Ebates MoneyMaker lässt sich nicht entfernen

#0
05.12.2004, 01:08
...neu hier

Beiträge: 2
#1 ich werde hier noch wahnsinnig!!!
Also wie es aussieht hat mein Ebates MoneyMaker befallen.
Wenn ich mit adware scanne werden immer ca 7 einträge (Ebates MoneyMaker) angezeigt egal wie oft ich die lösche.

Außerdem öffnen sich hier bei mir dauernt fenster vom internet explorer (das nervt tierisch)

Habe schon alles mögliche probiert und jetzt bin ich müde und geh ins bett. aber vorher gebe ich euch noch meine hijackthis log

Logfile of HijackThis v1.98.2
Scan saved at 01:07:40, on 05.12.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Programme\No-IP\DUC20.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
D:\ICQLite\ICQLite.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
D:\eMule-0.44b-Webcache-1.2e-bin\emule.exe
D:\cppchance\cppc.exe
D:\Nukeduke\dsdi\dsdi.exe
D:\Ad-Aware SE Personal\Ad-Aware.exe
D:\Opera\opera.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\hijackthis_198\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [ICQ Lite] d:\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvpeg32.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule-0.44b-Webcache-1.2e-bin\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O4 - Startup: DSDI.lnk = D:\Nukeduke\dsdi\dsdi.exe
O4 - Global Startup: cppc.lnk = D:\cppchance\cppc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{714D9465-DF8C-41C2-8E75-16A59E613F69}: NameServer = 192.168.0.1

hoffe ihr könnt mir weiter helfen
Dieser Beitrag wurde am 05.12.2004 um 13:04 Uhr von Sabina editiert.
Seitenanfang Seitenende
05.12.2004, 13:04
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@]JacK[

Update erst mal dein Windows auf SP4 , dann helfe ich dir, das System zu saeubern.

HijackThis/1.99 BETA Version
Download: http://www.merijn.org/files/beta/hijackthis199_beta.zip
Alternativ: http://www.hijackthis.de/downloads/...his199_beta.zip

1.Log
Lade/entpacke das Tool --> scan --> save--> es öffnet sich der Editor -->
nun das
KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

mfg
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 05.12.2004 um 13:04 Uhr von Sabina editiert.
Seitenanfang Seitenende
05.12.2004, 21:38
...neu hier

Themenstarter

Beiträge: 2
#3 Ein update auf sp4 muss nicht unbedingt sein.
aber hier die hijackthis log von der 1.99
by the way: cppc.exe und dsdi.exe sind harmlos es sind selbstgeschriebene programme von mir

Logfile of HijackThis v1.99.0 (BETA)
Scan saved at 21:34:46, on 05.12.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Programme\No-IP\DUC20.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
D:\ICQLite\ICQLite.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
D:\eMule-0.44b-Webcache-1.2e-bin\emule.exe
D:\Nukeduke\dsdi\dsdi.exe
D:\Azureus\Azureus.exe
C:\Programme\Java\j2re1.4.2_03\bin\javaw.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\cppchance\cppc.exe
D:\Opera\opera.exe
D:\Winamp\winamp.exe
C:\WINNT\system32\calc.exe
C:\Programme\Windows NT\Zubehör\WORDPAD.EXE
C:\WINNT\system32\svchost.exe
D:\hijackthis199_beta\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [ICQ Lite] d:\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvpeg32.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule-0.44b-Webcache-1.2e-bin\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O4 - Startup: DSDI.lnk = D:\Nukeduke\dsdi\dsdi.exe
O4 - Global Startup: cppc.lnk = D:\cppchance\cppc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{714D9465-DF8C-41C2-8E75-16A59E613F69}: NameServer = 192.168.0.1
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Apache2 - Apache Software Foundation - D:\web\Apache2\bin\Apache.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programme\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
Seitenanfang Seitenende
05.12.2004, 22:12
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo@

Das solltest du mal ueberpruefen:
O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvpeg32.exe

* http://virusscan.jotti.dhs.org/ - im Text wird zu
* auf Durchsuchen klicken und die zu untersuchende Datei öffnen
- jede Datei (max 10MB) einzeln scannen, keine Archive scannen!
* auf Submit klicken - unterhalb des Textblocks wird jetzt der
Status angezeigt, zunächst uploading file, please wait = Datei wird
hochgeladen, bitte warten , danach inconclusive (scan still in
progress) = Scan noch nicht abgeschlossen und letztendlich das
Ergebnis des Scans, das laut Statistik (weiter unten auf der Seite)
zu etwa 99% akkurat ist...
_____________________________________________________________

Gehe in die Registry
Start<Ausfuehren<regedit.

<HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
loesche, wenn es da ist:
EbatesMoeMoneyMaker' (or ' BlubsterSupport' , 'Upromiseremindu' , 'WebSavingsFromEbates

<HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ ebatesver2.xml

#Start<Ausfuehren<
kopiere rein:
regsvr32 /u %WinDir%/System32/cvryptdll.dll
<enter<

PC neustarten

#suche in Program Files nach :' EbatesMoeMoneyMaker ' und loesche es.
__________________________________________________________________-

Wenn du IE und Windows nicht updatest, wirst du hier DAUERKUNDE :p
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 06.12.2004 um 17:20 Uhr von Sabina editiert.
Seitenanfang Seitenende
27.03.2005, 03:20
...neu hier

Beiträge: 6
#5 Hallo , bin neu hier . Ich hab auch das Problem mit Ebates Moneymaker -.-
Nur hab ich nicht soviel peilung von Pc's .Könnt ihr mir bitte sagen wie ich des Zeug wegkriege?Fettes thx schonmal !

(Achja : wtf ist ebates überhaut??)
Seitenanfang Seitenende
27.03.2005, 18:26
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Och_menno

HijackThis/1.99 BETA Version
Download: http://www.merijn.org/files/beta/hijackthis199_beta.zip
Alternativ: http://www.hijackthis.de/downloads/...his199_beta.zip

1.Log
Lade/entpacke das Tool --> scan --> save--> es öffnet sich der Editor -->
nun das
KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.03.2005, 20:45
...neu hier

Beiträge: 6
#7 Jo ,hier ises

Logfile of HijackThis v1.99.1
Scan saved at 20:44:02, on 27.03.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\NORTON CLEANSWEEP\CSINJECT.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMME\1&1 PROGRAMME\CFOS\CFOSDW.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WOEBOO.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMME\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
C:\PROGRAMME\NORTON CLEANSWEEP\CSINSM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\Programme\Norton CleanSweep\Monwow.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMME\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE
C:\PROGRAMME\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER1.EXE
C:\PROGRAMME\WINAMP\WINAMP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.383\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lycos.de/search/msie40.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.heise.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe
F1 - win.ini: run=C:\PROGRA~1\1&1PRO~1\CFOS\CFOSDW.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IEHlprObj Class - {462E60DA-EDB7-42A5-AC70-E5952917CA32} - C:\WINDOWS\SYSTEM\MBHO.DLL (file missing)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAMME\KAZAA LITE K++\KPP.EXE" "C:\PROGRAMME\KAZAA LITE K++\KAZAALITE.KPP" /SYSTRAY
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [srdztdgfyuibd] C:\WINDOWS\SYSTEM\woeboo.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAMME\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\PROGRA~1\NORTON~1\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: CleanSweep Installations-Monitor und Internet Sweep.lnk = C:\Programme\Norton CleanSweep\csinsm32.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: GetRight - Tray Icon.lnk = C:\Programme\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Ebates - file://C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe (file missing)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.lycos.de/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13e7b33fc66eda658d06/netzip/RdxIE601_de.cab


Hum ,kanns sein ,dass ich übelst Befall habe? ..weil plötzlich hat mein Pc den Wallpaper gewechselt und die Icons aufm Desktop stellen sich auch dauernd um -.-
Seitenanfang Seitenende
27.03.2005, 21:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 Hallo@Och_menno

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O2 - BHO: IEHlprObj Class - {462E60DA-EDB7-42A5-AC70-E5952917CA32} - C:\WINDOWS\SYSTEM\MBHO.DLL (file missing)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [srdztdgfyuibd] C:\WINDOWS\SYSTEM\woeboo.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAMME\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O8 - Extra context menu item: Ebates - file://C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU)

PC neustarten

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\System\cvryptdll.dll
C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
C:\PROGRAMME\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe
C:\PROGRAMME\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER1.EXE
C:\WINDOWS\SATMAT.exe
C:\WINDOWS\SYSTEM\woeboo.exe
C:\WINDOWS\ALCHEM.exe
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\Program Files\webHancer\Programs\whagent.ini
C:\Program Files\webHancer\Programs\whagent.exe
C:\WINDOWS\TWAINTEC.DLL
C:\WINDOWS\SYSTEM\MBHO.DLL

PC neustarten

loeschen:
C:\Program Files\webHancer\
C:\PROGRAMME\EBATES_MOEMONEYMAKER

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.03.2005, 18:00
...neu hier

Beiträge: 6
#9 Hi , also ich hab jetzt mal alles gemacht ,was du gesagt hast..

