Ich hatte in der kategorie ``software-hilfe`` ein post eröffnet da mein system immer ausgelastet ist. Hier nun das logfile nach adaware, spybot, cwshredder:
Logfile of HijackThis v1.99.1
Scan saved at 20:58:09, on 06.03.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLDIAL.EXE
C:\PROGRAMME\ICQLITE\ICQLITE.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\PROGRAMME\AOL 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\AOL 9.0\WAOL.EXE
C:\PROGRAMME\AOL 9.0\SHELLMON.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O4 - Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04c5c40fc32 ... 601_de.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
hijackthis
25 Beiträge • Seite 1 von 2 • 1, 2
von Nikita am 08.03.2005, 15:33
Hallo@kaisde
•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen
und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen
und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von kaisde am 08.03.2005, 18:56
wo soll ich da auf bearbeiten klicken wenn ich das logfile geöffnet habe?
mfg kaisde
mfg kaisde
- kaisde
- Beiträge: 39
- Registriert: 30.01.2005, 21:14
von kaisde am 08.03.2005, 19:12
File C:\WINDOWS\WEBHDLL.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\PROGRAMME\TOOLBAR\TBPS.EXE infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
File C:\PROGRAMME\TOOLBAR\PIB.EXE infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
File C:\PROGRAMME\OUTLASTER\SHHOST.EXE infected by "Backdoor.Win32.Blarul.d" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHSURVEY.EXE infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHAGENT.EXE infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHIEHLPR.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\toolbar.dll infected by "not-a-virus:AdWare.WebSearch.o" Virus. Action Taken: No Action Taken.
File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\PROGRAMME\OUTLASTER\SHHOST.exe infected by "Backdoor.Win32.Blarul.d" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHSURVEY.EXE infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\TBPS.exe infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHAGENT.EXE infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\WEBHDLL.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\GL_B2A6.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMPOR~1\CONTENT.IE5\UL9AB6HK\Toolbar3[1].cab tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\WINDOWS\SYSTEM\Tools\Restart.exe tagged as not-a-virus:RiskWare.Tool.Destart. No Action Taken.
File C:\WINDOWS\TEMP\GL_B2A6.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Content.IE5\UL9AB6HK\Toolbar3[1].cab tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\WINDOWS\WEBHDLL.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\MP3\MP3 Player\sys\ebd.cab tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\whInstall\WhAgent.exe infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\WhSurvey.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\Webhdll.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\whiehlpr.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\NewDotNet\newdotnet3_88.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\IExploreSkins.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\Programme\Toolbar\common.dll infected by "not-a-virus:AdWare.WebSearch.l" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\PIB.exe infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Tools\Restart.exe tagged as not-a-virus:RiskWare.Tool.Destart. No Action Taken.
File C:\WINDOWS\TEMP\GL_B2A6.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Content.IE5\UL9AB6HK\Toolbar3[1].cab tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\WINDOWS\WEBHDLL.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\PROGRAMME\TOOLBAR\TBPS.EXE infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
File C:\PROGRAMME\TOOLBAR\PIB.EXE infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
File C:\PROGRAMME\OUTLASTER\SHHOST.EXE infected by "Backdoor.Win32.Blarul.d" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHSURVEY.EXE infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHAGENT.EXE infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL infected by "not-a-virus:AdWare.Wintol.t" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHIEHLPR.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\toolbar.dll infected by "not-a-virus:AdWare.WebSearch.o" Virus. Action Taken: No Action Taken.
File C:\Programme\NewDotNet\newdotnet6_38.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\PROGRAMME\OUTLASTER\SHHOST.exe infected by "Backdoor.Win32.Blarul.d" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHSURVEY.EXE infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\TBPS.exe infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
File C:\PROGRA~2\WEBHAN~1\PROGRAMS\WHAGENT.EXE infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\WEBHDLL.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\GL_B2A6.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\TEMPOR~1\CONTENT.IE5\UL9AB6HK\Toolbar3[1].cab tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\WINDOWS\SYSTEM\Tools\Restart.exe tagged as not-a-virus:RiskWare.Tool.Destart. No Action Taken.
