W32Tibick.A wie entfernen?

...neu hier

Beiträge: 6

#1 ich hab ein problem mit tibickA ich hab keine ahnung wie ich den loswerde ich schick euch jetzt eine log datei könnte die bitte einer auswerten:

Logfile of HijackThis v1.98.2
Scan saved at 19:32:39, on 09.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\inKline Global\PC Booster\pcbooster.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ps2.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\Winamp3\winamp3.exe
C:\Programme\AOL 8.0\waol.exe
C:\Programme\AOL 8.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Alex.ARBEITSZIMMER\Desktop\hijackthis1982\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adrobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Programme\DashBar\DashBar17.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [PC Booster] C:\Programme\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\ugrlyz.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\kazemule-com\local.htm (file missing)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} (preload control) - http://www.thepaymentcentre.com/build/preload2.cab
O16 - DPF: {16A7470E-229C-45F9-AE05-A87034FD14CF} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.3.cab?
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://god.t-online.de/download/ExentCtl.ocx
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com//content/thinktanks/BTDownloadCtrl.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.98.176.62/EPlugin_GB.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B74A16E0-59C6-497D-97F5-50E4F3161D1C}: NameServer = 205.188.146.145

09.12.2004, 19:33

...neu hier

Themenstarter

Beiträge: 6

#2 ich bedanke mich schonma im vorraus und hoffe auf eine baldige antwort

09.12.2004, 21:47

joschi

Moderator

Beiträge: 6466

#3 Ich hoffe Du verstehst, das Antworten nicht schneller erfolgen, wenn man doppelt postet.
__________
Durchsuchen --> Aussuchen --> Untersuchen

10.12.2004, 10:22

Ehrenmitglied

Beiträge: 29434

#4 Hallo@DarkJk3

Gehe in die Registry
Start<Ausfuehren<regedit

loesche rechts in der Registry folgenden Eintraege:

HKCU\Software\Kazaa\LocalContent\
Dir<NUM>
(wobei <NUM> der Bereich 0 - 100 ist)

HKCU\Software\iMesh\Client\LocalContent\
Dir<NUM>
(wobei <NUM> der Bereich 0 - 100 ist)

W32/Tibick-A kann eine Zeile zu der Datei MorphConfig.ini in dem Ordner hinzufügen, der sich an folgender Stelle befindet:

HKLM\SOFTWARE\Morpheus\Install_Dir

Diese Zeile verweist auf den MSVIEW-Ordner und ermöglicht dem Wurm sich über Morpheus zu verbreiten.

W32/Tibick-A kann eine Zeile zu der Datei Shared Folders.txt im Data-Unterordner des Ordners in HKCR\wareo\shell\open\command hinzufügen, die auf den MSVIEW-Ordner verweist und dem Wurm die Möglichkeit gibt sich über Warez zu verbreiten.

W32/Tibick-A kann eine Zeile zu der Datei shareddir.dat im Config-Unterordner des Ordners in HKCU\Software\eMule\Install Path hinzufügen, die auf den MSVIEW-Ordner verweist, damit sich der Wurm über eMule verbreiten kann.

W32/Tibick-A kann eine lange XML-Zeichenfolge in die Datei DCPlusPlus.xml schreiben, die sich im Ordner HKLM\SOFTWARE\DC++\Install_Dir befindet. Die Zeichenfolge endet mit einer Zeile, die auf den MSVIEW-Ordner verweist, damit sich der Wurm über DC++ verbreiten kann.

