Home » Viren, Trojaner & Malware Forum » TR/Krepper.Y und W32.Netsky » Themenansicht

TR/Krepper.Y und W32.Netsky
#0
28.12.2004, 19:24
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#31 Hallo@anegada

deinstalliere die Version (erkennungs-eSCan)mwav.exe + alle zugehoerigen Dateien
und lade diese von meiner Site

Lade:mwav.exe
http://bilder.informationsarchiv.net/Nikitas_Tools/
#mwav.exe
lege diesen ordner c:\bases an
mache ein update, indem du die datei kavupd.exe startest (DOS-Modus)
noch nicht scannen.

gehe in den abgesicherten Modus und scanne.

Dann berichte, was geloescht wuede.
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 28.12.2004 um 19:27 Uhr von Sabina editiert.
Seitenanfang Seitenende
28.12.2004, 19:31
anegada
Member

Beiträge: 19
#32 löschen des ordners c:/bases?
Seitenanfang Seitenende
28.12.2004, 19:32
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#33 ja, alles loeschen und dann neu erstellen und die neue mwav.exe reinkopieren und alles wie zuvor ausfuehren
Nur, dass diese EScan-Version loescht ;) und nicht nur anzeigt
Ich hatte sie dir nicht vorher gegeben, wegen der newdotnet6_38.dll, denn wenn die so einfach geloescht wird (ohne Lsp.fix) , kann es passieren. dass der WinsockVirus die Internetverbindung lahmlegt.
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 28.12.2004 um 19:35 Uhr von Sabina editiert.
Seitenanfang Seitenende
28.12.2004, 19:34
anegada
Member

Beiträge: 19
#34 vorher auch hier die systemwiederherst.löschen?
Seitenanfang Seitenende
28.12.2004, 19:34
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#35 na, die lass mal, die war ja schon deaktiviert.
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 28.12.2004 um 19:35 Uhr von Sabina editiert.
Seitenanfang Seitenende
28.12.2004, 19:36
anegada
Member

Beiträge: 19
#36 sorry - ich meine deaktivieren ... mir schwirrt schon der kopf ..lach*
Seitenanfang Seitenende
28.12.2004, 19:40
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#37 nein, nun lass mal alles, wie es ist......

scanne mit mwav.exe im abgesicherten Modus
und wenn das fertig ist, laedst und scannst du noch mit diesem Tool

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1

und postest mir das Logfile , sowie, was, eScan geloescht hat.

+ das neue Log vom HijackThis...dann ist wahrscheinlich alles o.k. ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.12.2004, 19:48
anegada
Member

Beiträge: 19
#38 Gut - Dein Wort in Gottes Ohr - :-)))

ich mache das jetzt in blindem Vertrauen, denn ich muß in den nächsten Tagen unbedingt ins Internet...

aber erst mal einen Kaffee zur Beruhigung !

ich melde mich dann auf jeden Fall - wenn nicht, bin ich abgestürzt.

Grüße
anegada
Seitenanfang Seitenende
28.12.2004, 23:15
anegada
Member

Beiträge: 19
#39 Hallo Sabina,
mein pc und ich leben also noch ...na ja, ich wollte es ja so ..lach*

Nachfolgend die gewünschten Logfiles - ganz schön umfangreich

1. HijackThis:

Logfile of HijackThis v1.99.0
Scan saved at 23:02:23, on 28.12.2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Programme\1&1 Programme\cFos\CFOSDW.EXE
C:\PROGRAMME\1&1 PROGRAMME\CFOS\CFNDIS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\UNZIPPED\HIJACKTHIS199_BETA\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
F1 - win.ini: run=C:\PROGRA~1\1&1PRO~1\CFOS\cfosdw.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRAMME\T-DSL SPEEDMANAGER\SPEEDMGR.EXE"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: GMX Clicktionary 2.8.lnk = C:\Programme\Clicktionary\Cleverlearn Clicktionary.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Verweisseiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com


2. von EScan

( wobei ich nicht weiß, ob und was gelöscht wurde )

Tue Dec 28 21:27:51 2004 => File C:\_RESTORE\ARCHIVE\FS13.CAB tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.

Tue Dec 28 21:27:51 2004 => File C:\_RESTORE\ARCHIVE\FS12.CAB tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.

Tue Dec 28 21:28:16 2004 => File C:\TEMP\Schaaaaf[1].exe tagged as not-a-virus:Simulator.Win16.Sheep. No Action Taken.

Tue Dec 28 21:31:58 2004 => File C:\unzipped\setup_postpaket_2_3\setup_postpaket_2_3.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Tue Dec 28 21:33:53 2004 => File D:\Eigene Dateien\Downloads\Schaaaaf[1].exe tagged as not-a-virus:Simulator.Win16.Sheep. No Action Taken.




Tue Dec 28 21:38:17 2004 => ***** Scanning complete. *****

Tue Dec 28 21:38:17 2004 => Total Number of Files Scanned: 48250
Tue Dec 28 21:38:17 2004 => Total Number of Virus(es) Found: 5
Tue Dec 28 21:38:17 2004 => Total Number of Disinfected Files: 0
Tue Dec 28 21:38:17 2004 => Total Number of Files Renamed: 0
Tue Dec 28 21:38:17 2004 => Total Number of Deleted Files: 0
Tue Dec 28 21:38:17 2004 => Total Number of Errors: 17
Tue Dec 28 21:38:17 2004 => Time Elapsed: 00:46:53
Tue Dec 28 21:38:17 2004 => Virus Database Date: 2004/12/28
Tue Dec 28 21:38:17 2004 => Virus Database Count: 114094

Tue Dec 28 21:38:17 2004 => Scan Completed.


3. von Ad-Aware


Ad-Aware SE Build 1.05
Logfile Created on;)ienstag, 28. Dezember 2004 22:48:40
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):8 total references
BrilliantDigital(TAC index:6):66 total references
Cydoor(TAC index:7):63 total references
DownloadWare(TAC index:8):7 total references
MRU List(TAC index:0):29 total references
NetworkEssentials(TAC index:7):4 total references
Tracking Cookie(TAC index:3):13 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


28.12.2004 22:48:40 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4279180125
Threads : 4
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294958525
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294950321
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk

#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294948749
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE

#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294863073
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:6 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294862637
Threads : 5
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : Standbildgeräte-Monitor
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE

#:7 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294899909
Threads : 21
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Betriebssystem Microsoft(R) Windows (R) 2000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE

#:8 [CFOSDW.EXE]
FilePath : C:\Programme\1&1 Programme\cFos\
ProcessID : 4294786125
Threads : 1
Priority : Normal


#:9 [CFNDIS.EXE]
FilePath : C:\PROGRAMME\1&1 PROGRAMME\CFOS\
ProcessID : 4294786873
Threads : 1
Priority : Normal


#:10 [STMGR.EXE]
FilePath : C:\WINDOWS\SYSTEM\RESTORE\
ProcessID : 4294829533
Threads : 5
Priority : Normal
FileVersion : 4.90.0.2533
ProductVersion : 4.90.0.2533
ProductName : Microsoft (r) PCHealth
CompanyName : Microsoft Corporation
FileDescription : Microsoft (R) PC State Manager
InternalName : StateMgr.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : StateMgr.exe

#:11 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294724309
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:12 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294723365
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Betriebssystem Microsoft(R) Windows(R) Millennium
CompanyName : Microsoft Corporation
FileDescription : System Tray-Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE

#:13 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294734489
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:14 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294653357
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe

#:15 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294701673
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe

#:16 [AD-AWARE.EXE]
FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294480613
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3dini

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3dini
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3ds

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3ds
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3dini_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3dini_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3ds_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3ds_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3d_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : b3d_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl.1

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdeplayer.bdeplayerctrl.1
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller25.bdesmartinstaller25

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller25.bdesmartinstaller25
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller25.bdesmartinstaller25.1

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bdesmartinstaller25.bdesmartinstaller25.1
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3eec42b5-fb94-40d3-a588-bb54b383a7cb}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3eec42b5-fb94-40d3-a588-bb54b383a7cb}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{51958169-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958167-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958167-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958168-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{51958168-d5e3-11d1-aa42-0000e842e40a}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{67925164-c4b6-11d2-b9c6-0000e84f59a6}
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : s3d_auto_file

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : s3d_auto_file
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{51958166-d5e3-11d1-aa42-0000e842e40a}

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{82fc7881-aacc-11d2-b9c6-0000e842e40a}

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : DisplayName

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : UnInstallString

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : UserCode

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : PrxyUrl

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : LastCMSConn

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : EnablePing

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : DHIS_2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : ShowChange

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : PrxyEnable

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : ProbeFsm

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : ProbeSec

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : General6

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : General0

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : DHIS_3

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : DelHistDate

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : DHIS_0

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : ConnType

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : DHIS_4

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : HIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : RHIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : DHIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : General5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : HIS_6

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : RHIS_6

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : DHIS_6

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : HIS_7

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : RHIS_7

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor
Value : DHIS_7

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\cydoor services

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : AdwrCnt

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : C:\PROGRAMME\KAZAA\KAZAA.EXE

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\downloadware

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\webinstall

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\webinstall
Value : Filename

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\webinstall
Value : Version

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\webinstall
Value : Guid

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 83
Objects found so far: 83


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 83


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@as1.falkag[2].txt
Category : Data Miner
Comment : Hits:24
Value : Cookie:standard@as1.falkag.de/
Expires : 27.01.2005 20:41:10
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@hitbox[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:standard@hitbox.com/
Expires : 28.12.2005 19:24:02
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:standard@advertising.com/
Expires : 27.12.2009 19:21:20
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@centrport[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:standard@centrport.net/
Expires : 01.01.2030 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@servedby.netshelter[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:standard@servedby.netshelter.net/
Expires : 29.06.2021 14:48:54
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@doubleclick[1].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:standard@doubleclick.net/
Expires : 27.12.2007 22:33:32
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:standard@servedby.advertising.com/
Expires : 27.01.2005 19:21:20
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@adtech[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:standard@adtech.de/
Expires : 26.12.2014 20:06:42
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@ehg-idg.hitbox[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:standard@ehg-idg.hitbox.com/
Expires : 28.12.2005 19:24:02
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@atdmt[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:standard@atdmt.com/
Expires : 26.12.2009 01:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@weborama[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:standard@weborama.fr/
Expires : 27.12.2006 22:32:56
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@mediaplex[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:standard@mediaplex.com/
Expires : 22.06.2009 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : standard@versiontracker[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:standard@versiontracker.com/
Expires : 28.12.2006 12:08:30
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 96



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 96

BrilliantDigital Object Recognized!
Type : File
Data : bdedata2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 1, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEData Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDEData (Release)
InternalName : BDEDATA
LegalCopyright : Copyright 1999
OriginalFilename : BDEDATA2.DLL


BrilliantDigital Object Recognized!
Type : File
Data : bdedownloader.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 3, 0, 38, 0
ProductVersion : 3, 0, 38, 0
ProductName : Brilliant Digital Entertainment Inc. BDEDownloader
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEDownloader
InternalName : BDEDownloader
LegalCopyright : Copyright © 2001 Brilliant Digital Entertainment Inc.
OriginalFilename : BDEDownloader.dll


BrilliantDigital Object Recognized!
Type : File
Data : bdefdi.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEFdiTest
InternalName : BDEFdiTest
LegalCopyright : Copyright © 2000
OriginalFilename : BDEFdiTest.exe


BrilliantDigital Object Recognized!
Type : File
Data : bdeload.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 3, 0, 11, 0
ProductVersion : 3, 0, 11, 0
ProductName : Brilliant Digital Entertainment bdeload
CompanyName : Brilliant Digital Entertainment
FileDescription : bdeload
InternalName : bdeload
LegalCopyright : Copyright © 2000
OriginalFilename : bdeload.dll


BrilliantDigital Object Recognized!
Type : File
Data : bderastmmx_30001.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 3, 0, 22, 0
ProductVersion : 3, 0, 22, 0
ProductName : MMX16Rast
CompanyName : Brilliant Digital
FileDescription : MMX16Rast
InternalName : MMX16Rast
LegalCopyright : Copyright © 1999 - 2000
OriginalFilename : MMX16Rast.dll


BrilliantDigital Object Recognized!
Type : File
Data : bderastdx6_30002.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
FileVersion : 3, 1, 2, 0
ProductVersion : 3, 1, 2, 0
ProductName : DX6Rast
CompanyName : Brilliant Digital
FileDescription : DX6Rast
InternalName : DX6Rast
LegalCopyright : Copyright © 1999 - 2000
OriginalFilename : DX6Rast.dll


Disk Scan Result for C:\WINDOWS\SYSTEM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 102

BrilliantDigital Object Recognized!
Type : File
Data : bdedata2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Brilliant\
FileVersion : 1, 0, 1, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEData Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDEData (Release)
InternalName : BDEDATA
LegalCopyright : Copyright 1999
OriginalFilename : BDEDATA2.DLL


BrilliantDigital Object Recognized!
Type : File
Data : bdedownloader.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Brilliant\
FileVersion : 3, 0, 38, 0
ProductVersion : 3, 0, 38, 0
ProductName : Brilliant Digital Entertainment Inc. BDEDownloader
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEDownloader
InternalName : BDEDownloader
LegalCopyright : Copyright © 2001 Brilliant Digital Entertainment Inc.
OriginalFilename : BDEDownloader.dll


BrilliantDigital Object Recognized!
Type : File
Data : bdefdi.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\Brilliant\
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEFdiTest
InternalName : BDEFdiTest
LegalCopyright : Copyright © 2000
OriginalFilename : BDEFdiTest.exe


Disk Scan Result for C:\WINDOWS\TEMP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 105

MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : .DEFAULT\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\radio\mrulist
Description : list of recently used stations in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\macromedia\dreamweaver 4\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3d

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .b3d
Value :

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .s3d
Value :

BrilliantDigital Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\TEMP\BDECache

BrilliantDigital Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\b3dlogo

BrilliantDigital Object Recognized!
Type : File
Data : setup.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\



BrilliantDigital Object Recognized!
Type : File
Data : bdeplayer2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\
FileVersion : 3, 1, 15, 0
ProductVersion : 3, 1, 15, 0
ProductName : BDEPlayer
CompanyName : Brilliant Digital
FileDescription : BDEPlayer
InternalName : BDEPlayer
LegalCopyright : Copyright © 2000
OriginalFilename : BDEPlayer.dll


BrilliantDigital Object Recognized!
Type : File
Data : BDEEngine2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\
FileVersion : 3, 1, 11, 0
ProductVersion : 3, 1, 11, 0
ProductName : BDEEngine
CompanyName : Brilliant Digital
FileDescription : BDEEngine
InternalName : BDEEngine
LegalCopyright : Copyright © 2000
OriginalFilename : BDEEngine.dll


BrilliantDigital Object Recognized!
Type : File
Data : bdeimage.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\
FileVersion : 3, 0, 18, 0
ProductVersion : 3, 0, 18, 0
ProductName : BDE BDEimage
CompanyName : Brilliant Digital Entertainment
FileDescription : BDEimage
InternalName : BDEimage
LegalCopyright : Copyright © 2001
OriginalFilename : BDEimage.dll


BrilliantDigital Object Recognized!
Type : File
Data : npbdplay2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\
FileVersion : 3, 0, 26, 0
ProductVersion : 3, 0, 26, 0
ProductName : Digital Projector v3.0.0.0
CompanyName : Brilliant Digital Entertainment
FileDescription : ActiveX and Netscape Navigator Plug-in for Brilliant Digital Technology
InternalName : npbdplay
LegalCopyright : Copyright 2000
OriginalFilename : npbdplay.dll


BrilliantDigital Object Recognized!
Type : File
Data : installb3d3105.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



BrilliantDigital Object Recognized!
Type : File
Data : installb3dviewer2.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



BrilliantDigital Object Recognized!
Type : File
Data : installb3dplayer3101.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