File C:\WINDOWS\TEMP\GL_B2A6.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Content.IE5\UL9AB6HK\Toolbar3[1].cab tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\WINDOWS\WEBHDLL.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\Gemeinsame Dateien\aolback\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\MP3\MP3 Player\sys\ebd.cab tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
File C:\Programme\AOL 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Programme\whInstall\WhAgent.exe infected by "not-a-virus:AdWare.WebHancer.351" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\WhSurvey.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\Webhdll.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\whInstall\whiehlpr.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\Programme\NewDotNet\newdotnet3_88.dll infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\IExploreSkins.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\Programme\Toolbar\common.dll infected by "not-a-virus:AdWare.WebSearch.l" Virus. Action Taken: No Action Taken.
File C:\Programme\Toolbar\PIB.exe infected by "not-a-virus:AdWare.WebSearch.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Tools\Restart.exe tagged as not-a-virus:RiskWare.Tool.Destart. No Action Taken.
File C:\WINDOWS\TEMP\GL_B2A6.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Content.IE5\UL9AB6HK\Toolbar3[1].cab tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\WINDOWS\WEBHDLL.DLL infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\whInstaller.exe infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
- kaisde
- Beiträge: 39
- Registriert: 30.01.2005, 21:14
von Nikita am 09.03.2005, 20:39
Hallo@kaisde
•Try running this Winsock Repair Utility for Win98\ME:
http://downloads.subratam.org/WinsockFix.zip
•KillBox
http://www.bleepingcomputer.com/files/killbox.php
http://download.broadbandmedic.com/
•Delete File on Reboot <--anhaken
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
C:\Programme\Toolbar\toolbar.dll
C:\PROGRAMME\OUTLASTER\SHHOST.exe
C:\Programme\Toolbar\TBPS.exe
C:\Programme\whInstall\WhAgent.exe
C:\Programme\whInstall\whInstaller.exe
C:\Programme\whInstall\WhSurvey.exe
C:\Programme\Toolbar\IExploreSkins.exe
C:\Programme\Toolbar\common.dll
C:\Programme\Toolbar\PIB.exe
C:\WINDOWS\Temporary Internet Files\Content.IE5\UL9AB6HK\Toolbar3[1].cab
PC neustarten
dann scanne noch mal mit escan und poste das neue Log vom HijackThis
#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
•Try running this Winsock Repair Utility for Win98\ME:
http://downloads.subratam.org/WinsockFix.zip
•KillBox
http://www.bleepingcomputer.com/files/killbox.php
http://download.broadbandmedic.com/
•Delete File on Reboot <--anhaken
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
C:\Programme\Toolbar\toolbar.dll
C:\PROGRAMME\OUTLASTER\SHHOST.exe
C:\Programme\Toolbar\TBPS.exe
C:\Programme\whInstall\WhAgent.exe
C:\Programme\whInstall\whInstaller.exe
C:\Programme\whInstall\WhSurvey.exe
C:\Programme\Toolbar\IExploreSkins.exe
C:\Programme\Toolbar\common.dll
C:\Programme\Toolbar\PIB.exe
C:\WINDOWS\Temporary Internet Files\Content.IE5\UL9AB6HK\Toolbar3[1].cab
PC neustarten
dann scanne noch mal mit escan und poste das neue Log vom HijackThis
#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von kaisde am 09.03.2005, 23:33
Logfile of HijackThis v1.99.1
Scan saved at 22:32:47, on 09.03.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE
C:\PROGRAMME\TOOLBAR\TBPS.EXE
C:\PROGRAMME\TOOLBAR\PIB.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLDIAL.EXE
C:\PROGRAMME\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMME\ICQLITE\ICQLITE.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\PROGRAMME\AOL 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\AOL 9.0\WAOL.EXE
C:\PROGRAMME\AOL 9.0\SHELLMON.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\AOLTPSPD.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [shhost] C:\PROGRAMME\OUTLASTER\SHHOST.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAMME\EDONKEY2000\EDONKEY2000.EXE" -t
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O4 - Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04c5c40fc32 ... 601_de.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
Scan saved at 22:32:47, on 09.03.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE
C:\PROGRAMME\TOOLBAR\TBPS.EXE
C:\PROGRAMME\TOOLBAR\PIB.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLDIAL.EXE
C:\PROGRAMME\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMME\ICQLITE\ICQLITE.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\PROGRAMME\AOL 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\AOL 9.0\WAOL.EXE
C:\PROGRAMME\AOL 9.0\SHELLMON.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\AOLTPSPD.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [shhost] C:\PROGRAMME\OUTLASTER\SHHOST.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAMME\EDONKEY2000\EDONKEY2000.EXE" -t
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O4 - Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04c5c40fc32 ... 601_de.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
- kaisde
- Beiträge: 39
- Registriert: 30.01.2005, 21:14
von Nikita am 10.03.2005, 00:59
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [shhost] C:\PROGRAMME\OUTLASTER\SHHOST.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE /boot
PC neustarten
•KillBox
http://www.bleepingcomputer.com/files/killbox.php
•Delete File on Reboot <--anhaken
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"
C:\PROGRAMME\OUTLASTER\SHHOST.exe
C:\Programme\Toolbar\toolbar.dll
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSB.DLL
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\Programme\whInstall\WhAgent.exe
C:\Programme\whInstall\whInstaller.exe
C:\PROGRAMME\TOOLBAR\PIB.EXE
C:\PROGRAMME\TOOLBAR\TBPS.exe
C:\WINDOWS\WEBHDLL.DLL
C:\Programme\Toolbar\common.dll
PC neustarten
#RegCleaner
(Tip: Lade RegCleaner, stelle das Tool in Deutsch ein und saeubere ueber <Tools<Registry saeubern<alles durchfuehren < den PC (du kannst alles angezeigte Loeschen, denn es verbleibt eine Sicherung)