W32/Tibick-A kann auch die folgenden Registrierungseinträge erstellen, damit er sich über KaZaA und iMesh verbreiten kann:

HKCU\Software\Kazaa\Advanced\
SuperNode =
0

HKCU\Software\Kazaa\Advanced\
ScanFolder =
0

HKCU\Software\Kazaa\LocalContent\
DisableSharing =
0

HKCU\Software\Kazaa\LocalContent\
DisableListFiles =
1

HKCU\Software\Kazaa\ResultsFilter\
firewall_filter =
0

HKCU\Software\Kazaa\ResultsFilter\
virus_filter =
0

HKCU\Software\Kazaa\Transfer\
UploadBandwidth =
0

HKCU\Software\Kazaa\Transfer\
ConcurrentUploads =
0

HKCU\Software\Kazaa\Transfer\
NoUploadLimitWhenIdle =
1

HKCU\Software\Kazaa\
LimitBitrate =
0

HKCU\Software\Kazaa\DontShow\
CloseToSystray =
1

HKCU\Software\Kazaa\InstantMessaging\
IgnoreAll =
1

HKCU\Software\Kazaa\UserDetails\
AutoConnected =
1

HKCU\Software\iMesh\Client\LocalContent\
DisableSharing =
0

HKCU\Software\iMesh\Client\LocalContent\
ConcurrentUploads =
20

W32/Tibick-A verfügt auch über IRC-Backdoortrojaner-Funktionalität. W32/Tibick-A versucht, sich mit main.m00p.org zu verbinden und eine Datei von einer speziellen Adresse mit einem zufälligen Namen und einer EXE-Erweiterung in den Windows-Ordner herunterzuladen und auszuführen, wenn er die entsprechende Anweisung erhält.
http://www.sophos.de/virusinfo/analyses/w32tibicka.html

Deaktivieren Wiederherstellung
«XP
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Programme\DashBar\DashBar17.dll
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\ugrlyz.exe
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\kazemule-com\local.htm (file missing)
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} (preload control) - http://www.thepaymentcentre.com/build/preload2.cab
O16 - DPF: {16A7470E-229C-45F9-AE05-A87034FD14CF} (UDConnect Class) - http://03.sharedsource.org/html/UDConn_5.2.1.3.cab?
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com//content/thinktanks/BTDownloadCtrl.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.98.176.62/EPlugin_GB.cab

PC neustarten

#C:\Windows\Downloaded Programm Files\ --> ALLE löschen

#loeschen:
C:\Programme\Gemeinsame Dateien\CMEII\

#1.) öffne das HijackThis:
2.) HijackThis starten, den Config Button klicken - MiscTools - "Delete a file on reboot" .
3.) In dem Fenster bei Dateiname einfügen\reinkopieren:

C:\Programme\DashBar\DashBar17.dll

4.) wenn dann die Frage kommt, ob neugestartet werden soll (will be deleted by Windows when the system restarts....Do you want to restart your computer now?" )-->>klicke "no" und fuege das naechste ein:

C:\Windows\System32\ieloader.dll
C:\WINDOWS\EPLUGIN.OCX
C:\WINDOWS\System32\ugrlyz.exe
C:\Windows\System32\svcnet.exe
C:\Windows\msview.exe

nun klicke auf "yes" und starte PC neu

Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k

#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!

1) lade rem.zip herunter
http://forums.skads.org/index.php?showtopic=80
(dort im 1. Posting von Baskar unter Attached File(s)!).
2) entpacke es im verzeichnis C:\WINDOWS\System32\
(es ist wichtig, dass es in diesem verzeichnis ist!)

3) starte den rechner im abgesicherten modus.
http://www.tu-berlin.de/www/software/virus/savemode.shtml
4) starte die datei rem.bat, scannen lassen.

5) starte den rechner anschließend im normalen modus.
6) unter C:\ sollte nun eine datei namens log.txt zu finden sein.
7) markiere den inhalt und füge ihn hier ein.
_________________________________________________________________

arbeite das ab ( du wirst die ganzen Dialer dann manuell loeschen muessen)
#eScan-Erkennungstool
http://www.rokop-security.de/board/index.php?showtopic=3867

#Trend-Micro (Online)
http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php
__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 10.12.2004 um 11:15 Uhr von Sabina editiert.

