CPU Auslastung 100%
8 Beiträge • Seite 1 von 1
von Lasios am 02.01.2005, 14:58
Könnte mir irgendjemand helfen?
ICh hab seit zwei Tag auf einaml irgendwie so zwei *lol* Programme in Programme Fils die sind Admilli Server und Zango...
Admilli Server sorgt dafür das mein Pc immer 100& COmputer Auslastung hat.... es sorgt für Probleme doch leider kann ich diese Progis nicht löschen könnte mir jemand helfen...? BITTE!
Logfile of HijackThis v1.99.0
Scan saved at 13:48:06, on 02.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Common files\updmgr\updmgr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe
C:\Programme\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\lerjen\LOKALE~1\Temp\Rar$EX00.188\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fightersofagony.com/
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [updmgr] C:\Programme\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int352345.exe -auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Programme\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... e-c139.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://de.wow-europe.com/support/webform/Si.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
ICh hab seit zwei Tag auf einaml irgendwie so zwei *lol* Programme in Programme Fils die sind Admilli Server und Zango...
Admilli Server sorgt dafür das mein Pc immer 100& COmputer Auslastung hat.... es sorgt für Probleme doch leider kann ich diese Progis nicht löschen könnte mir jemand helfen...? BITTE!
Logfile of HijackThis v1.99.0
Scan saved at 13:48:06, on 02.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Common files\updmgr\updmgr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe
C:\Programme\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\lerjen\LOKALE~1\Temp\Rar$EX00.188\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fightersofagony.com/
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [updmgr] C:\Programme\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int352345.exe -auto
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Programme\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... e-c139.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://de.wow-europe.com/support/webform/Si.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
- Lasios
- Beiträge: 15
- Registriert: 02.01.2005, 14:49
von Nikita am 02.01.2005, 17:26
Hallo@Lasios
Deaktivieren Wiederherstellung
«XP
http://service1.symantec.com/SUPPORT/IN ... 7105707924
(kann st dann nach der Reinigung wieder aktivieren)
Lade:
KillBox
http://www.bleepingcomputer.com/files/killbox.php
http://download.broadbandmedic.com/
#eScan
Lade:mwav.exe
http://bilder.informationsarchiv.net/Nikitas_Tools/
erstelle den Ordner c:\bases
mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen
gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/vi ... mode.shtml
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked"
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [updmgr] C:\Programme\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int352345.exe -auto -->Dialer
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... e-c139.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://de.wow-europe.com/support/webform/Si.cab
#Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"
Killbox:
Pfade reinkopieren:
<Delete File on Reboot
<Unregister .dll before deleting.”
und klick auf das rote Kreuz,
wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
Loesche: mit der Killbox:
C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
C:\Programme\Common files\updmgr\updmgr.exe
C:\Programme\websx\int352345.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
PC neustarten und wieder in den abgesicherten Modus gehen
Loesche definitiv:
<C:\Programme\Common files\
<C:\Program Files\Admilli Service
<C:\Programme\websx
<C:\Programme\Gemeinsame Dateien\CMEII
Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k
loeschen temporaere Dateien
C:\WINDOWS\Temp\
C:\Temp\
C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\
#C:\Windows\Downloaded Programm Files\ -->löschen
und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->und "Scan " klicken.
Gehe wieder in den Normalmodus
#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!
#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs
- Autovervollständigen-Einträge in Web-Formularen des IE (bisher
nur Win9x/ME)
- Download-Listen des Netscape/Opera
#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner
mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein
ene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
und ganz unten steht die zusammenfassung, diese auch hier posten / zusammen mit dem neuen Log vom HijackThis
Deaktivieren Wiederherstellung
«XP
http://service1.symantec.com/SUPPORT/IN ... 7105707924
(kann st dann nach der Reinigung wieder aktivieren)
Lade:
KillBox
http://www.bleepingcomputer.com/files/killbox.php
http://download.broadbandmedic.com/
#eScan
Lade:mwav.exe
http://bilder.informationsarchiv.net/Nikitas_Tools/
erstelle den Ordner c:\bases
mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen
gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/vi ... mode.shtml
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked"
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [updmgr] C:\Programme\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int352345.exe -auto -->Dialer
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... e-c139.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://de.wow-europe.com/support/webform/Si.cab
#Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"
Killbox:
Pfade reinkopieren:
<Delete File on Reboot
<Unregister .dll before deleting.”