Erstmal das Log vom Scan:


Ad-Aware SE Build 1.05
Logfile Created on:Mittwoch, 30. März 2005 14:33:16
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R34 23.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):1 total references
BookedSpace(TAC index:10):2 total references
DownloadWare(TAC index:8):9 total references
IPInsight(TAC index:7):6 total references
MRU List(TAC index:0):30 total references
Tracking Cookie(TAC index:3):47 total references
WebHancer(TAC index:9):4 total references
VX2(TAC index:10):52 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


30.03.2005 14:33:16 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293862819
Threads : 9
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294927107
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294929179
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294966843
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:5 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294966207
Threads : 4
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:6 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294861963
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:7 [CSINJECT.EXE]
FilePath : C:\PROGRAMME\NORTON CLEANSWEEP\
ProcessID : 4294859203
Threads : 1
Priority : Normal
FileVersion : 4.51.0026
ProductVersion : 4.5
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : csinject
InternalName : CSInject
LegalCopyright : Copyright © 1992-1999 Symantec Corporation
OriginalFilename : CSInject.exe

#:8 [SSDPSRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294856187
Threads : 5
Priority : Normal
FileVersion : 4.90.3001.0
ProductVersion : 4.90.3001.0
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : SSDP Service on Windows Millennium
InternalName : ssdpsrv.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : ssdpsrv.exe

#:9 [VSMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\ZONELABS\
ProcessID : 4294884575
Threads : 16
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:10 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294771419
Threads : 17
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Betriebssystem Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:11 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294829251
Threads : 4
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:12 [CFOSDW.EXE]
FilePath : C:\PROGRAMME\1&1 PROGRAMME\CFOS\
ProcessID : 4294745231
Threads : 2
Priority : High
FileVersion : 4.12.2320
ProductVersion : 4.12.2320
ProductName : cFos/Win - Windows Virtual COM Port for DSL/ISDN CAPI
CompanyName : cFos Software GmbH
FileDescription : cFos/Win - Windows Virtual COM Port for DSL/ISDN CAPI
InternalName : cFosWin
LegalCopyright : Copyright © Lueders/Winkler 1993-2001
OriginalFilename : cFosWin.EXE

#:13 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294770183
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:14 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294764535
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : System Tray-Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:15 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294648947
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE

#:16 [WINAMPA.EXE]
FilePath : C:\PROGRAMME\WINAMP\
ProcessID : 4294664939
Threads : 1
Priority : Normal


#:17 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294667075
Threads : 7
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows(R) Telefonieserver
InternalName : Telefoniedienst
LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE

#:18 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294664671
Threads : 2
Priority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:19 [REALSCHED.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\
ProcessID : 4294679899
Threads : 2
Priority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:20 [ZLCLIENT.EXE]
FilePath : C:\PROGRAMME\ZONE LABS\ZONEALARM\
ProcessID : 4294579643
Threads : 6
Priority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:21 [CSINSM32.EXE]
FilePath : C:\PROGRAMME\NORTON CLEANSWEEP\
ProcessID : 4294616451
Threads : 4
Priority : Normal
FileVersion : 4.51.0026
ProductVersion : 4.5
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : Norton CleanSweep Install Monitor
InternalName : CSINSM32
LegalCopyright : Copyright © 1994-1999 Symantec Corp.
LegalTrademarks : SmartSweep is a trademark of Symantec Corporation
OriginalFilename : CSINSM32.EXE

#:22 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294638411
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:23 [Monwow.exe]
FilePath : C:\Programme\Norton CleanSweep\
ProcessID : 4294525135
Threads : 1
Priority : Normal
FileVersion : 4.51.0026
ProductVersion : 4.5
ProductName : Norton CleanSweep
CompanyName : Symantec Corporation
FileDescription : Norton SmartSweep for NT WOW monitor
InternalName : MONWOW
LegalCopyright : Copyright © 1992-1999 Symantec Corporation
OriginalFilename : MonWOW.EXE

#:24 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294628731
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : DFÜ-Netzwerkprogramm
InternalName : RNAAPP
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE

#:25 [AD-AWARE.EXE]
FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294757503
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}
Value :

WebHancer Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\whsurvey

WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\whsurvey
Value :

WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\whsurvey
Value : DisplayName

WebHancer Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\whsurvey
Value : UninstallString

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : twaintecdll.twaintecdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : twaintecdll.twaintecdllobj.1
Value :

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 10


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:khanh@imrworldwide.com/cgi-bin
Expires : 19.01.2009 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@serving-sys[1].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:khanh@serving-sys.com/
Expires : 01.01.2038 07:00:00
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@ehg-maxim.hitbox[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@ehg-maxim.hitbox.com/
Expires : 19.03.2005 16:41:10
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@gator[1].txt
Category : Data Miner
Comment : Hits:34
Value : Cookie:khanh@gator.com/
Expires : 11.05.2004 16:15:04
LastSync : Hits:34
UseCount : 0
Hits : 34

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@trafficmp[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:khanh@trafficmp.com/
Expires : 04.11.2005 22:59:14
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:khanh@z1.adserver.com/
Expires : 01.12.2005 23:55:22
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@spylog[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:khanh@spylog.com/
Expires : 03.04.2003 21:51:18
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@bilbo.counted[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:khanh@bilbo.counted.com/
Expires : 15.01.2005 18:44:54
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@tripod[2].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@tripod.cl/
Expires : 24.03.2005 17:46:14
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@webpdp.gator[2].txt
Category : Data Miner
Comment : Hits:131
Value : Cookie:khanh@webpdp.gator.com/
Expires : 23.04.2004 02:00:00
LastSync : Hits:131
UseCount : 0
Hits : 131

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@cms[1].txt
Category : Data Miner
Comment : Hits:83
Value : Cookie:khanh@jmcms.cydoor.com/scripts/cms/
Expires : 18.04.2003 17:27:36
LastSync : Hits:83
UseCount : 0
Hits : 83

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@adserv.internetfuel[3].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:khanh@adserv.internetfuel.com/
Expires : 01.12.2003 16:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@tripod[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:khanh@tripod.com/
Expires : 27.02.2005 20:51:14
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@ehg-sonypictures.hitbox[1].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:khanh@ehg-sonypictures.hitbox.com/
Expires : 19.03.2005 16:34:10
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@www.ntsearch[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:khanh@www.ntsearch.com/
Expires : 01.06.2005 02:53:50
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@questionmarket[3].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:khanh@questionmarket.com/
Expires : 02.06.2005 12:06:22
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@www.qksrv[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:khanh@www.qksrv.net/
Expires : 20.09.2007 14:08:46
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@hestia.sextrail.trakkerd[3].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:khanh@hestia.sextrail.trakkerd.net/
Expires : 23.09.2003 18:06:14
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@casalemedia[3].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:khanh@casalemedia.com/
Expires : 26.11.2005 19:26:42
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@atdmt[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:khanh@atdmt.com/
Expires : 23.05.2009 02:00:00
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@realmedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:khanh@realmedia.com/
Expires : 01.01.2011 01:59:58
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@counter12.sextracker[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@counter12.sextracker.com/
Expires : 25.09.2002 09:46:20
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@etype.adbureau[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:khanh@etype.adbureau.net/
Expires : 01.03.2007 01:59:58
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@overture[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:khanh@overture.com/
Expires : 07.09.2012 15:27:52
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@cgi-bin[3].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:khanh@gamestar.de/cgi-bin/
Expires : 06.03.2004 17:28:16
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@maxserving[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@maxserving.com/
Expires : 09.04.2014 20:06:14
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@bs.serving-sys[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@bs.serving-sys.com/
Expires : 01.01.2038 07:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@popupsponsor[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@popupsponsor.com/
Expires : 06.10.2002 21:42:38
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@zedo[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:khanh@zedo.com/
Expires : 08.10.2004 20:06:22
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@bravenet[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:khanh@bravenet.com/
Expires : 10.05.2014 12:56:58
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@counter1.sextracker[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@counter1.sextracker.com/
Expires : 21.09.2002 11:01:14
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@hotlog[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@hotlog.ru/
Expires : 02.10.2003 17:05:18
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@www1.paypopup[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@www1.paypopup.com/
Expires : 25.03.2004 16:16:36
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@www.1stblaze[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@www.1stblaze.com/
Expires : 06.10.2002 21:44:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@as1.falkag[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:khanh@as1.falkag.de/
Expires : 31.03.2005 00:03:22
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@paycounter[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:khanh@paycounter.com/
Expires : 31.12.2030 03:00:00
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@iwon[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:khanh@iwon.com/
Expires : 07.09.2014 01:50:08
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@partners.webmasterplan[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@partners.webmasterplan.com/
Expires : 01.07.2004
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@sexlist[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:khanh@sexlist.com/
Expires : 20.09.2003 19:01:54
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@count.xhit[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:khanh@count.xhit.com/
Expires : 15.04.2005 21:38:06
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@hitbox[2].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:khanh@hitbox.com/
Expires : 19.03.2005 16:41:10
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@fortunecity[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:khanh@fortunecity.com/
Expires : 01.01.2011 01:59:58
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@bfast[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:khanh@bfast.com/
Expires : 05.10.2022 21:50:04
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@adserver.itsfogo[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:khanh@adserver.itsfogo.com/
Expires : 21.08.2014 16:51:18
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@ads.tripod.lycos[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\\khanh@ads.tripod.lycos[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@questionmarket[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\\khanh@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : khanh@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\\khanh@casalemedia[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 47
Objects found so far: 57