11.12.2004, 11:49

...neu hier

Themenstarter

Beiträge: 6

#5 hier ist die log datei:

Microsoft Windows XP [Version 5.1.2600]
C:\WINDOWS\system32
"Files found"
---------------------------------------------------------------------

Zipping files............
---------------------------------------------------------

deleting files........
---------------------------------------------------------

"Files Not Deleted"
---------------------------------------------------------------------

Checking for version 2 files..........
Files Found
------------------------------------------------------------

Zipping files............
---------------------------------------------------------

deleting files........
---------------------------------------------------------

Files Not deleted
------------------------------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------

-----------------------------------------------------------------

Done

11.12.2004, 16:37

Ehrenmitglied

Beiträge: 29434

#6 und ...wo ist das neue Log vom Hijackthis ????
__________
MfG Sabina

rund um die PC-Sicherheit

12.12.2004, 13:10

...neu hier

Themenstarter

Beiträge: 6

#7 danke Sabrina mein computer ist wieder sauber wenn ich wieder probleme hab dann weiss ich wo ich hin muss

18.01.2005, 21:21

...neu hier

Beiträge: 8

#8 Ich habe diesen Wurm auch gerade entdekt, in msview.
Ich habe diese Anleitung so ungefähr befolgt.
Wenn mir jemand sagen könnte, ob ich ihn los bin wäre ich sehr dankbar.

Logfile of HijackThis v1.99.0
Scan saved at 21:13:30, on 18.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Programme\ATI Technologies\ATI.ACE\cli.exe
F:\Programme\QuickTime\qttask.exe
F:\Programme\AVPersonal\AVGNT.EXE
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programme\AVPersonal\AVGUARD.EXE
F:\Programme\AVPersonal\AVWUPSRV.EXE
F:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Programme\ATI Technologies\ATI.ACE\CLI.exe
F:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
F:\WINDOWS\System32\svchost.exe
F:\Programme\WinRAR\WinRAR.exe
F:\DOKUME~1\Martin\LOKALE~1\Temp\Rar$EX00.813\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] F:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "F:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] F:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [hplampc] F:\WINDOWS\system32\hplampc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Adobe LM Service - Unknown - F:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - F:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - F:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: C-DillaCdaC11BA - Macrovision - F:\WINDOWS\system32\drivers\CDAC11BA.EXE

19.01.2005, 00:09

Ehrenmitglied

Beiträge: 29434

#9 Hallo@beowulf

Das Log ist sauber

Deaktiviere zur Sicherheit die System-Wiederherstellung, boote, dann aktiviere sie wieder.
__________
MfG Sabina

rund um die PC-Sicherheit

19.01.2005, 22:02

...neu hier

Beiträge: 8

#10 Danke, hab ich schon gemacht.
Leider habe ich seither keinen Zugriff auf meine Grafikartensoftware.
(Sapphire Radeon 9600 XT)
Die Software wurde schon neu installiert.
Ich habe den Dienst svnet.exe deaktiviert.
Kann es daran liegen ?

mfG. beowulf

19.01.2005, 22:11

Ehrenmitglied

Beiträge: 29434

#11 Win32.Tibick.A

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\System Restore = svcnet.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\System Restore = svcnet.exe
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39924
__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 19.01.2005 um 22:12 Uhr von Sabina editiert.

19.01.2005, 23:09

...neu hier

Beiträge: 8

#12 Nachdem ich "System Restore" nicht finden konnte, hab ich das mal selbst erstellt.
Ich hoffe das war richtig.
Also das Programm svcnet.exe ist vorhanden aber nicht aktiv
und kann die zugehörige Datei nicht finden.(Task Manager)
Grafikkartenzugriff habe ich noch nicht.

Ich bitte nochmals um Hilfe

20.01.2005, 13:46

Ehrenmitglied

Beiträge: 29434

#13 beowulf

Dienste anzeigen:
#Scrolle bis zu Mitte dieser Seite und lade:
get_active_services_179.zip --> entpacken -->
http://computercops.biz/postp237756.html
gehe in den abgesicherten Modus (du must als Administrator angemeldet sein)
http://www.tu-berlin.de/www/software/virus/savemode.shtml
öffnen -->"get active services.vbs"-->scannen-->Active.txt-->es öffnet sich der [Texteditor]-->
-->nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

StartupList 1.20
http://bilder.informationsarchiv.net/Nikitas_Tools/
klicke : startuplist.exe und
kopiere die startuplist.txt ind Forum

Lade: FindIt.zip--> noch einmal posten, bitte
http://bilder.informationsarchiv.net/Nikitas_Tools/
Lade, entpacke und klicke auf: "find.bat" [ignoriere : File not found messages]
<DOS oeffnet sich -->warte den Scan ab --> es oeffnet sich der Texteditor --> und poste den Text von output.txt.

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
scannen--> neustarten--> noch mal scanne und poste das Loh
__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 20.01.2005 um 13:49 Uhr von Sabina editiert.

20.01.2005, 20:08

...neu hier

Beiträge: 8

#14 ich habe gleich mal das falsche tool erwischt, bin erst draufgekommen als ich fertig war.
dann hab ich das richtige geladen, wollte im abgesicherten modus starten....
geht nicht mehr!!??
Im Bios fehlen auch ein paar Optionen.

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

StartupList report, 20.01.2005, 18:30:13
StartupList version: 1.34.0
Started from : F:\Dokumente und Einstellungen\Martin\Desktop\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Dokumente und Einstellungen\Martin\Desktop\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
Adobe Gamma Loader.lnk = F:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
ATI CATALYST System Tray.lnk = F:\Programme\ATI Technologies\ATI.ACE\CLI.exe
Pinnacle Scheduler.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = F:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

QuickTime Task = "F:\Programme\QuickTime\qttask.exe" -atboottime
NeroFilterCheck = F:\WINDOWS\system32\NeroCheck.exe
AVGCtrl = F:\Programme\AVPersonal\AVGNT.EXE /min
HPDJ Taskbar Utility = F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
hplampc = F:\WINDOWS\system32\hplampc.exe
ATIPTA = F:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Default) =
ATICCC = "F:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
System Restore = svcnet.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = F:\WINDOWS\system32\ctfmon.exe
System Restore = svcnet.exe

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "F:\WINDOWS\notepad.exe" "%1"

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = F:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = F:\WINDOWS\System32\Rundll32.exe F:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Checking for EXPLORER.EXE instances:

F:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
F:\WINDOWS\Explorer\Explorer.exe: not present
F:\WINDOWS\System\Explorer.exe: not present
F:\WINDOWS\System32\Explorer.exe: not present
F:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Download Program Files:

[WUWebControl Class]
InProcServer32 = F:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106079922437

--------------------------------------------------
End of report, 5.479 bytes
Report generated in 0,141 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System32 Directory -------

Datentr„ger in Laufwerk F: ist XP
Volumeseriennummer: 8065-24D2

Verzeichnis von F:\WINDOWS\System32

18.01.2005 23:40 <DIR> dllcache
09.01.2005 19:37 <DIR> Microsoft
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 48.396.091.392 Bytes frei

------- Hidden Files in System32 Directory -------

Datentr„ger in Laufwerk F: ist XP
Volumeseriennummer: 8065-24D2

Verzeichnis von F:\WINDOWS\System32

18.01.2005 23:40 <DIR> dllcache
09.01.2005 19:28 488 logonui.exe.manifest
09.01.2005 19:28 488 WindowsLogon.manifest
09.01.2005 19:28 749 nwc.cpl.manifest
09.01.2005 19:28 749 sapi.cpl.manifest
09.01.2005 19:28 749 ncpa.cpl.manifest
09.01.2005 19:28 749 wuaucpl.cpl.manifest
09.01.2005 19:28 749 cdplayer.exe.manifest
7 Datei(en) 4.721 Bytes
1 Verzeichnis(se), 48.396.091.392 Bytes frei

