Ebates MoneyMaker lässt sich nicht entfernen |
||
---|---|---|
#0
| ||
05.12.2004, 01:08
...neu hier
Beiträge: 2 |
||
|
||
05.12.2004, 13:04
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@]JacK[
Update erst mal dein Windows auf SP4 , dann helfe ich dir, das System zu saeubern. HijackThis/1.99 BETA Version Download: http://www.merijn.org/files/beta/hijackthis199_beta.zip Alternativ: http://www.hijackthis.de/downloads/...his199_beta.zip 1.Log Lade/entpacke das Tool --> scan --> save--> es öffnet sich der Editor --> nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" mfg Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 05.12.2004 um 13:04 Uhr von Sabina editiert.
|
|
|
||
05.12.2004, 21:38
...neu hier
Themenstarter Beiträge: 2 |
#3
Ein update auf sp4 muss nicht unbedingt sein.
aber hier die hijackthis log von der 1.99 by the way: cppc.exe und dsdi.exe sind harmlos es sind selbstgeschriebene programme von mir Logfile of HijackThis v1.99.0 (BETA) Scan saved at 21:34:46, on 05.12.2004 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINNT\System32\svchost.exe C:\Programme\No-IP\DUC20.exe C:\WINNT\System32\nvsvc32.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\devldr32.exe D:\ICQLite\ICQLite.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Programme\AVPersonal\AVGNT.EXE D:\eMule-0.44b-Webcache-1.2e-bin\emule.exe D:\Nukeduke\dsdi\dsdi.exe D:\Azureus\Azureus.exe C:\Programme\Java\j2re1.4.2_03\bin\javaw.exe C:\Programme\Internet Explorer\iexplore.exe D:\cppchance\cppc.exe D:\Opera\opera.exe D:\Winamp\winamp.exe C:\WINNT\system32\calc.exe C:\Programme\Windows NT\Zubehör\WORDPAD.EXE C:\WINNT\system32\svchost.exe D:\hijackthis199_beta\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [ICQ Lite] d:\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvpeg32.exe O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule-0.44b-Webcache-1.2e-bin\emule.exe -AutoStart O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot O4 - Startup: DSDI.lnk = D:\Nukeduke\dsdi\dsdi.exe O4 - Global Startup: cppc.lnk = D:\cppchance\cppc.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Agnitum\Outpost Firewall\TRASH.EXE (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Agnitum\Outpost Firewall\TRASH.EXE (HKCU) O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O17 - HKLM\System\CCS\Services\Tcpip\..\{714D9465-DF8C-41C2-8E75-16A59E613F69}: NameServer = 192.168.0.1 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Apache2 - Apache Software Foundation - D:\web\Apache2\bin\Apache.exe O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Programme\No-IP\DUC20.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe |
|
|
||
05.12.2004, 22:12
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@
Das solltest du mal ueberpruefen: O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvpeg32.exe * http://virusscan.jotti.dhs.org/ - im Text wird zu * auf Durchsuchen klicken und die zu untersuchende Datei öffnen - jede Datei (max 10MB) einzeln scannen, keine Archive scannen! * auf Submit klicken - unterhalb des Textblocks wird jetzt der Status angezeigt, zunächst uploading file, please wait = Datei wird hochgeladen, bitte warten , danach inconclusive (scan still in progress) = Scan noch nicht abgeschlossen und letztendlich das Ergebnis des Scans, das laut Statistik (weiter unten auf der Seite) zu etwa 99% akkurat ist... _____________________________________________________________ Gehe in die Registry Start<Ausfuehren<regedit. <HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run loesche, wenn es da ist: EbatesMoeMoneyMaker' (or ' BlubsterSupport' , 'Upromiseremindu' , 'WebSavingsFromEbates <HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ ebatesver2.xml #Start<Ausfuehren< kopiere rein: regsvr32 /u %WinDir%/System32/cvryptdll.dll <enter< PC neustarten #suche in Program Files nach :' EbatesMoeMoneyMaker ' und loesche es. __________________________________________________________________- Wenn du IE und Windows nicht updatest, wirst du hier DAUERKUNDE __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 06.12.2004 um 17:20 Uhr von Sabina editiert.
|
|
|
||
27.03.2005, 03:20
...neu hier
Beiträge: 6 |
#5
Hallo , bin neu hier . Ich hab auch das Problem mit Ebates Moneymaker -.-
Nur hab ich nicht soviel peilung von Pc's .Könnt ihr mir bitte sagen wie ich des Zeug wegkriege?Fettes thx schonmal ! (Achja : wtf ist ebates überhaut??) |
|
|
||
27.03.2005, 18:26
Ehrenmitglied
Beiträge: 29434 |
#6
Och_menno
HijackThis/1.99 BETA Version Download: http://www.merijn.org/files/beta/hijackthis199_beta.zip Alternativ: http://www.hijackthis.de/downloads/...his199_beta.zip 1.Log Lade/entpacke das Tool --> scan --> save--> es öffnet sich der Editor --> nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.03.2005, 20:45
...neu hier
Beiträge: 6 |
#7
Jo ,hier ises
Logfile of HijackThis v1.99.1 Scan saved at 20:44:02, on 27.03.2005 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAMME\NORTON CLEANSWEEP\CSINJECT.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAMME\1&1 PROGRAMME\CFOS\CFOSDW.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAMME\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\WOEBOO.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAMME\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE C:\PROGRAMME\NORTON CLEANSWEEP\CSINSM32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\Programme\Norton CleanSweep\Monwow.exe C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAMME\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE C:\PROGRAMME\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER1.EXE C:\PROGRAMME\WINAMP\WINAMP.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAMME\WINRAR\WINRAR.EXE C:\WINDOWS\TEMP\RAR$EX00.383\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lycos.de/search/msie40.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.heise.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe F1 - win.ini: run=C:\PROGRA~1\1&1PRO~1\CFOS\CFOSDW.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: IEHlprObj Class - {462E60DA-EDB7-42A5-AC70-E5952917CA32} - C:\WINDOWS\SYSTEM\MBHO.DLL (file missing) O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAMME\KAZAA LITE K++\KPP.EXE" "C:\PROGRAMME\KAZAA LITE K++\KAZAALITE.KPP" /SYSTRAY O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [srdztdgfyuibd] C:\WINDOWS\SYSTEM\woeboo.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAMME\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\PROGRA~1\NORTON~1\CSINJECT.EXE O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - Startup: CleanSweep Installations-Monitor und Internet Sweep.lnk = C:\Programme\Norton CleanSweep\csinsm32.exe O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Startup: GetRight - Tray Icon.lnk = C:\Programme\GetRight\getright.exe O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm O8 - Extra context menu item: Ebates - file://C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe (file missing) O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.lycos.de/ O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13e7b33fc66eda658d06/netzip/RdxIE601_de.cab Hum ,kanns sein ,dass ich übelst Befall habe? ..weil plötzlich hat mein Pc den Wallpaper gewechselt und die Icons aufm Desktop stellen sich auch dauernd um -.- |
|
|
||
27.03.2005, 21:37
Ehrenmitglied
Beiträge: 29434 |
#8
Hallo@Och_menno
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O2 - BHO: IEHlprObj Class - {462E60DA-EDB7-42A5-AC70-E5952917CA32} - C:\WINDOWS\SYSTEM\MBHO.DLL (file missing) O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe O4 - HKLM\..\Run: [srdztdgfyuibd] C:\WINDOWS\SYSTEM\woeboo.exe O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAMME\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe" O8 - Extra context menu item: Ebates - file://C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU) PC neustarten •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\System\cvryptdll.dll C:\PROGRAMME\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm C:\PROGRAMME\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe C:\PROGRAMME\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER1.EXE C:\WINDOWS\SATMAT.exe C:\WINDOWS\SYSTEM\woeboo.exe C:\WINDOWS\ALCHEM.exe C:\Program Files\webHancer\Programs\whSurvey.exe C:\Program Files\webHancer\Programs\whagent.ini C:\Program Files\webHancer\Programs\whagent.exe C:\WINDOWS\TWAINTEC.DLL C:\WINDOWS\SYSTEM\MBHO.DLL PC neustarten loeschen: C:\Program Files\webHancer\ C:\PROGRAMME\EBATES_MOEMONEYMAKER #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen -->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird--> __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.03.2005, 18:00
...neu hier
Beiträge: 6 |
#9
Hi , also ich hab jetzt mal alles gemacht ,was du gesagt hast..
Erstmal das Log vom Scan: Ad-Aware SE Build 1.05 Logfile Created on:Mittwoch, 30. März 2005 14:33:16 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R34 23.03.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):1 total references BookedSpace(TAC index:10):2 total references DownloadWare(TAC index:8):9 total references IPInsight(TAC index:7):6 total references MRU List(TAC index:0):30 total references Tracking Cookie(TAC index:3):47 total references WebHancer(TAC index:9):4 total references VX2(TAC index:10):52 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 30.03.2005 14:33:16 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [KERNEL32.DLL] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293862819 Threads : 9 Priority : High FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Kernkomponente des Win32-Kernel InternalName : KERNEL32 LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000 OriginalFilename : KERNEL32.DLL #:2 [MSGSRV32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294927107 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Windows 32-Bit-VxD-Meldungsserver InternalName : MSGSRV32 LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998 OriginalFilename : MSGSRV32.EXE #:3 [SPOOL32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294929179 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : Spooler Sub System Process InternalName : spool32 LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998 OriginalFilename : spool32.exe #:4 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294966843 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft Windows CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk LegalCopyright : Copyright © Microsoft Corp. 1991-2000 OriginalFilename : mmtask.tsk #:5 [MPREXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294966207 Threads : 4 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000 OriginalFilename : MPREXE.EXE #:6 [MSTASK.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294861963 Threads : 2 Priority : Normal FileVersion : 4.71.2721.1 ProductVersion : 4.71.2721.1 ProductName : Taskplaner für Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Taskplaner-Engine InternalName : TaskScheduler LegalCopyright : Copyright (C) Microsoft Corp. 1997 OriginalFilename : mstask.exe #:7 [CSINJECT.EXE] FilePath : C:\PROGRAMME\NORTON CLEANSWEEP\ ProcessID : 4294859203 Threads : 1 Priority : Normal FileVersion : 4.51.0026 ProductVersion : 4.5 ProductName : Norton CleanSweep CompanyName : Symantec Corporation FileDescription : csinject InternalName : CSInject LegalCopyright : Copyright © 1992-1999 Symantec Corporation OriginalFilename : CSInject.exe #:8 [SSDPSRV.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294856187 Threads : 5 Priority : Normal FileVersion : 4.90.3001.0 ProductVersion : 4.90.3001.0 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : SSDP Service on Windows Millennium InternalName : ssdpsrv.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : ssdpsrv.exe #:9 [VSMON.EXE] FilePath : C:\WINDOWS\SYSTEM\ZONELABS\ ProcessID : 4294884575 Threads : 16 Priority : Normal FileVersion : 5.5.062.011 ProductVersion : 5.5.062.011 ProductName : TrueVector Service CompanyName : Zone Labs LLC FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2005, Zone Labs LLC OriginalFilename : vsmon.exe #:10 [EXPLORER.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294771419 Threads : 17 Priority : Normal FileVersion : 5.50.4134.100 ProductVersion : 5.50.4134.100 ProductName : Betriebssystem Microsoft(R) Windows (R) 2000 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : EXPLORER.EXE #:11 [STMGR.EXE] FilePath : C:\WINDOWS\SYSTEM\RESTORE\ ProcessID : 4294829251 Threads : 4 Priority : Normal FileVersion : 4.90.0.2533 ProductVersion : 4.90.0.2533 ProductName : Microsoft (r) PCHealth CompanyName : Microsoft Corporation FileDescription : Microsoft (R) PC State Manager InternalName : StateMgr.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : StateMgr.exe #:12 [CFOSDW.EXE] FilePath : C:\PROGRAMME\1&1 PROGRAMME\CFOS\ ProcessID : 4294745231 Threads : 2 Priority : High FileVersion : 4.12.2320 ProductVersion : 4.12.2320 ProductName : cFos/Win - Windows Virtual COM Port for DSL/ISDN CAPI CompanyName : cFos Software GmbH FileDescription : cFos/Win - Windows Virtual COM Port for DSL/ISDN CAPI InternalName : cFosWin LegalCopyright : Copyright © Lueders/Winkler 1993-2001 OriginalFilename : cFosWin.EXE #:13 [TASKMON.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294770183 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : Task Monitor InternalName : TaskMon LegalCopyright : Copyright (C) Microsoft Corp. 1998 OriginalFilename : TASKMON.EXE #:14 [SYSTRAY.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294764535 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : System Tray-Applet InternalName : SYSTRAY LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000 OriginalFilename : SYSTRAY.EXE #:15 [RUNDLL32.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294648947 Threads : 5 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998 OriginalFilename : RUNDLL.EXE #:16 [WINAMPA.EXE] FilePath : C:\PROGRAMME\WINAMP\ ProcessID : 4294664939 Threads : 1 Priority : Normal #:17 [TAPISRV.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294667075 Threads : 7 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : Microsoft® Windows(R) Telefonieserver InternalName : Telefoniedienst LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998 OriginalFilename : TAPISRV.EXE #:18 [QTTASK.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294664671 Threads : 2 Priority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:19 [REALSCHED.EXE] FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\ ProcessID : 4294679899 Threads : 2 Priority : Normal FileVersion : 0.1.0.3018 ProductVersion : 0.1.0.3018 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:20 [ZLCLIENT.EXE] FilePath : C:\PROGRAMME\ZONE LABS\ZONEALARM\ ProcessID : 4294579643 Threads : 6 Priority : Normal FileVersion : 5.5.062.011 ProductVersion : 5.5.062.011 ProductName : Zone Labs Client CompanyName : Zone Labs LLC FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2005, Zone Labs LLC OriginalFilename : zlclient.exe #:21 [CSINSM32.EXE] FilePath : C:\PROGRAMME\NORTON CLEANSWEEP\ ProcessID : 4294616451 Threads : 4 Priority : Normal FileVersion : 4.51.0026 ProductVersion : 4.5 ProductName : Norton CleanSweep CompanyName : Symantec Corporation FileDescription : Norton CleanSweep Install Monitor InternalName : CSINSM32 LegalCopyright : Copyright © 1994-1999 Symantec Corp. LegalTrademarks : SmartSweep is a trademark of Symantec Corporation OriginalFilename : CSINSM32.EXE #:22 [WMIEXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294638411 Threads : 3 Priority : Normal FileVersion : 4.90.2452.1 ProductVersion : 4.90.2452.1 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : WMI service exe housing InternalName : wmiexe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : wmiexe.exe #:23 [Monwow.exe] FilePath : C:\Programme\Norton CleanSweep\ ProcessID : 4294525135 Threads : 1 Priority : Normal FileVersion : 4.51.0026 ProductVersion : 4.5 ProductName : Norton CleanSweep CompanyName : Symantec Corporation FileDescription : Norton SmartSweep for NT WOW monitor InternalName : MONWOW LegalCopyright : Copyright © 1992-1999 Symantec Corporation OriginalFilename : MonWOW.EXE #:24 [RNAAPP.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294628731 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium CompanyName : Microsoft Corporation FileDescription : DFÜ-Netzwerkprogramm InternalName : RNAAPP LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996 OriginalFilename : RNAAPP.EXE #:25 [AD-AWARE.EXE] FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\ ProcessID : 4294757503 Threads : 2 Priority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DownloadWare Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1} DownloadWare Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee} DownloadWare Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee} Value : WebHancer Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\whsurvey WebHancer Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\whsurvey Value : WebHancer Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\whsurvey Value : DisplayName WebHancer Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\whsurvey Value : UninstallString VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : twaintecdll.twaintecdllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : twaintecdll.twaintecdllobj.1 Value : Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 10 Objects found so far: 10 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@cgi-bin[1].txt Category : Data Miner Comment : Hits:2 Value : Cookie:khanh@imrworldwide.com/cgi-bin Expires : 19.01.2009 01:00:00 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@serving-sys[1].txt Category : Data Miner Comment : Hits:17 Value : Cookie:khanh@serving-sys.com/ Expires : 01.01.2038 07:00:00 LastSync : Hits:17 UseCount : 0 Hits : 17 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@ehg-maxim.hitbox[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@ehg-maxim.hitbox.com/ Expires : 19.03.2005 16:41:10 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@gator[1].txt Category : Data Miner Comment : Hits:34 Value : Cookie:khanh@gator.com/ Expires : 11.05.2004 16:15:04 LastSync : Hits:34 UseCount : 0 Hits : 34 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@trafficmp[2].txt Category : Data Miner Comment : Hits:6 Value : Cookie:khanh@trafficmp.com/ Expires : 04.11.2005 22:59:14 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@z1.adserver[1].txt Category : Data Miner Comment : Hits:7 Value : Cookie:khanh@z1.adserver.com/ Expires : 01.12.2005 23:55:22 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@spylog[1].txt Category : Data Miner Comment : Hits:7 Value : Cookie:khanh@spylog.com/ Expires : 03.04.2003 21:51:18 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@bilbo.counted[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:khanh@bilbo.counted.com/ Expires : 15.01.2005 18:44:54 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@tripod[2].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@tripod.cl/ Expires : 24.03.2005 17:46:14 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@webpdp.gator[2].txt Category : Data Miner Comment : Hits:131 Value : Cookie:khanh@webpdp.gator.com/ Expires : 23.04.2004 02:00:00 LastSync : Hits:131 UseCount : 0 Hits : 131 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@cms[1].txt Category : Data Miner Comment : Hits:83 Value : Cookie:khanh@jmcms.cydoor.com/scripts/cms/ Expires : 18.04.2003 17:27:36 LastSync : Hits:83 UseCount : 0 Hits : 83 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@adserv.internetfuel[3].txt Category : Data Miner Comment : Hits:10 Value : Cookie:khanh@adserv.internetfuel.com/ Expires : 01.12.2003 16:00:00 LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@tripod[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:khanh@tripod.com/ Expires : 27.02.2005 20:51:14 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@ehg-sonypictures.hitbox[1].txt Category : Data Miner Comment : Hits:19 Value : Cookie:khanh@ehg-sonypictures.hitbox.com/ Expires : 19.03.2005 16:34:10 LastSync : Hits:19 UseCount : 0 Hits : 19 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@www.ntsearch[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:khanh@www.ntsearch.com/ Expires : 01.06.2005 02:53:50 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@questionmarket[3].txt Category : Data Miner Comment : Hits:4 Value : Cookie:khanh@questionmarket.com/ Expires : 02.06.2005 12:06:22 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@www.qksrv[2].txt Category : Data Miner Comment : Hits:9 Value : Cookie:khanh@www.qksrv.net/ Expires : 20.09.2007 14:08:46 LastSync : Hits:9 UseCount : 0 Hits : 9 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@hestia.sextrail.trakkerd[3].txt Category : Data Miner Comment : Hits:5 Value : Cookie:khanh@hestia.sextrail.trakkerd.net/ Expires : 23.09.2003 18:06:14 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@casalemedia[3].txt Category : Data Miner Comment : Hits:18 Value : Cookie:khanh@casalemedia.com/ Expires : 26.11.2005 19:26:42 LastSync : Hits:18 UseCount : 0 Hits : 18 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@atdmt[2].txt Category : Data Miner Comment : Hits:7 Value : Cookie:khanh@atdmt.com/ Expires : 23.05.2009 02:00:00 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@realmedia[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:khanh@realmedia.com/ Expires : 01.01.2011 01:59:58 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@counter12.sextracker[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@counter12.sextracker.com/ Expires : 25.09.2002 09:46:20 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@etype.adbureau[2].txt Category : Data Miner Comment : Hits:5 Value : Cookie:khanh@etype.adbureau.net/ Expires : 01.03.2007 01:59:58 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@overture[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:khanh@overture.com/ Expires : 07.09.2012 15:27:52 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@cgi-bin[3].txt Category : Data Miner Comment : Hits:3 Value : Cookie:khanh@gamestar.de/cgi-bin/ Expires : 06.03.2004 17:28:16 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@maxserving[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@maxserving.com/ Expires : 09.04.2014 20:06:14 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@bs.serving-sys[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@bs.serving-sys.com/ Expires : 01.01.2038 07:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@popupsponsor[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@popupsponsor.com/ Expires : 06.10.2002 21:42:38 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@zedo[2].txt Category : Data Miner Comment : Hits:8 Value : Cookie:khanh@zedo.com/ Expires : 08.10.2004 20:06:22 LastSync : Hits:8 UseCount : 0 Hits : 8 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@bravenet[1].txt Category : Data Miner Comment : Hits:7 Value : Cookie:khanh@bravenet.com/ Expires : 10.05.2014 12:56:58 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@counter1.sextracker[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@counter1.sextracker.com/ Expires : 21.09.2002 11:01:14 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@hotlog[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@hotlog.ru/ Expires : 02.10.2003 17:05:18 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@www1.paypopup[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@www1.paypopup.com/ Expires : 25.03.2004 16:16:36 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@www.1stblaze[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@www.1stblaze.com/ Expires : 06.10.2002 21:44:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@as1.falkag[1].txt Category : Data Miner Comment : Hits:5 Value : Cookie:khanh@as1.falkag.de/ Expires : 31.03.2005 00:03:22 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@paycounter[2].txt Category : Data Miner Comment : Hits:6 Value : Cookie:khanh@paycounter.com/ Expires : 31.12.2030 03:00:00 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@iwon[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:khanh@iwon.com/ Expires : 07.09.2014 01:50:08 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@partners.webmasterplan[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@partners.webmasterplan.com/ Expires : 01.07.2004 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@sexlist[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:khanh@sexlist.com/ Expires : 20.09.2003 19:01:54 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@count.xhit[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:khanh@count.xhit.com/ Expires : 15.04.2005 21:38:06 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@hitbox[2].txt Category : Data Miner Comment : Hits:16 Value : Cookie:khanh@hitbox.com/ Expires : 19.03.2005 16:41:10 LastSync : Hits:16 UseCount : 0 Hits : 16 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@fortunecity[1].txt Category : Data Miner Comment : Hits:4 Value : Cookie:khanh@fortunecity.com/ Expires : 01.01.2011 01:59:58 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@bfast[2].txt Category : Data Miner Comment : Hits:10 Value : Cookie:khanh@bfast.com/ Expires : 05.10.2022 21:50:04 LastSync : Hits:10 UseCount : 0 Hits : 10 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@adserver.itsfogo[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:khanh@adserver.itsfogo.com/ Expires : 21.08.2014 16:51:18 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@ads.tripod.lycos[1].txt Category : Data Miner Comment : Value : C:\WINDOWS\Cookies\\khanh@ads.tripod.lycos[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@questionmarket[2].txt Category : Data Miner Comment : Value : C:\WINDOWS\Cookies\\khanh@questionmarket[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : khanh@casalemedia[1].txt Category : Data Miner Comment : Value : C:\WINDOWS\Cookies\\khanh@casalemedia[1].txt Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 47 Objects found so far: 57 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : File Data : preinstt.exe Category : Malware Comment : Object : C:\WINDOWS\ IPInsight Object Recognized! Type : File Data : sentry.exe Category : Data Miner Comment : Object : C:\WINDOWS\ FileVersion : 0, 0, 1, 3 ProductVersion : 0, 0, 1, 3 ProductName : IP-Sentry Stub CompanyName : IP-Insight Corporation FileDescription : SentryStub.exe is a stub installer for the company's IP-Sentry application -both distributed by IP-Insight Corporation, a Delaware Corporation. Please see http://www.ipinsight.com for more details. InternalName : SentryStub LegalCopyright : Copyright © 2002 OriginalFilename : SentryStub.exe Comments : SentryStub.exe is a stub installer for the company's IP-Sentry application -both distributed by IP-Insight Corporation, a Delaware Corporation. Please see http://www.ipinsight.com for more details. Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 59 BookedSpace Object Recognized! Type : File Data : polall1m.exe Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ Disk Scan Result for C:\WINDOWS\SYSTEM »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 60 VX2 Object Recognized! Type : File Data : preInsTT.exe Category : Malware Comment : Object : C:\WINDOWS\TEMP\ BookedSpace Object Recognized! Type : File Data : polall1m.exe Category : Malware Comment : Object : C:\WINDOWS\TEMP\ VX2 Object Recognized! Type : File Data : satmat.cab Category : Malware Comment : Object : C:\WINDOWS\TEMP\ VX2 Object Recognized! Type : File Data : satmat.exe Category : Malware Comment : Object : C:\WINDOWS\TEMP\ FileVersion : 0, 1, 1, 3 ProductVersion : 0, 1, 1, 3 CompanyName : Better Internet Inc. FileDescription : www.abetterinternet.com LegalCopyright : Copyright © 2002 Disk Scan Result for C:\WINDOWS\TEMP\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 64 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 901 entries scanned. New critical objects:0 Objects found so far: 64 MRU List Object Recognized! Location: : .DEFAULT\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\ahead\nero wave editor\recent file list Description : list of recently used files in nero wave editor MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\outlook express\recent stationery list Description : list of recently used stationery in microsoft outlook express MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : .DEFAULT\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : .DEFAULT\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DownloadWare Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mp.mediapops DownloadWare Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mp.mediapops Value : DownloadWare Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mp.mediapops.1 DownloadWare Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mp.mediapops.1 Value : DownloadWare Object Recognized! Type : File Data : Digital Signature 20020903.htm Category : Malware Comment : Object : C:\WINDOWS\ DownloadWare Object Recognized! Type : File Data : Digital Signature 20020926.htm Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor\xml VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor\xml Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4d5OfSDist VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4d5OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4o5pListSPos VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4n5ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4n5ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4n5ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4n5trSEvnt VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4n5trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4S5Insur VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4h5rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TT4C5ntrSTransac VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4u5rrentSMode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4n5tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTM4o5deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4h5rshSBath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4h5rshSysSInf VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4h5rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4g5noreS VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5i6cky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TT4N5a6tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTD4s5tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTD4s5tSCHost VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTD4s5tSCPath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTS4t5atusOfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTL3a4stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTL3a4stSSChckin VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC1o4d5eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4i5m6eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5i6cky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5i6cky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5i6cky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTP4D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} VX2 Object Recognized! Type : File Data : TWAINTEC.INI Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : File Data : TWTINI.INF Category : Malware Comment : Object : C:\WINDOWS\inf\ VX2 Object Recognized! Type : File Data : TWAINTEC.INF Category : Malware Comment : Object : C:\WINDOWS\inf\ VX2 Object Recognized! Type : File Data : binkw32.dll Category : Malware Comment : Object : C:\WINDOWS\TEMP\ VX2 Object Recognized! Type : File Data : dummy.htm Category : Malware Comment : Object : C:\WINDOWS\TEMP\ IPInsight Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Programme\ip IPInsight Object Recognized! Type : File Data : INSTALL.LOG Category : Data Miner Comment : Object : C:\Programme\ip\ IPInsight Object Recognized! Type : File Data : UNWISE.EXE Category : Data Miner Comment : Object : C:\Programme\ip\ IPInsight Object Recognized! Type : File Data : UNWISE.INI Category : Data Miner Comment : Object : C:\Programme\ip\ IPInsight Object Recognized! Type : File Data : Sentry.ini Category : Data Miner Comment : Object : C:\WINDOWS\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 57 Objects found so far: 151 14:34:32 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:16.180 Objects scanned:40923 Objects identified:121 Objects ignored:0 New critical objects:121 .... Dann das infected Zeug (du meintest doch mit "bearbeiten" klicken und infected reinschreiben in "suche" oda?): Wed Mar 30 14:49:53 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Wed Mar 30 14:49:53 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Mar 30 14:49:53 2005 => System found infected with 180Solutions Spyware/Adware ({30d02401-6a81-11d0-8274-00c04fd5ae38})! Action taken: No Action Taken. Wed Mar 30 14:49:53 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Mar 30 14:49:53 2005 => System found infected with VX2 Spyware/Adware ({0E5CBF21-D15F-11D0-8301-00AA005B4383})! Action taken: No Action Taken. Wed Mar 30 14:49:53 2005 => File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Mar 30 14:49:53 2005 => Offending Folder C:\WINDOWS\STARTM~1\PROGRA~1\PRECIS~1 present... Wed Mar 30 14:49:53 2005 => System found infected with precisiontime Spyware/Adware! Action taken: No Action Taken. Wed Mar 30 14:49:53 2005 => File System Found infected by "precisiontime Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Mar 30 14:49:53 2005 => Offending value found in HKLM\Software\vendor !!! Wed Mar 30 14:49:53 2005 => System found infected with vendor Spyware/Adware! Action taken: No Action Taken. Wed Mar 30 14:49:53 2005 => File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken. Wed Mar 30 14:49:54 2005 => Offending value found in HKLM\Software\TwainTec !!! Wed Mar 30 14:49:54 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken. Wed Mar 30 14:49:54 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken. Jo ,das war alles mit infected ...hm eigentlich ,wenn ich nur infected bei der suche eingebe wird nur das erste infected markiert ...also das mit "alexa" . Hm , hoffe mal ist nichts ernstes mit meinem Comp -.- Ansonsten ists echt nett ,dass du mir hilfst. Also beim ersten mal scanen mit AD dings sollte ich das Zeug ,dass angezeigt nicht löschen ,oder? Dieser Beitrag wurde am 31.03.2005 um 09:29 Uhr von Och_menno editiert.
|
|
|
||
31.03.2005, 09:36
Ehrenmitglied
Beiträge: 29434 |
#10
Hallo@Och_menno
wenn du mit der killbox alles geloescht hast, was ich geschrieben habe , dann muesste nun alles in Ordnung sein C:\WINDOWS\TEMP\ <----leere diesen Ordner (nicht den Ordner selbst loeschen) #ClaerProg..lade die neuste Version <1.4.1 http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.03.2005, 11:46
...neu hier
Beiträge: 6 |
#11
Cool , da bin ich ja jetzt beruhigt ,wenn alles in Ordnung sein sollte
Nur lässt sich "ZLT043a6" Datei im Temp ordner nicht löschen?!? Hast du Ahnung ,wie man den Schreibschutz entfernt? |
|
|
||
31.03.2005, 11:50
Ehrenmitglied
Beiträge: 29434 |
#12
lass, es ist schon in Ordnung, wenn du sie nicht loeschen kannst, dann wird sie wahrscheinlich benoetigt von einem Programm
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.03.2005, 18:12
...neu hier
Beiträge: 6 |
#13
Und was ist das für ein Programm -.-?
|
|
|
||
01.04.2005, 12:56
Ehrenmitglied
Beiträge: 29434 |
#14
C:\WINDOWS\TWAINTEC.INI
C:\WINDOWS\TEMP\dummy.htm C:\WINDOWS\TEMP\binkw32.dll <--das waere zu loeschen. wozu ZLT043a6 gehoert ? --> rechtsklick-->Eigenschaften.... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.04.2005, 20:35
...neu hier
Beiträge: 6 |
#15
Hm ,ich hab danach gesucht aber finde es nicht , Killbox meint auch ,es würde nicht existieren. Habe ich nicht irgendwie mal den gesamten Temp Ordner gelöscht?^^
Zu ZLT043a6 : Gibs nicht mehr ,aba dafür andere Zlt's komisch Und bei Eigenschaft steht dort ,dass es TMP datei ist mehr nicht. Bevor dieser thread von mir in Vergessenheit gerät: DAnke für die kompetente Hilfe!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Dieser Beitrag wurde am 05.04.2005 um 16:02 Uhr von Och_menno editiert.
|
|
|
||
Also wie es aussieht hat mein Ebates MoneyMaker befallen.
Wenn ich mit adware scanne werden immer ca 7 einträge (Ebates MoneyMaker) angezeigt egal wie oft ich die lösche.
Außerdem öffnen sich hier bei mir dauernt fenster vom internet explorer (das nervt tierisch)
Habe schon alles mögliche probiert und jetzt bin ich müde und geh ins bett. aber vorher gebe ich euch noch meine hijackthis log
Logfile of HijackThis v1.98.2
Scan saved at 01:07:40, on 05.12.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\svchost.exe
C:\Programme\No-IP\DUC20.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
D:\ICQLite\ICQLite.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
D:\eMule-0.44b-Webcache-1.2e-bin\emule.exe
D:\cppchance\cppc.exe
D:\Nukeduke\dsdi\dsdi.exe
D:\Ad-Aware SE Personal\Ad-Aware.exe
D:\Opera\opera.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\hijackthis_198\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [ICQ Lite] d:\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [kalvsys] C:\winnt\system32\kalvpeg32.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule-0.44b-Webcache-1.2e-bin\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O4 - Startup: DSDI.lnk = D:\Nukeduke\dsdi\dsdi.exe
O4 - Global Startup: cppc.lnk = D:\cppchance\cppc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Programme\Agnitum\Outpost Firewall\TRASH.EXE (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{714D9465-DF8C-41C2-8E75-16A59E613F69}: NameServer = 192.168.0.1
hoffe ihr könnt mir weiter helfen