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : preinstt.exe
Category : Malware
Comment :
Object : C:\WINDOWS\



IPInsight Object Recognized!
Type : File
Data : sentry.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 0, 1, 3
ProductVersion : 0, 0, 1, 3
ProductName : IP-Sentry Stub
CompanyName : IP-Insight Corporation

FileDescription : SentryStub.exe is a stub installer for the company's
IP-Sentry application -both distributed by IP-Insight Corporation, a
Delaware Corporation. Please see http://www.ipinsight.com for more details.

InternalName : SentryStub
LegalCopyright : Copyright © 2002
OriginalFilename : SentryStub.exe
Comments : SentryStub.exe is a stub installer for the company's
IP-Sentry application -both distributed by IP-Insight Corporation, a
Delaware Corporation. Please see http://www.ipinsight.com for more details.



Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 59

BookedSpace Object Recognized!
Type : File
Data : polall1m.exe
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM\



Disk Scan Result for C:\WINDOWS\SYSTEM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 60

VX2 Object Recognized!
Type : File
Data : preInsTT.exe
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\



BookedSpace Object Recognized!
Type : File
Data : polall1m.exe
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\



VX2 Object Recognized!
Type : File
Data : satmat.cab
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\



VX2 Object Recognized!
Type : File
Data : satmat.exe
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\
FileVersion : 0, 1, 1, 3
ProductVersion : 0, 1, 1, 3
CompanyName : Better Internet Inc.
FileDescription : www.abetterinternet.com
LegalCopyright : Copyright © 2002


Disk Scan Result for C:\WINDOWS\TEMP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 64


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
901 entries scanned.
New critical objects:0
Objects found so far: 64



MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\outlook express\recent stationery list
Description : list of recently used stationery in microsoft outlook express


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mp.mediapops

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mp.mediapops
Value :

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mp.mediapops.1

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mp.mediapops.1
Value :

DownloadWare Object Recognized!
Type : File
Data : Digital Signature 20020903.htm
Category : Malware
Comment :
Object : C:\WINDOWS\



DownloadWare Object Recognized!
Type : File
Data : Digital Signature 20020926.htm
Category : Malware
Comment :
Object : C:\WINDOWS\



VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4d5OfSDist

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4o5pListSPos

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4n5trSEvnt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4S5Insur

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TT4C5ntrSTransac

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTM4o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5i6cky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TT4N5a6tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTD4s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTD4s5tSCHost

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTD4s5tSCPath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTS4t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTL3a4stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTL3a4stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC1o4d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4i5m6eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5i6cky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5i6cky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5i6cky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTP4D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : File
Data : TWAINTEC.INI
Category : Malware
Comment :
Object : C:\WINDOWS\



VX2 Object Recognized!
Type : File
Data : TWTINI.INF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : TWAINTEC.INF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : binkw32.dll
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\



VX2 Object Recognized!
Type : File
Data : dummy.htm
Category : Malware
Comment :
Object : C:\WINDOWS\TEMP\



IPInsight Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Programme\ip

IPInsight Object Recognized!
Type : File
Data : INSTALL.LOG
Category : Data Miner
Comment :
Object : C:\Programme\ip\



IPInsight Object Recognized!
Type : File
Data : UNWISE.EXE
Category : Data Miner
Comment :
Object : C:\Programme\ip\



IPInsight Object Recognized!
Type : File
Data : UNWISE.INI
Category : Data Miner
Comment :
Object : C:\Programme\ip\



IPInsight Object Recognized!
Type : File
Data : Sentry.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 57
Objects found so far: 151

14:34:32 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:16.180
Objects scanned:40923
Objects identified:121
Objects ignored:0
New critical objects:121


....