---------- Files Named "Guard" -------------

Datentr„ger in Laufwerk F: ist XP
Volumeseriennummer: 8065-24D2

Verzeichnis von F:\WINDOWS\System32

--------- Temp Files in System32 Directory --------

Datentr„ger in Laufwerk F: ist XP
Volumeseriennummer: 8065-24D2

Verzeichnis von F:\WINDOWS\System32

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

------------ Keys Under Notify ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

---------------- Xfind Results -----------------

Der Befehl "Xfind" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.

-------------- Locate.com Results ---------------

Ad-Aware SE Build 1.05
Logfile Created on

onnerstag, 20. Jänner 2005 19:54:41
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Claria(TAC index:7):8 total references
MRU List(TAC index:0):38 total references
Tracking Cookie(TAC index:3):26 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

20.01.2005 19:54:41 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent publish list
Description : list of recently published webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\editor\recent templates
Description : list of recently used templates in microsoft publisher

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\editor
Description : default add image directory for microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage
Description : default save location in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\editor\per-web image save directories
Description : list of image save directories per web in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\webs\opened
Description : list of recently opened webs in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
Description : list of recently created servers in microsoft frontpage

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-606747145-1078145449-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : F:\Dokumente und Einstellungen\Martin\recent
Description : list of recently opened documents

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 776
ThreadCreationTime : 20.01.2005 18:47:48
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\F:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 20.01.2005 18:47:49
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\F:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 20.01.2005 18:47:50
BasePriority : High

#:4 [services.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 20.01.2005 18:47:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 20.01.2005 18:47:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1088
ThreadCreationTime : 20.01.2005 18:47:51
BasePriority : Normal
FileVersion : 6.14.10.4107
ProductVersion : 6.14.10.4107.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 20.01.2005 18:47:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1176
ThreadCreationTime : 20.01.2005 18:47:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 1320
ThreadCreationTime : 20.01.2005 18:47:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 1376
ThreadCreationTime : 20.01.2005 18:47:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 1480
ThreadCreationTime : 20.01.2005 18:47:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1516
ThreadCreationTime : 20.01.2005 18:47:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ati2evxx.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1892
ThreadCreationTime : 20.01.2005 18:47:53
BasePriority : Normal
FileVersion : 6.14.10.4107
ProductVersion : 6.14.10.4107.03
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:14 [explorer.exe]
FilePath : F:\WINDOWS\
ProcessID : 1956
ThreadCreationTime : 20.01.2005 18:47:54
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:15 [qttask.exe]
FilePath : F:\Programme\QuickTime\
ProcessID : 188
ThreadCreationTime : 20.01.2005 18:47:57
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:16 [avgnt.exe]
FilePath : F:\Programme\AVPersonal\
ProcessID : 224
ThreadCreationTime : 20.01.2005 18:47:57
BasePriority : Normal

#:17 [hpztsb04.exe]
FilePath : F:\WINDOWS\system32\spool\drivers\w32x86\3\
ProcessID : 232
ThreadCreationTime : 20.01.2005 18:47:57
BasePriority : Normal
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2001

#:18 [cli.exe]
FilePath : F:\Programme\ATI Technologies\ATI.ACE\
ProcessID : 276
ThreadCreationTime : 20.01.2005 18:47:58
BasePriority : Normal

#:19 [ctfmon.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 284
ThreadCreationTime : 20.01.2005 18:47:58
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:20 [avguard.exe]
FilePath : F:\Programme\AVPersonal\
ProcessID : 392
ThreadCreationTime : 20.01.2005 18:48:00
BasePriority : Normal

#:21 [cli.exe]
FilePath : F:\Programme\ATI Technologies\ATI.ACE\
ProcessID : 408
ThreadCreationTime : 20.01.2005 18:48:01
BasePriority : Normal

#:22 [avwupsrv.exe]
FilePath : F:\Programme\AVPersonal\
ProcessID : 464
ThreadCreationTime : 20.01.2005 18:48:01
BasePriority : Normal

#:23 [pclescheduler.exe]
FilePath : F:\Programme\Pinnacle\Shared Files\Programs\Scheduler\
ProcessID : 492
ThreadCreationTime : 20.01.2005 18:48:01
BasePriority : Normal
FileVersion : 1, 0, 1, 12
ProductVersion : 1.0.1.1
ProductName : Scheduler
CompanyName : Pinnacle Systems
FileDescription : Pinnacle Scheduler Application
InternalName : PCLEScheduler
LegalCopyright : © 2002-2004 by Pinnacle Systems
OriginalFilename : PCLEScheduler.exe

#:24 [cdac11ba.exe]
FilePath : F:\WINDOWS\system32\drivers\
ProcessID : 544
ThreadCreationTime : 20.01.2005 18:48:06
BasePriority : Normal
FileVersion : 4.20.020
ProductVersion : 4.20.020 Windows NT 2002/12/10
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:25 [inetinfo.exe]
FilePath : F:\WINDOWS\system32\inetsrv\
ProcessID : 596
ThreadCreationTime : 20.01.2005 18:48:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet-Informationsdienste
CompanyName : Microsoft Corporation
FileDescription : Internet-Informationsdienste
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : INETINFO.EXE

#:26 [snmp.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 756
ThreadCreationTime : 20.01.2005 18:48:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : SNMP-Dienst
InternalName : snmp.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : snmp.exe

#:27 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 1136
ThreadCreationTime : 20.01.2005 18:48:12
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:28 [wdfmgr.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 20.01.2005 18:48:13
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:29 [alg.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 2076
ThreadCreationTime : 20.01.2005 18:48:22
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:30 [iexplore.exe]
FilePath : F:\Programme\Internet Explorer\
ProcessID : 2708
ThreadCreationTime : 20.01.2005 18:48:32
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:31 [ad-aware.exe]
FilePath : F:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2968
ThreadCreationTime : 20.01.2005 18:54:29
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : uets

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMI

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : LastInstall

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SSeq

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SEvt

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 46

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 46

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@2o7[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@adtech[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@adverserve[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@adverserve[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@advertising[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@apmebf[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@apmebf[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@as1.falkag[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@as1.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@atdmt[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@bluestreak[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@bluestreak[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@count.xhit[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@count.xhit[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@cxoadfarm.dyndns[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@cxoadfarm.dyndns[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@dcsgcxwngpifwznfzlmv83o6w_5w4m[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@dcsgcxwngpifwznfzlmv83o6w_5w4m[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@doubleclick[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@ehg-idg.hitbox[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@ehg-idg.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@gator[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@gator[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@hitbox[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@mediaplex[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@mediaplex[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@overture[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@overture[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@partners.webmasterplan[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@partners.webmasterplan[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@S111319[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@S111319[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@servedby.advertising[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@servedby.advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@servedby.netshelter[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@servedby.netshelter[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@valueclick[2].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@valueclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@versiontracker[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@versiontracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : martin@www.counter-gratis[1].txt
Category : Data Miner
Comment :
Value : F:\Dokumente und Einstellungen\Martin\Cookies\martin@www.counter-gratis[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 26
Objects found so far: 72

Deep scanning and examining files (C

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 72

Deep scanning and examining files (F

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 72

Scanning Hosts file......
Hosts file location:"F:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 72

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 72

19:59:27 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:45.687
Objects scanned:95574
Objects identified:34
Objects ignored:0
New critical objects:34

Soll ich die kritischen Objekte in Quarantäne verschieben ?

Mir reichts dann mit diesem sch.... PC

21.01.2005, 09:36