und klick auf das rote Kreuz,
wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
Loesche: mit der Killbox:
C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
C:\Programme\Common files\updmgr\updmgr.exe
C:\Programme\websx\int352345.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
PC neustarten und wieder in den abgesicherten Modus gehen
Loesche definitiv:
<C:\Programme\Common files\
<C:\Program Files\Admilli Service
<C:\Programme\websx
<C:\Programme\Gemeinsame Dateien\CMEII
Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k
loeschen temporaere Dateien
C:\WINDOWS\Temp\
C:\Temp\
C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\
#C:\Windows\Downloaded Programm Files\ -->löschen
und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->und "Scan " klicken.
Gehe wieder in den Normalmodus
#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!
#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs
- Autovervollständigen-Einträge in Web-Formularen des IE (bisher
nur Win9x/ME)
- Download-Listen des Netscape/Opera
#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner
mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein
ene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
und ganz unten steht die zusammenfassung, diese auch hier posten / zusammen mit dem neuen Log vom HijackThis
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Lasios am 02.01.2005, 20:09
Ich bin dir so dankbar "fast" alles hat gut geklappt ! Hab gehört hier kann man Bewertungen zu Members abgeben wo denn? Werde dir ne super Wertung geben...
Also bei infected hats mir bei mwav nichts gefunden....
Zusammenf. : Sun Jan 02 18:00:57 2005 =>
**********************************************************
Sun Jan 02 18:00:57 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 18:00:57 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 18:00:57 2005 => **********************************************************
Sun Jan 02 18:00:57 2005 => Version 4.1.9
Sun Jan 02 18:00:57 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 18:00:57 2005 => Latest Date of files inside MWAV: 19 Feb 2004 00:03:36.
Sun Jan 02 18:01:00 2005 => AV Library Loaded...
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 18:01:01 2005 => Virus Database Date: 2004/02/19
Sun Jan 02 18:01:01 2005 => Virus Database Count: 84965
Sun Jan 02 18:01:08 2005 => **********************************************************
Sun Jan 02 18:01:08 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 18:01:08 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 18:01:08 2005 => **********************************************************
Sun Jan 02 18:01:08 2005 => Version 4.1.9
Sun Jan 02 18:01:08 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 18:01:08 2005 => Latest Date of files inside MWAV: 19 Feb 2004 00:03:36.
Sun Jan 02 18:01:08 2005 => AV Library Loaded...
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 18:01:08 2005 => Virus Database Date: 2004/02/19
Sun Jan 02 18:01:08 2005 => Virus Database Count: 84965
Sun Jan 02 18:01:46 2005 => **********************************************************
Sun Jan 02 18:01:46 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 18:01:46 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 18:01:46 2005 => **********************************************************
Sun Jan 02 18:01:46 2005 => Version 4.1.9
Sun Jan 02 18:01:46 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 18:01:46 2005 => Latest Date of files inside MWAV: 19 Feb 2004 00:03:36.
Sun Jan 02 18:01:46 2005 => AV Library Loaded...
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 18:01:46 2005 => Virus Database Date: 2004/02/19
Sun Jan 02 18:01:46 2005 => Virus Database Count: 84965
Sun Jan 02 18:02:48 2005 => **********************************************************
Sun Jan 02 18:02:48 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 18:02:48 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 18:02:48 2005 => **********************************************************
Sun Jan 02 18:02:48 2005 => Version 4.1.9
Sun Jan 02 18:02:48 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 18:02:48 2005 => Latest Date of files inside MWAV: 19 Feb 2004 00:03:36.
Sun Jan 02 18:02:49 2005 => AV Library Loaded...
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 18:02:49 2005 => Virus Database Date: 2004/02/19
Sun Jan 02 18:02:49 2005 => Virus Database Count: 84965
Und hie rnoch das neue Log:
Logfile of HijackThis v1.99.0
Scan saved at 19:09:08, on 02.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\lerjen\LOKALE~1\Temp\Rar$EX11.297\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.half-life2.de/news.php
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Programme\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... e-c139.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://de.wow-europe.com/support/webform/Si.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Also bei infected hats mir bei mwav nichts gefunden....
Zusammenf. : Sun Jan 02 18:00:57 2005 =>
**********************************************************
Sun Jan 02 18:00:57 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 18:00:57 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 18:00:57 2005 => **********************************************************
Sun Jan 02 18:00:57 2005 => Version 4.1.9
Sun Jan 02 18:00:57 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 18:00:57 2005 => Latest Date of files inside MWAV: 19 Feb 2004 00:03:36.
Sun Jan 02 18:01:00 2005 => AV Library Loaded...
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 18:01:00 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 18:01:01 2005 => Virus Database Date: 2004/02/19
Sun Jan 02 18:01:01 2005 => Virus Database Count: 84965
Sun Jan 02 18:01:08 2005 => **********************************************************
Sun Jan 02 18:01:08 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 18:01:08 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 18:01:08 2005 => **********************************************************
Sun Jan 02 18:01:08 2005 => Version 4.1.9
Sun Jan 02 18:01:08 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 18:01:08 2005 => Latest Date of files inside MWAV: 19 Feb 2004 00:03:36.
Sun Jan 02 18:01:08 2005 => AV Library Loaded...
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 18:01:08 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 18:01:08 2005 => Virus Database Date: 2004/02/19
Sun Jan 02 18:01:08 2005 => Virus Database Count: 84965
Sun Jan 02 18:01:46 2005 => **********************************************************
Sun Jan 02 18:01:46 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 18:01:46 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 18:01:46 2005 => **********************************************************
Sun Jan 02 18:01:46 2005 => Version 4.1.9
Sun Jan 02 18:01:46 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 18:01:46 2005 => Latest Date of files inside MWAV: 19 Feb 2004 00:03:36.
Sun Jan 02 18:01:46 2005 => AV Library Loaded...
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 18:01:46 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 18:01:46 2005 => Virus Database Date: 2004/02/19
Sun Jan 02 18:01:46 2005 => Virus Database Count: 84965
Sun Jan 02 18:02:48 2005 => **********************************************************
Sun Jan 02 18:02:48 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 18:02:48 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 18:02:48 2005 => **********************************************************
Sun Jan 02 18:02:48 2005 => Version 4.1.9
Sun Jan 02 18:02:48 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 18:02:48 2005 => Latest Date of files inside MWAV: 19 Feb 2004 00:03:36.
Sun Jan 02 18:02:49 2005 => AV Library Loaded...
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 18:02:49 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 18:02:49 2005 => Virus Database Date: 2004/02/19
Sun Jan 02 18:02:49 2005 => Virus Database Count: 84965
Und hie rnoch das neue Log:
Logfile of HijackThis v1.99.0
Scan saved at 19:09:08, on 02.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\lerjen\LOKALE~1\Temp\Rar$EX11.297\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.half-life2.de/news.php
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Programme\Valve\Steam\\Steam.exe -silent
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... e-c139.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://de.wow-europe.com/support/webform/Si.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
- Lasios
- Beiträge: 15
- Registriert: 02.01.2005, 14:49
von Nikita am 03.01.2005, 00:07
Hallo@Lasios
Ich bin kein Member, sondern Moderatorin
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... e-c139.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://de.wow-europe.com/support/webform/Si.cab
neustarten
Loesche:-->kannst du mit der Killbox machen
C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
C:\WINDOWS\Downloaded Program Files\bridge.dll
#C:\Windows\Downloaded Programm Files\ -->löschen
#Ad-aware SE Personal 1.05 Updated --->poste mir das Log vom Scan
http://fileforum.betanews.com/detail/965718306/1
Ad-Aware SE Settings
===========================
Festlegen : Nach unbedeutenden Risikoeinträgen suchen
Festlegen : Sicherer Modus (stets Bestätigung abfragen)
Festlegen : Aktive Prozesse scannen
Festlegen : Registrierung scannen
Festlegen : Registrierung gründlich scannen
Festlegen : IE-Favoriten nach gesperrten URLs durchsuchen
Festlegen : Hosts-Datei scannen
Extended Ad-Aware SE Settings
===========================
Festlegen : Ident. Proz./Mod. beim Scanning aus Speicher entf.
Festlegen : Reg. f. für alle Benutzer (nicht nur f. akt. Ben.) scannen
Festlegen : Vor dem Löschen stets versuchen, Module aus dem Speicher zu entfernen
Festlegen : Explorer/IE b. Löschen ggf. beenden und aus Speicher entf.
Festlegen : Geöffnete Dateien beim nächsten Neustart von Windows löschen lassen
Festlegen : Nach der Wiederherstellung Objekte unter Quarantäne löschen
Festlegen : Grundlegende Ad-Aware-Einstellungen protokollieren
Festlegen : Erweiterte Ad-Aware-Einstellungen protokollieren
Festlegen : Referenz-Zusammenfassung protokollieren
Festlegen : Details zu alternativen Datenströmen protokollieren
Festlegen : Wenn kritische Objekte identifiziert wurden, Scanlauf durch akustisches Signal abschließen
-------------------------------------------------------------------------------------------
Tip:
Surfe nicht mehr mit dem IE
#Alternativbrowser zum IE
Firefox
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/ ... ndex1.html
#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner
Defragmentierungs-Option
devilscrow22: arbeitsplatz--> lokaler datenträger--> rechtsklick--> eigenschaften--> extras--> jetzt defragmentieren
Ich bin kein Member, sondern Moderatorin
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... e-c139.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://de.wow-europe.com/support/webform/Si.cab
neustarten
Loesche:-->kannst du mit der Killbox machen
C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
C:\WINDOWS\Downloaded Program Files\bridge.dll
#C:\Windows\Downloaded Programm Files\ -->löschen
#Ad-aware SE Personal 1.05 Updated --->poste mir das Log vom Scan
http://fileforum.betanews.com/detail/965718306/1
Ad-Aware SE Settings
===========================
Festlegen : Nach unbedeutenden Risikoeinträgen suchen
Festlegen : Sicherer Modus (stets Bestätigung abfragen)
Festlegen : Aktive Prozesse scannen
Festlegen : Registrierung scannen
Festlegen : Registrierung gründlich scannen
Festlegen : IE-Favoriten nach gesperrten URLs durchsuchen
Festlegen : Hosts-Datei scannen
Extended Ad-Aware SE Settings
===========================
Festlegen : Ident. Proz./Mod. beim Scanning aus Speicher entf.
Festlegen : Reg. f. für alle Benutzer (nicht nur f. akt. Ben.) scannen
Festlegen : Vor dem Löschen stets versuchen, Module aus dem Speicher zu entfernen
Festlegen : Explorer/IE b. Löschen ggf. beenden und aus Speicher entf.
Festlegen : Geöffnete Dateien beim nächsten Neustart von Windows löschen lassen
Festlegen : Nach der Wiederherstellung Objekte unter Quarantäne löschen
Festlegen : Grundlegende Ad-Aware-Einstellungen protokollieren
Festlegen : Erweiterte Ad-Aware-Einstellungen protokollieren
Festlegen : Referenz-Zusammenfassung protokollieren
Festlegen : Details zu alternativen Datenströmen protokollieren
Festlegen : Wenn kritische Objekte identifiziert wurden, Scanlauf durch akustisches Signal abschließen
-------------------------------------------------------------------------------------------
Tip:
Surfe nicht mehr mit dem IE
#Alternativbrowser zum IE
Firefox
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/ ... ndex1.html
#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner
Defragmentierungs-Option
devilscrow22: arbeitsplatz--> lokaler datenträger--> rechtsklick--> eigenschaften--> extras--> jetzt defragmentieren
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Lasios am 03.01.2005, 00:45
Jetz gibts Probleme....
1.Problem : Die Datei C:\WINDOWS\Downloaded Program Files\bridge.dll kann nicht gefunden werden.
2.Problem: Ad-Aware SE Settings
Wenn ich den Scna starte muss der COmputer innert einer MInute neugestartet werden.
Hoffe du hast ne Lösung.
1.Problem : Die Datei C:\WINDOWS\Downloaded Program Files\bridge.dll kann nicht gefunden werden.
2.Problem: Ad-Aware SE Settings
Wenn ich den Scna starte muss der COmputer innert einer MInute neugestartet werden.
Hoffe du hast ne Lösung.
- Lasios
- Beiträge: 15
- Registriert: 02.01.2005, 14:49
von Nikita am 03.01.2005, 01:05
Fixe alles, was ich gepostet habe und dann gehe in den abgesicherten Modus und scanne dort.
Dann poste mir das Log vom Scan.
Dann poste mir das Log vom Scan.
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Lasios am 03.01.2005, 01:28
Ad-Aware SE Build 1.05
Logfile Created on:Montag, 3. Januar 2005 00:17:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
AltnetBDE(TAC index:4):35 total references
BrilliantDigital(TAC index:6):6 total references
Claria(TAC index:7):16 total references
Cydoor(TAC index:7):3 total references
MRU List(TAC index:0):33 total references
SahAgent(TAC index:9):56 total references
Search Relevancy(TAC index:5):8 total references
Tracking Cookie(TAC index:3):8 total references
Zango(TAC index:6):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
03.01.2005 00:17:08 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 156
ThreadCreationTime : 02.01.2005 23:15:16
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 204
ThreadCreationTime : 02.01.2005 23:15:28
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 228
ThreadCreationTime : 02.01.2005 23:15:30
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 02.01.2005 23:15:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 284
ThreadCreationTime : 02.01.2005 23:15:34
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 02.01.2005 23:15:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\lsp.dll)
SahAgent Object Recognized!
Type : Process
Data : lsp.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 472
ThreadCreationTime : 02.01.2005 23:15:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 736
ThreadCreationTime : 02.01.2005 23:16:16
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
#:9 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 896
ThreadCreationTime : 02.01.2005 23:16:59
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : ALTNET_DIR
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : SharedMediaDir
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : SharedMediaDir2
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : SharedFilesDir
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm.adm.1
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm.adm.1
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
Value :
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
Value : AppID
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm.adm
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm.adm
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
Value :
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
Value : AppID
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID
BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}
BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}
Value :
BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}
BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}
Value :
BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}
BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}
Value :
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : uets
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMI
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : LastInstall
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SSeq
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SEvt
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : PAK
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SiSeq
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SiH
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com
Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : AdwrCnt
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{cde442a3-dc2c-467e-a311-b4bc775d86c5}
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute.1
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute.1
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
Value : DisplayName
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
Value : UninstallString
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsock2\layered provider sample
Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Value :
Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : DisplayName
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : UninstallString
Zango Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : last_conn_h
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : last_conn_l
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : set_z_icon
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : set_z_start_icon
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : we
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : cdata
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : TimeOffset
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : geourl_last_full_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : geourl_current_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : actionurl_last_full_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : actionurl_current_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : keyword_last_full_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : keyword_current_version
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 97
Objects found so far: 98
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [TCP/IP]
SahAgent Object Recognized!
Type : File
Data : lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Object : C:\WINDOWS\System32\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [TCP/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [UDP/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [UDP/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [RAW/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [RAW/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent RSVP UDP Service Provider
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent RSVP UDP Service Provider
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent RSVP TCP Service Provider
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent RSVP TCP Service Provider
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE950FC-500D-439D-BB91-B30EFBE915D3}] SEQPACKET 0
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE950FC-500D-439D-BB91-B30EFBE915D3}] SEQPACKET 0
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE950FC-500D-439D-BB91-B30EFBE915D3}] DATAGRAM 0
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE950FC-500D-439D-BB91-B30EFBE915D3}] DATAGRAM 0
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C16A0B1-2BAB-4BF2-A9B6-74A8F34FAE07}] SEQPACKET 3
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C16A0B1-2BAB-4BF2-A9B6-74A8F34FAE07}] SEQPACKET 3
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C16A0B1-2BAB-4BF2-A9B6-74A8F34FAE07}] DATAGRAM 3
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C16A0B1-2BAB-4BF2-A9B6-74A8F34FAE07}] DATAGRAM 3
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE545ABC-7873-4BC5-A2E1-00B33602AE04}] SEQPACKET 1
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE545ABC-7873-4BC5-A2E1-00B33602AE04}] SEQPACKET 1
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE545ABC-7873-4BC5-A2E1-00B33602AE04}] DATAGRAM 1
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE545ABC-7873-4BC5-A2E1-00B33602AE04}] DATAGRAM 1
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE75006E-871A-4069-BF06-615993E480C7}] SEQPACKET 2
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE75006E-871A-4069-BF06-615993E480C7}] SEQPACKET 2
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE75006E-871A-4069-BF06-615993E480C7}] DATAGRAM 2
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE75006E-871A-4069-BF06-615993E480C7}] DATAGRAM 2
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 127
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@valueclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:lerjen@valueclick.com/
Expires : 27.12.2029 19:39:22
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@tracking.thunderdownloads[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:lerjen@tracking.thunderdownloads.com/
Expires : 27.09.2037 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@adtech[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:lerjen@adtech.de/
Expires : 31.12.2014 23:43:28
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@versiontracker[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:lerjen@versiontracker.com/
Expires : 02.01.2007 15:43:32
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:lerjen@doubleclick.net/
Expires : 02.01.2008 18:45:40
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:lerjen@tribalfusion.com/
Expires : 01.01.2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:lerjen@gamestar.de/cgi-bin/
Expires : 03.01.2005 18:45:50
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@servedby.netshelter[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:lerjen@servedby.netshelter.net/
Expires : 29.06.2021 14:48:54
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 135
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 135
SahAgent Object Recognized!
Type : File
Data : lsp.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 136
Cydoor Object Recognized!
Type : File
Data : cd_clint.dll
Category : Data Miner
Comment :
Object : C:\DOKUME~1\lerjen\LOKALE~1\Temp\
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
ProductName : cd_clint
FileDescription : cd_clint
InternalName : cd_clint
LegalCopyright : Copyright © 2003
OriginalFilename : cd_clint.dll
Disk Scan Result for C:\DOKUME~1\lerjen\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 137
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 137
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\kazaa\search
Description : list of recent searches performed with sharman networks kazaa
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\lerjen\Anwendungsdaten\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\lerjen\recent
Description : list of recently opened documents
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SahAgent Object Recognized!
Type : File
Data : vg.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
SahAgent Object Recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
SahAgent Object Recognized!
Type : File
Data : WEBInstaller.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 1, 1, 1, 34
ProductVersion : 1, 1, 1, 34
ProductName : WEBInstaller Module
FileDescription : WEBInstaller Module
InternalName : WEBInstaller
LegalCopyright : Copyright 2002
OriginalFilename : WEBInstaller.DLL
SahAgent Object Recognized!
Type : File
Data : xmlparse_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
SahAgent Object Recognized!
Type : File
Data : xmltok_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
SahAgent Object Recognized!
Type : File
Data : SAHUninstall.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : SAHUninstall
CompanyName : ShopAtHomeSelect
FileDescription : SAHUninstall
InternalName : SAHUninstall
LegalCopyright : Copyright © 2004
OriginalFilename : SAHUninstall.dll
SahAgent Object Recognized!
Type : File
Data : SahAgent.log
Category : Data Miner
Comment :
Object : c:\
SahAgent Object Recognized!
Type : File
Data : v.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\signingmodule.signingmodule.1
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\signingmodule.signingmodule.1
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\signingmodule.signingmodule
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\signingmodule.signingmodule
Value :
Claria Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Programme\Gator.com
Claria Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\..\GAIN Publishing
Claria Object Recognized!
Type : File
Data : GatorPatch.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\
Claria Object Recognized!
Type : File
Data : GatorPdpSetup.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\
SahAgent Object Recognized!
Type : File
Data : lsp_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
Search Relevancy Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Programme\SearchRelevancy
Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy.xml
Category : Misc
Comment :
Object : C:\Programme\searchrelevancy\
Search Relevancy Object Recognized!
Type : File
Data : uninstall.exe
Category : Misc
Comment :
Object : C:\Programme\searchrelevancy\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 190
00:19:13 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:04.500
Objects scanned:51531
Objects identified:156
Objects ignored:0
New critical objects:156
Logfile Created on:Montag, 3. Januar 2005 00:17:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
AltnetBDE(TAC index:4):35 total references
BrilliantDigital(TAC index:6):6 total references
Claria(TAC index:7):16 total references
Cydoor(TAC index:7):3 total references
MRU List(TAC index:0):33 total references
SahAgent(TAC index:9):56 total references
Search Relevancy(TAC index:5):8 total references
Tracking Cookie(TAC index:3):8 total references
Zango(TAC index:6):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
03.01.2005 00:17:08 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 156
ThreadCreationTime : 02.01.2005 23:15:16
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 204
ThreadCreationTime : 02.01.2005 23:15:28
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 228
ThreadCreationTime : 02.01.2005 23:15:30
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 02.01.2005 23:15:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 284
ThreadCreationTime : 02.01.2005 23:15:34
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 448
ThreadCreationTime : 02.01.2005 23:15:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
Warning! SahAgent Object found in memory(C:\WINDOWS\System32\lsp.dll)
SahAgent Object Recognized!