Dann das infected Zeug (du meintest doch mit "bearbeiten" klicken und infected reinschreiben in "suche" oda?):

Wed Mar 30 14:49:53 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Wed Mar 30 14:49:53 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Mar 30 14:49:53 2005 => System found infected with 180Solutions Spyware/Adware ({30d02401-6a81-11d0-8274-00c04fd5ae38})! Action taken: No Action Taken.
Wed Mar 30 14:49:53 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Mar 30 14:49:53 2005 => System found infected with VX2 Spyware/Adware ({0E5CBF21-D15F-11D0-8301-00AA005B4383})! Action taken: No Action Taken.
Wed Mar 30 14:49:53 2005 => File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Mar 30 14:49:53 2005 => Offending Folder C:\WINDOWS\STARTM~1\PROGRA~1\PRECIS~1 present...
Wed Mar 30 14:49:53 2005 => System found infected with precisiontime Spyware/Adware! Action taken: No Action Taken.
Wed Mar 30 14:49:53 2005 => File System Found infected by "precisiontime Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Mar 30 14:49:53 2005 => Offending value found in HKLM\Software\vendor !!!
Wed Mar 30 14:49:53 2005 => System found infected with vendor Spyware/Adware! Action taken: No Action Taken.
Wed Mar 30 14:49:53 2005 => File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken.

Wed Mar 30 14:49:54 2005 => Offending value found in HKLM\Software\TwainTec !!!
Wed Mar 30 14:49:54 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Wed Mar 30 14:49:54 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.


Jo ,das war alles mit infected ...hm eigentlich ,wenn ich nur infected bei der suche eingebe wird nur das erste infected markiert ...also das mit "alexa" .
Hm , hoffe mal ist nichts ernstes mit meinem Comp -.-
Ansonsten ists echt nett ,dass du mir hilfst.

Also beim ersten mal scanen mit AD dings sollte ich das Zeug ,dass angezeigt nicht löschen ,oder?
Dieser Beitrag wurde am 31.03.2005 um 09:29 Uhr von Och_menno editiert.
Seitenanfang Seitenende
31.03.2005, 09:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Hallo@Och_menno

wenn du mit der killbox alles geloescht hast, was ich geschrieben habe , dann muesste nun alles in Ordnung sein ;)

C:\WINDOWS\TEMP\ <----leere diesen Ordner (nicht den Ordner selbst loeschen)

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.03.2005, 11:46
...neu hier

Beiträge: 6
#11 Cool , da bin ich ja jetzt beruhigt ,wenn alles in Ordnung sein sollte :p

Nur lässt sich "ZLT043a6" Datei im Temp ordner nicht löschen?!? Hast du Ahnung ,wie man den Schreibschutz entfernt?
Seitenanfang Seitenende
31.03.2005, 11:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 lass, es ist schon in Ordnung, wenn du sie nicht loeschen kannst, dann wird sie wahrscheinlich benoetigt von einem Programm ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.03.2005, 18:12
...neu hier

Beiträge: 6
#13 Und was ist das für ein Programm -.-?
Seitenanfang Seitenende
01.04.2005, 12:56
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 C:\WINDOWS\TWAINTEC.INI
C:\WINDOWS\TEMP\dummy.htm
C:\WINDOWS\TEMP\binkw32.dll <--das waere zu loeschen.

wozu ZLT043a6 gehoert ? --> rechtsklick-->Eigenschaften....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.04.2005, 20:35
...neu hier

Beiträge: 6
#15 Hm ,ich hab danach gesucht aber finde es nicht , Killbox meint auch ,es würde nicht existieren. Habe ich nicht irgendwie mal den gesamten Temp Ordner gelöscht?^^

Zu ZLT043a6 : Gibs nicht mehr ,aba dafür andere Zlt's komisch
Und bei Eigenschaft steht dort ,dass es TMP datei ist mehr nicht.






Bevor dieser thread von mir in Vergessenheit gerät:

DAnke für die kompetente Hilfe!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Dieser Beitrag wurde am 05.04.2005 um 16:02 Uhr von Och_menno editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: