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\WebSiteViewer\Settings (+)(REGISTRY-WERT) country = '49' (+)(REGISTRY-WERT) lang = '' (+)(REGISTRY-WERT) lc = '7' (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Internet Explorer\International\CpMRU (*)(REGISTRY-WERT) Cache .o.............................................................................. ==> .o.............................................................................. (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Internet Explorer\Main (+)(REGISTRY-WERT) Default_Page_URL = 'http://213.159.117.134/index.php' (*)(REGISTRY-WERT) Local Page 'C:\WINDOWS\SYSTEM\blank.htm' ==> 'http://213.159.117.134/index.php' (*)(REGISTRY-WERT) Start Page 'about:blank' ==> 'http://213.159.117.134/index.php' (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Internet Explorer\TypedURLs (+)(REGISTRY-WERT) url9 = 'http://www.msn.de/' (*)(REGISTRY-WERT) url1 '/System (C:)' ==> 'http://www.dominaohio.com/' (*)(REGISTRY-WERT) url2 'http://www.superdelotto.com/' ==> '/System (C:)' (*)(REGISTRY-WERT) url3 'http://board.protecus.de/' ==> 'http://www.superdelotto.com/' (*)(REGISTRY-WERT) url4 'www.board.protecus.de' ==> 'http://board.protecus.de/' (*)(REGISTRY-WERT) url5 '/Arbeitsplatz' ==> 'www.board.protecus.de' (*)(REGISTRY-WERT) url6 '/Platte2b (E:)' ==> '/Arbeitsplatz' (*)(REGISTRY-WERT) url7 '/Platte2a (D:)' ==> '/Platte2b (E:)' (*)(REGISTRY-WERT) url8 'http://www.msn.de/' ==> '/Platte2a (D:)' (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion (+)(REGISTRY-WERT) Hash = .X.A.... (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Run (+)(REGISTRY-WERT) sr64 = 'C:\WINDOWS\SYSTEM\SR64\GLNJFINM.EXE' (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU (*)(REGISTRY-WERT) MRUListEx ....................a.......N...........|.......,...8...+... ...#..."...z...............{...................................................................................................................................................................L...........U...V...W...u...w...............d...............X...............4...........G.......................................Y...0...............................S.......Z...........................................................................................-...&...~...}...r...s...y...v...x...t...q...p...m...o...n...l...k...!...i...j...?...h...g...b...f...e...c..._...`...^...]...\...[.......T...R...Q...I...P...O...M...E...K...J...;.......H...%...$...F...D...C...B...A...@...=...>...<...:...9...7...6...5...'...(...*...)...3...1...2.../....... ==> a...........................N...........|.......,...8...+... ...#..."...z...............{...................................................................................................................... ............................................L...........U...V...W...u...w...............d...............X...............4...........G.......................................Y...0...............................S.......Z...........................................................................................-...&...~...}...r...s...y...v...x...t...q...p...m...o...n...l...k...!...i...j...?...h...g...b...f...e...c..._...`...^...]...\...[.......T...R...Q...I...P...O...M...E...K...J...;.......H...%...$...F...D...C...B...A...@...=...>...<...:...9...7...6...5...'...(...*...)...3...1...2.../....... (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\97 (*)(REGISTRY-WERT) CabView \...........................B...B....................................z:...9...X...9..... ... ==> \...........................B...B....................................z:...9...X...9..... ... (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count (*)(REGISTRY-WERT) HRZR_HVDPHG Y....... ==> Y....... (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings (+)(REGISTRY-WERT) btidnt = 'gkcggebdmejn' (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012004111620041117 (+)(REGISTRY-WERT) CacheLimit = 8192 (+)(REGISTRY-WERT) CacheOptions = 11 (+)(REGISTRY-WERT) CachePath = 'C:\WINDOWS\Profiles\Tester\His6\History.IE5\MSHist012004111620041117\' (+)(REGISTRY-WERT) CachePrefix = ':2004111620041117: ' (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections (*)(REGISTRY-WERT) SavedLegacySettings <...>...........192.168.0.3:6588................ "..|3.................. ==> <...L...........192.168.0.3:6588................ "..|3.................. (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-WERT) :Range = '69.50.161.82' (REGISTRY-SCHLÜSSEL) HKEY_USERS\Tester\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 (*)(REGISTRY-WERT) 1004 1 ==> 0 (*)(REGISTRY-WERT) 1201 1 ==> 0 (*)(REGISTRY-WERT) 1C00 196608 ==> 768 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\WebSiteViewer (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\WebSiteViewer\Settings (+)(REGISTRY-WERT) country = '49' (+)(REGISTRY-WERT) lang = '' (+)(REGISTRY-WERT) lc = '7' (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU (*)(REGISTRY-WERT) Cache .o.............................................................................. ==> .o.............................................................................. (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main (+)(REGISTRY-WERT) Default_Page_URL = 'http://213.159.117.134/index.php' (*)(REGISTRY-WERT) Local Page 'C:\WINDOWS\SYSTEM\blank.htm' ==> 'http://213.159.117.134/index.php' (*)(REGISTRY-WERT) Start Page 'about:blank' ==> 'http://213.159.117.134/index.php' (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs (+)(REGISTRY-WERT) url9 = 'http://www.msn.de/' (*)(REGISTRY-WERT) url1 '/System (C:)' ==> 'http://www.dominaohio.com/' (*)(REGISTRY-WERT) url2 'http://www.superdelotto.com/' ==> '/System (C:)' (*)(REGISTRY-WERT) url3 'http://board.protecus.de/' ==> 'http://www.superdelotto.com/' (*)(REGISTRY-WERT) url4 'www.board.protecus.de' ==> 'http://board.protecus.de/' (*)(REGISTRY-WERT) url5 '/Arbeitsplatz' ==> 'www.board.protecus.de' (*)(REGISTRY-WERT) url6 '/Platte2b (E:)' ==> '/Arbeitsplatz' (*)(REGISTRY-WERT) url7 '/Platte2a (D:)' ==> '/Platte2b (E:)' (*)(REGISTRY-WERT) url8 'http://www.msn.de/' ==> '/Platte2a (D:)' (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion (+)(REGISTRY-WERT) Hash = .X.A.... (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run (+)(REGISTRY-WERT) sr64 = 'C:\WINDOWS\SYSTEM\SR64\GLNJFINM.EXE' (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU (*)(REGISTRY-WERT) MRUListEx ....................a.......N...........|.......,...8...+... ...#..."...z...............{...................................................................................................................................................................L...........U...V...W...u...w...............d...............X...............4...........G.......................................Y...0...............................S.......Z...........................................................................................-...&...~...}...r...s...y...v...x...t...q...p...m...o...n...l...k...!...i...j...?...h...g...b...f...e...c..._...`...^...]...\...[.......T...R...Q...I...P...O...M...E...K...J...;.......H...%...$...F...D...C...B...A...@...=...>...<...:...9...7...6...5...'...(...*...)...3...1...2.../....... ==> a...........................N...........|.......,...8...+... ...#..."...z...............{...................................................................................................................... ............................................L...........U...V...W...u...w...............d...............X...............4...........G.......................................Y...0...............................S.......Z...........................................................................................-...&...~...}...r...s...y...v...x...t...q...p...m...o...n...l...k...!...i...j...?...h...g...b...f...e...c..._...`...^...]...\...[.......T...R...Q...I...P...O...M...E...K...J...;.......H...%...$...F...D...C...B...A...@...=...>...<...:...9...7...6...5...'...(...*...)...3...1...2.../....... (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\97 (*)(REGISTRY-WERT) CabView \...........................B...B....................................z:...9...X...9..... ... ==> \...........................B...B....................................z:...9...X...9..... ... (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count (*)(REGISTRY-WERT) HRZR_HVDPHG Y....... ==> Y....... (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (+)(REGISTRY-WERT) btidnt = 'gkcggebdmejn' (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012004111620041117 (+)(REGISTRY-WERT) CacheLimit = 8192 (+)(REGISTRY-WERT) CacheOptions = 11 (+)(REGISTRY-WERT) CachePath = 'C:\WINDOWS\Profiles\Tester\His6\History.IE5\MSHist012004111620041117\' (+)(REGISTRY-WERT) CachePrefix = ':2004111620041117: ' (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections (*)(REGISTRY-WERT) SavedLegacySettings <...>...........192.168.0.3:6588................ "..|3.................. ==> <...L...........192.168.0.3:6588................ "..|3.................. (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1 (+)(REGISTRY-WERT) * = 2 (+)(REGISTRY-WERT) :Range = '69.50.161.82' (REGISTRY-SCHLÜSSEL) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 (*)(REGISTRY-WERT) 1004 1 ==> 0 (*)(REGISTRY-WERT) 1201 1 ==> 0 (*)(REGISTRY-WERT) 1C00 196608 ==> 768