Type : Process
Data : lsp.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 472
ThreadCreationTime : 02.01.2005 23:15:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 736
ThreadCreationTime : 02.01.2005 23:16:16
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
#:9 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 896
ThreadCreationTime : 02.01.2005 23:16:59
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : ALTNET_DIR
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : SharedMediaDir
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : SharedMediaDir2
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : SharedFilesDir
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm.adm.1
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm.adm.1
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
Value :
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
Value : AppID
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm.adm
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm.adm
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
Value :
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
Value : AppID
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID
BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}
BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}
Value :
BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}
BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}
Value :
BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}
BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}
Value :
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : uets
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMI
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : LastInstall
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SSeq
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SEvt
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : PAK
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SiSeq
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SiH
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com
Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : AdwrCnt
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{30402ff4-3e71-4a1c-9b4b-1cd3486a9fb2}
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{cde442a3-dc2c-467e-a311-b4bc775d86c5}
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute.1
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webinstaller.execute.1
Value :
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
Value : DisplayName
SahAgent Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopathomeselect agent
Value : UninstallString
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup
SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\winsock2\layered provider sample
Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Value :
Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : DisplayName
Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : UninstallString
Zango Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : last_conn_h
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : last_conn_l
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : set_z_icon
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : set_z_start_icon
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : we
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : cdata
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : TimeOffset
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : geourl_last_full_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : geourl_current_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : actionurl_last_full_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : actionurl_current_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : keyword_last_full_version
Zango Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\zango
Value : keyword_current_version
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 97
Objects found so far: 98
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [TCP/IP]
SahAgent Object Recognized!
Type : File
Data : lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Object : C:\WINDOWS\System32\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [TCP/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [UDP/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [UDP/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [RAW/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD Tcpip [RAW/IP]
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent RSVP UDP Service Provider
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent RSVP UDP Service Provider
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent RSVP TCP Service Provider
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent RSVP TCP Service Provider
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE950FC-500D-439D-BB91-B30EFBE915D3}] SEQPACKET 0
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE950FC-500D-439D-BB91-B30EFBE915D3}] SEQPACKET 0
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE950FC-500D-439D-BB91-B30EFBE915D3}] DATAGRAM 0
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DE950FC-500D-439D-BB91-B30EFBE915D3}] DATAGRAM 0
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C16A0B1-2BAB-4BF2-A9B6-74A8F34FAE07}] SEQPACKET 3
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C16A0B1-2BAB-4BF2-A9B6-74A8F34FAE07}] SEQPACKET 3
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C16A0B1-2BAB-4BF2-A9B6-74A8F34FAE07}] DATAGRAM 3
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{8C16A0B1-2BAB-4BF2-A9B6-74A8F34FAE07}] DATAGRAM 3
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE545ABC-7873-4BC5-A2E1-00B33602AE04}] SEQPACKET 1
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE545ABC-7873-4BC5-A2E1-00B33602AE04}] SEQPACKET 1
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE545ABC-7873-4BC5-A2E1-00B33602AE04}] DATAGRAM 1
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{BE545ABC-7873-4BC5-A2E1-00B33602AE04}] DATAGRAM 1
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE75006E-871A-4069-BF06-615993E480C7}] SEQPACKET 2
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE75006E-871A-4069-BF06-615993E480C7}] SEQPACKET 2
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE75006E-871A-4069-BF06-615993E480C7}] DATAGRAM 2
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE75006E-871A-4069-BF06-615993E480C7}] DATAGRAM 2
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent
SahAgent Object Recognized!