http://www.chip.de/downloads/c_downloads_8830516.html
#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann
dann poste das neue Log vom HijackThis
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von kaisde am 10.03.2005, 20:35
Bei killbox konnten folgende datein nicht gelöscht werden, der resr existiert nicht mehr:
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSB.DLL
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE
C:\PROGRAMME\TOOLBAR\PIB.EXE
C:\PROGRAMME\TOOLBAR\TBPS.exe
A-Aware log:
Ad-Aware SE Build 1.05
Logfile Created on:Donnerstag, 10. März 2005 19:26:55
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R32 10.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):161 total references
MRU List(TAC index:0):20 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
10.03.05 19:26:55 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293883265
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294943001
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294945025
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294949877
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:5 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294843901
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:6 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294853349
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:7 [AOLACSD.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\
ProcessID : 4294858253
Threads : 13
Priority : Normal
#:8 [WTOOLSA.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\
ProcessID : 4294894717
Threads : 7
Priority : Normal
#:9 [TBPS.EXE]
FilePath : C:\PROGRAMME\TOOLBAR\
ProcessID : 4294868129
Threads : 3
Priority : Realtime
#:10 [PIB.EXE]
FilePath : C:\PROGRAMME\TOOLBAR\
ProcessID : 4294773545
Threads : 2
Priority : Realtime
#:11 [WSUP.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\
ProcessID : 4294794701
Threads : 2
Priority : Normal
#:12 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294833693
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Betriebssystem Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : Windows-Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
#:13 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294706289
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:14 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294717965
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Systemanwendung für Taskleiste
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:15 [AOLDIAL.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\
ProcessID : 4294734993
Threads : 10
Priority : Normal
FileVersion : 2.6.6.3.DE.55
ProductVersion : 2.6.6.3.DE.55
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe
#:16 [DRAGDIAG.EXE]
FilePath : C:\PROGRAMME\ALCATEL\SPEEDTOUCH USB\
ProcessID : 4294828769
Threads : 2
Priority : Normal
FileVersion : 201.2.0.0
ProductVersion : 201.2.0.0
ProductName : SpeedTouch USB
CompanyName : THOMSON multimedia
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON multimedia 1999-2002
#:17 [ICQLITE.EXE]
FilePath : C:\PROGRAMME\ICQLITE\
ProcessID : 4294749445
Threads : 4
Priority : Normal
FileVersion : 20, 32, 2315, 0
ProductVersion : 20, 32, 2315, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe
#:18 [WINAMPA.EXE]
FilePath : C:\PROGRAMME\WINAMP\
ProcessID : 4294732045
Threads : 1
Priority : Normal
#:19 [MIXER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294744729
Threads : 1
Priority : Normal
FileVersion : 1.48
ProductVersion : 1.48
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright (C) 1997-2002
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih (min_chih@cmedia.com.tw)
#:20 [EDONKEY2000.EXE]
FilePath : C:\PROGRAMME\EDONKEY2000\
ProcessID : 4294730249
Threads : 9
Priority : Normal
#:21 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294707677
Threads : 4
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:22 [SISTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294671933
Threads : 1
Priority : Normal
FileVersion : 0.0.0.3620
ProductVersion : 0.0.0.3620
ProductName : SiS (R) Compatible Super VGA SiSTray application
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS Compatible Super VGA Tray Application
InternalName : SISTRAY 3.62.52
LegalCopyright : Copyright (C) Silicon Integrated Systems Corp. 1998-2004
OriginalFilename : SISTRAY.EXE
Comments : SiS Compatible Super VGA Tray Application
#:23 [AOLTRAY.EXE]
FilePath : C:\PROGRAMME\AOL 9.0\
ProcessID : 4294663517
Threads : 1
Priority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright (C) America Online, Inc. 1999 - 2004
#:24 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294592557
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:25 [AD-AWARE.EXE]
FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294538725
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\wtoolsb.resprotocol
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\wtoolsb.resprotocol
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wtoolsb.resprotocol
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wtoolsb.resprotocol
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginevents
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginevents
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginserver
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginserver
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginconfig
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginconfig
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.toolbarscript
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.toolbarscript
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindown
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindown
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugininst
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugininst
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hrl4nyirlx2j4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hr8g8kmi4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hrhrirlx2j4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hrhrirlx2j25s