BrilliantDigital Object Recognized!
Type : File
Data : syscheckb3dplayer.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



BrilliantDigital Object Recognized!
Type : File
Data : installb3dcodecs.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



BrilliantDigital Object Recognized!
Type : File
Data : installb3drasts.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



BrilliantDigital Object Recognized!
Type : File
Data : b3dstats.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



BrilliantDigital Object Recognized!
Type : File
Data : b3d.b3d
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



BrilliantDigital Object Recognized!
Type : File
Data : playb3d3200.cab
Category : Data Miner
Comment :
Object : C:\WINDOWS\bde\cache\



Cydoor Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\AdCache

Cydoor Object Recognized!
Type : File
Data : $SptLght.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_597200.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_543400.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_547600.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_547700.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_505900.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_505901.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_505902.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_505903.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_505904.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_540300.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_546200.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_525400.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_539800.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_516300.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_510900.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_511000.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_532900.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_795400.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_564800.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_706200.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_706100.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_559600.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_524900.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_667800.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_525000.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_562400.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\adcache\



Cydoor Object Recognized!
Type : File
Data : B_534100
Seitenanfang Seitenende
28.12.2004, 23:30
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#40 #ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs
- Autovervollständigen-Einträge in Web-Formularen des IE (bisher
nur Win9x/ME)
- Download-Listen des Netscape/Opera

dann deaktiviere die Wiederherstellung, starte den PC neu und aktiviere sie wieder.

Dann lade dieses Tool (wird wahrscheinlich das andere AdAware ersetzen und scanne)

#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!

#Search&Destroy
http://www.safer-networking.org/de/download/index.html
------------------------------------------------------------------------------
Dann solltest du (nicht unbedingt heute ;) )
mal in die Registry gehen
Start<Ausfuehren <regedit (reinschreiben)

Bearbeiten-->suchen -->cydoor

und rechts in der Registry alles loeschen, was du findest dazu.
zum Beispiel:

HKEY_USERS\DEFAULT\software\cydoor

das ist Spyware, die Software mitgebracht hat, die du mal geladen hast .(Digital Projector v3.0.0.0)
die solltest du deinstallieren und dann alles in Windows und der Registry loeschen, was du findest (im AdAware-Log wird es ganz gut aufgelistet)

Das muss aber nicht HEUTE sein ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 28.12.2004 um 23:31 Uhr von Sabina editiert.
Seitenanfang Seitenende
28.12.2004, 23:43
anegada
Member

Beiträge: 19
#41 Hallo Sabina,
erst mal Danke:-)
für die schnellen Rückmeldungen von Dir.
Du mußt ja wohl auch ein gewaltiges Arbeitspensum täglich abarbeiten :-(

Ja, heute mache ich nichts mehr - mir ist jedoch aufgefallen, dass von dem ursprünglichen Trojaner TR/Krepper.Y nichts mehr zu sehen ist.
Oder sind die gemeldeten "Viren" und was sonst da so alles ist von diesem Trojaner?
Habe jetzt 4 Jahre den PC und mir ist sowas noch nie passiert.
Na ja, für heute erst mal
Gute Nacht aus Berlin
anegada
Seitenanfang Seitenende
29.12.2004, 21:40
anegada
Member

Beiträge: 19
#42 Hallo Sabina,
möchte mich anstandshalber nur kurz melden.
Mache mit o.a. Arbeit in den nächstenTagen weiter- komme im Moment aber nicht dazu, da das bestimmt wieder Stunden in Anspruch nimmt.
Habe aber heute den Firefox geladen und bin ganz zufrieden damit.
Kleine Haker hat er, aber das werde ich schon hinkriegen oder aber in Kauf nehmen, wenn er mich tatsächlich vor diesen fürchterlichen Viren bewahrt.

Herzliche Grüße
anegada
Seitenanfang Seitenende
31.12.2004, 22:30
anegada
Member

Beiträge: 19
#43 nochmals herzlichen Dank für Deine Hilfe
und einen

Guten Rutsch ins Neue Jahr

für Dich und alle, die hier im Forum geduldig auf die vielen Fragen antworten
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 123