Type : LSP
Data : C:\WINDOWS\System32\lsp.dll
Category : Data Miner
Comment : Layered Service Provider
Layered Service Provider: SAHagent
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 127
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@valueclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:lerjen@valueclick.com/
Expires : 27.12.2029 19:39:22
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@tracking.thunderdownloads[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:lerjen@tracking.thunderdownloads.com/
Expires : 27.09.2037 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@adtech[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:lerjen@adtech.de/
Expires : 31.12.2014 23:43:28
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@versiontracker[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:lerjen@versiontracker.com/
Expires : 02.01.2007 15:43:32
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:lerjen@doubleclick.net/
Expires : 02.01.2008 18:45:40
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:lerjen@tribalfusion.com/
Expires : 01.01.2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:lerjen@gamestar.de/cgi-bin/
Expires : 03.01.2005 18:45:50
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lerjen@servedby.netshelter[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:lerjen@servedby.netshelter.net/
Expires : 29.06.2021 14:48:54
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 135
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 135
SahAgent Object Recognized!
Type : File
Data : lsp.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 136
Cydoor Object Recognized!
Type : File
Data : cd_clint.dll
Category : Data Miner
Comment :
Object : C:\DOKUME~1\lerjen\LOKALE~1\Temp\
FileVersion : 3, 2, 1, 6
ProductVersion : 3, 2, 1, 6
ProductName : cd_clint
FileDescription : cd_clint
InternalName : cd_clint
LegalCopyright : Copyright © 2003
OriginalFilename : cd_clint.dll
Disk Scan Result for C:\DOKUME~1\lerjen\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 137
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 137
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\kazaa\search
Description : list of recent searches performed with sharman networks kazaa
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-789336058-492894223-725345543-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\lerjen\Anwendungsdaten\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\lerjen\recent
Description : list of recently opened documents
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SahAgent Object Recognized!
Type : File
Data : vg.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
SahAgent Object Recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
SahAgent Object Recognized!
Type : File
Data : WEBInstaller.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 1, 1, 1, 34
ProductVersion : 1, 1, 1, 34
ProductName : WEBInstaller Module
FileDescription : WEBInstaller Module
InternalName : WEBInstaller
LegalCopyright : Copyright 2002
OriginalFilename : WEBInstaller.DLL
SahAgent Object Recognized!
Type : File
Data : xmlparse_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
SahAgent Object Recognized!
Type : File
Data : xmltok_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
SahAgent Object Recognized!
Type : File
Data : SAHUninstall.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : SAHUninstall
CompanyName : ShopAtHomeSelect
FileDescription : SAHUninstall
InternalName : SAHUninstall
LegalCopyright : Copyright © 2004
OriginalFilename : SAHUninstall.dll
SahAgent Object Recognized!
Type : File
Data : SahAgent.log
Category : Data Miner
Comment :
Object : c:\
SahAgent Object Recognized!
Type : File
Data : v.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\signingmodule.signingmodule.1
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\signingmodule.signingmodule.1
Value :
AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\signingmodule.signingmodule
AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\signingmodule.signingmodule
Value :
Claria Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Programme\Gator.com
Claria Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\..\GAIN Publishing
Claria Object Recognized!
Type : File
Data : GatorPatch.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\
Claria Object Recognized!
Type : File
Data : GatorPdpSetup.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\
SahAgent Object Recognized!
Type : File
Data : lsp_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
Search Relevancy Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Programme\SearchRelevancy
Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy.xml
Category : Misc
Comment :
Object : C:\Programme\searchrelevancy\
Search Relevancy Object Recognized!
Type : File
Data : uninstall.exe
Category : Misc
Comment :
Object : C:\Programme\searchrelevancy\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 190
00:19:13 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:04.500
Objects scanned:51531
Objects identified:156
Objects ignored:0
New critical objects:156
- Lasios
- Beiträge: 15
- Registriert: 02.01.2005, 14:49
von Nikita am 03.01.2005, 02:40
Lade:
#LSPfix.exe
http://www10.brinkster.com/expl0iter/fr ... L2M/ts.htm
<"I know what I'm doing"
bringe die lsp.dll von der linken auf die rechte Seite und loesche sie.
Dann suche und loesche:
<C:\WINDOWS\downloaded program files\xmltok_.dll
<C:\WINDOWS\SAHUninstall.exe
<C:\Programme\searchrelevancy
<SahAgent
#LSPfix.exe
http://www10.brinkster.com/expl0iter/fr ... L2M/ts.htm
<"I know what I'm doing"
bringe die lsp.dll von der linken auf die rechte Seite und loesche sie.
Dann suche und loesche:
<C:\WINDOWS\downloaded program files\xmltok_.dll
<C:\WINDOWS\SAHUninstall.exe
<C:\Programme\searchrelevancy
<SahAgent