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hrjy3ralsr4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hminlzz2ym5hx3rk4irx
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : a4ix
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : alk3hm
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : 4irx2y4mnrk
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : k25s4ak
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : z225s
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s2jr2bjy4x
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrbdlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczr8g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczr8g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrli
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrli
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrhri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrhri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrjy3ralsr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrjy3ralsr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : llrmli
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : llrm8g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkkrzl7
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkjhn2j
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkbd4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkixw4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : libkrzl7
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25swrx
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62lalk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62labd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62laiar2
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3t
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7i
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7iru
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzijyd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlcy4nhm5y
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmin2ym5hx3
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminml3r
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmina4czhijrx
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : wrxcyir
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinlk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rhri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rja
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlkbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rrihri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5yt
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5y1
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinrbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62larbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zrirua
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zriinya
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lk4mh4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 8g84xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : li4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkralk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrabd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrari
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrahri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkraja
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrl4nyhmin
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : n4hk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3rk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzzrwrz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 24irxi
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydmklnr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2lki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2bd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rrbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrrbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2xhr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zxhr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 28g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2z8g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2li
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zli
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{87766247-311c-43b4-8499-3d5fec94a183}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 141
Objects found so far: 141
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Disk Scan Result for C:\WINDOWS\SYSTEM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Disk Scan Result for C:\WINDOWS\TEMP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 141
MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : DisplayName
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : UninstallString
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : DisplayIcon
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : DisplayName
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : UninstallString
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : Publisher
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : URLInfoAbout
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : WinTools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : TBPS
IBIS Toolbar Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Programme\Toolbar
IBIS Toolbar Object Recognized!
Type : File
Data : PIB.exe
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : TBPS.exe
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : nzqlihv.wzg
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : yywr.wzg
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : yywsv.wzg
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : TBPS.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 181
19:28:08 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:12.770
Objects scanned:31581
Objects identified:161
Objects ignored:0
New critical objects:161
Dieser Toolbar-*lol* erscheint jedesmal im scan um die 200mal.
mfg kaisde
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSB.DLL
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE
C:\PROGRAMME\TOOLBAR\PIB.EXE
C:\PROGRAMME\TOOLBAR\TBPS.exe
A-Aware log:
Ad-Aware SE Build 1.05
Logfile Created on:Donnerstag, 10. März 2005 19:26:55
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R32 10.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):161 total references
MRU List(TAC index:0):20 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
10.03.05 19:26:55 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293883265
Threads : 4
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294943001
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294945025
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294949877
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:5 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294843901
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:6 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294853349
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:7 [AOLACSD.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\
ProcessID : 4294858253
Threads : 13
Priority : Normal
#:8 [WTOOLSA.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\
ProcessID : 4294894717
Threads : 7
Priority : Normal
#:9 [TBPS.EXE]
FilePath : C:\PROGRAMME\TOOLBAR\
ProcessID : 4294868129
Threads : 3
Priority : Realtime
#:10 [PIB.EXE]
FilePath : C:\PROGRAMME\TOOLBAR\
ProcessID : 4294773545
Threads : 2
Priority : Realtime
#:11 [WSUP.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\
ProcessID : 4294794701
Threads : 2
Priority : Normal
#:12 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294833693
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Betriebssystem Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : Windows-Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
#:13 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294706289
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:14 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294717965
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Systemanwendung für Taskleiste
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:15 [AOLDIAL.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\
ProcessID : 4294734993
Threads : 10
Priority : Normal
FileVersion : 2.6.6.3.DE.55
ProductVersion : 2.6.6.3.DE.55
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe
#:16 [DRAGDIAG.EXE]
FilePath : C:\PROGRAMME\ALCATEL\SPEEDTOUCH USB\
ProcessID : 4294828769
Threads : 2
Priority : Normal
FileVersion : 201.2.0.0
ProductVersion : 201.2.0.0
ProductName : SpeedTouch USB
CompanyName : THOMSON multimedia
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON multimedia 1999-2002
#:17 [ICQLITE.EXE]
FilePath : C:\PROGRAMME\ICQLITE\
ProcessID : 4294749445
Threads : 4
Priority : Normal
FileVersion : 20, 32, 2315, 0
ProductVersion : 20, 32, 2315, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe
#:18 [WINAMPA.EXE]
FilePath : C:\PROGRAMME\WINAMP\
ProcessID : 4294732045
Threads : 1
Priority : Normal
#:19 [MIXER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294744729
Threads : 1
Priority : Normal
FileVersion : 1.48
ProductVersion : 1.48
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright (C) 1997-2002
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih (min_chih@cmedia.com.tw)
#:20 [EDONKEY2000.EXE]
FilePath : C:\PROGRAMME\EDONKEY2000\
ProcessID : 4294730249
Threads : 9
Priority : Normal
#:21 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294707677
Threads : 4
Priority : Realtime
FileVersion : 4.09.00.0900
ProductVersion : 4.09.00.0900
ProductName : Microsoft® DirectX for Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2002
OriginalFilename : DDHelp.exe
#:22 [SISTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294671933
Threads : 1
Priority : Normal
FileVersion : 0.0.0.3620
ProductVersion : 0.0.0.3620
ProductName : SiS (R) Compatible Super VGA SiSTray application
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS Compatible Super VGA Tray Application
InternalName : SISTRAY 3.62.52
LegalCopyright : Copyright (C) Silicon Integrated Systems Corp. 1998-2004
OriginalFilename : SISTRAY.EXE
Comments : SiS Compatible Super VGA Tray Application
#:23 [AOLTRAY.EXE]
FilePath : C:\PROGRAMME\AOL 9.0\
ProcessID : 4294663517
Threads : 1
Priority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright (C) America Online, Inc. 1999 - 2004
#:24 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294592557
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:25 [AD-AWARE.EXE]
FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294538725
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\wtoolsb.resprotocol
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\wtoolsb.resprotocol
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wtoolsb.resprotocol
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wtoolsb.resprotocol
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginevents
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginevents
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginserver
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginserver
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginconfig
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginconfig
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.toolbarscript
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.toolbarscript
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindown
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindown
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugininst
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugininst
Value :
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hrl4nyirlx2j4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hr8g8kmi4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hrhrirlx2j4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hrhrirlx2j25s
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hrjy3ralsr4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : hminlzz2ym5hx3rk4irx
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : a4ix
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : alk3hm
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\wintools
Value : 4irx2y4mnrk
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : k25s4ak
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : z225s
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s2jr2bjy4x
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrbdlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczr8g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczr8g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrli
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrli
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrhri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrhri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrjy3ralsr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrjy3ralsr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : llrmli
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : llrm8g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkkrzl7
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkjhn2j
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkbd4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkixw4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : libkrzl7
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25swrx
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62lalk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62labd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62laiar2
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3t
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7i
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7iru
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzijyd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlcy4nhm5y
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmin2ym5hx3
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminml3r
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmina4czhijrx
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : wrxcyir
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinlk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rhri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rja
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlkbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rrihri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5yt
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5y1
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinrbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62larbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zrirua
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zriinya
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lk4mh4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 8g84xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : li4xz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkralk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrabd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrari
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrahri
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkraja
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrl4nyhmin
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : n4hk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3rk
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzzrwrz
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 24irxi
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydmklnr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2lki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrlki
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2bd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rrbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrrbd
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2xhr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zxhr
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 28g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2z8g8
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2li
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zli
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{87766247-311c-43b4-8499-3d5fec94a183}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 141
Objects found so far: 141
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Disk Scan Result for C:\WINDOWS\SYSTEM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Disk Scan Result for C:\WINDOWS\TEMP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 141
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 141
MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : DisplayName
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : UninstallString
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : DisplayIcon
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : DisplayName
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : UninstallString
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : Publisher
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : URLInfoAbout
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : WinTools
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : TBPS
IBIS Toolbar Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Programme\Toolbar
IBIS Toolbar Object Recognized!
Type : File
Data : PIB.exe
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : TBPS.exe
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : nzqlihv.wzg
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : yywr.wzg
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : yywsv.wzg
Category : Data Miner
Comment :
Object : C:\Programme\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : TBPS.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 181
19:28:08 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:12.770
Objects scanned:31581
Objects identified:161
Objects ignored:0
New critical objects:161
Dieser Toolbar-*lol* erscheint jedesmal im scan um die 200mal.
mfg kaisde
- kaisde
- Beiträge: 39
- Registriert: 30.01.2005, 21:14
von Nikita am 10.03.2005, 22:04
scanne noch mal mit escan--> loesche dann alles, was infected ist und poste das neue Log vom HijackTHis
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von Nikita am 11.03.2005, 15:23
nein, das Tool zeigt nur an--> loesche mit der Killbox oder manuell im abgesicherten Modus
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von kaisde am 12.03.2005, 15:23
Hi
PIB.EXE und TBPS.EXE können nicht gelöscht werden.
Logfile of HijackThis v1.99.1
Scan saved at 14:20:30, on 12.03.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLDIAL.EXE
C:\PROGRAMME\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMME\ICQLITE\ICQLITE.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\PROGRAMME\AOL 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\AOL 9.0\WAOL.EXE
C:\PROGRAMME\AOL 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\EDONKEY2000\EDONKEY2000.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\AOLTPSPD.EXE
C:\PROGRAMME\TOOLBAR\PIB.EXE
C:\PROGRAMME\TOOLBAR\TBPS.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programme\Toolbar\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programme\Toolbar\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programme\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAMME\EDONKEY2000\EDONKEY2000.EXE" -t
O4 - HKLM\..\Run: [TBPS] C:\Programme\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\Programme\Toolbar\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - HKCU\..\RunServicesOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O4 - Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04c5c40fc32 ... 601_de.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programme\Toolbar\toolbar.dll
PIB.EXE und TBPS.EXE können nicht gelöscht werden.
Logfile of HijackThis v1.99.1
Scan saved at 14:20:30, on 12.03.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLDIAL.EXE
C:\PROGRAMME\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMME\ICQLITE\ICQLITE.EXE
C:\PROGRAMME\WINAMP\WINAMPA.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\PROGRAMME\AOL 9.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\AOL 9.0\WAOL.EXE
C:\PROGRAMME\AOL 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\EDONKEY2000\EDONKEY2000.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\AOLTPSPD.EXE
C:\PROGRAMME\TOOLBAR\PIB.EXE
C:\PROGRAMME\TOOLBAR\TBPS.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programme\Toolbar\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programme\Toolbar\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programme\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAMME\EDONKEY2000\EDONKEY2000.EXE" -t
O4 - HKLM\..\Run: [TBPS] C:\Programme\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAMME\GEMEINSAME DATEIEN\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\Programme\Toolbar\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - HKCU\..\RunServicesOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O4 - Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04c5c40fc32 ... 601_de.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programme\Toolbar\toolbar.dll