Hallo zusammen!
Ich habe das Hijack Programm bei mir laufen lassen. Das Ergebnis ist mir nicht ganz klar.
Als böse eingestuft wurden der Date Manager und ein Programm das ich nicht kenne, CIEStub Class.
Als eventuell böse ist ein Programm, das mit eBay zu tun hat, HKCU\Software.
Als unbekannt wurde Freeram erkannt.
Als nicht gefährlich aber unnötig sind angegeben: Realplayer, C-Media Mixer, Cmaudio, Deskup, Babylon Translator, Microsoft Office, Date Manager, WinZip, Refresh, ICQ, Related, Show &Related und Last Minute Gebot.
Davon sind mir C-Media Mixer, Cmaudio, Deskup, Refresh, Related und Show &Related unbekannt.
Was soll ich mit diesem Ergebnis machen?
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
Backdoor.Lastdoor (?) --- C:\WINDOWS\RUNDLL32.EXE
16 Beiträge • Seite 1 von 2 • 1, 2
von automatix am 17.10.2004, 13:56
Logfile of HijackThis v1.98.2
Scan saved at 17:46:15, on 16.10.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\FREERAM\FREERAM.EXE
C:\PROGRAMME\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signin.ebay.de/aw-cgi/eBayISAPI.dll?SignIn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\SYSTEM\AMCIS2.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: 0190/0900 Warner Browser Helper - {D2F63D33-C571-41E9-9525-A17CA1804D3B} - C:\PROGRA~1\0190WA~1\WHELPER1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\PROGRAMME\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Refresh.lnk = C:\Programme\Internet Explorer\Connection Wizard\ICWRMIND.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12045dfe1f9 ... 601_de.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
Scan saved at 17:46:15, on 16.10.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\FREERAM\FREERAM.EXE
C:\PROGRAMME\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signin.ebay.de/aw-cgi/eBayISAPI.dll?SignIn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\SYSTEM\AMCIS2.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: 0190/0900 Warner Browser Helper - {D2F63D33-C571-41E9-9525-A17CA1804D3B} - C:\PROGRA~1\0190WA~1\WHELPER1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\PROGRAMME\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Refresh.lnk = C:\Programme\Internet Explorer\Connection Wizard\ICWRMIND.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12045dfe1f9 ... 601_de.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
- automatix
- Administrator
- Beiträge: 14686
- Registriert: 12.09.2004, 13:58
- Wohnort: 95138 Bad Steben
C:\WINDOWS\RUNDLL32.EXE\SubSeven.1_9C (?)Backdoor.Lastdoor
von Nikita am 17.10.2004, 16:01
Hallo @automatix
oeffne das HijackThis, hake an, was ich schreibe und <fix< und PC neustarten
O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\SYSTEM\AMCIS2.DLL
O4 - Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
neustarten
#ueberpruefe unbedingt (!)(es sind 2 aktiv)
C:\WINDOWS\RUNDLL32.EXE [SubSeven.1_9C backdoor (?)\Backdoor.Lastdoor (?)]
C:\WINDOWS\RUNDLL32.EXE
und poste mir das Ergebnis:
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.dhs.org/
#oeffne noch mal das HijackThs:
HijackThis<Config<Misc Tools<Delete a file on reboot< reinkopieren:
C:\WINDOWS\SYSTEM\AMCIS2.DLL <pc neustarten
Gehe in die Registry
und loesche rechts alle von diesen Eintraegen:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\AppInfo\DateManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Date Manager
schliesse die Registry
#Deinstalliere\Loesche
C:\Programme\Date Manager\DateManager.exe
[Spyware/adware based provided by The Gator Corporation]
loesche auch:
< dmuninstaller.exe
<trickler_bic_gatordm_4010.exe
#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
WÄHREND des Scanvorganges müssen ALLE sonstige Anwendungen beendet werden und alle Browserfenster müssen geschlossen sein!.
#Das eScan AV Toolkit (mwav.exe) herunterladen,
http://www.rokop-security.de/board/inde ... topic=3867
(Scanner in c:\bases entpacken
und danach die "kavupd.exe" (automatisches Update ueber DOS) ausführen. (oder unter Start<Ausfuehren<%temp% die kavupd.exe suchen) und anklicken
und den Scanner mit der "mwav.exe" starten. Alle Häkchen setzen :
Auswählen: Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives
<und "Scan " klicken.
<Öffne die mwav.log -> Bearbeiten -> Suchen ->
Wenn man infizierte Dateien in dem eScan Log finden will, sollte man nach infected suchen und die Eintraege hier posten,
und das neue Log vom HijackThis auch noch mal posten.
mfg
Nikita
http://securityresponse.symantec.com/av ... tdoor.html
http://securityresponse.symantec.com/av ... rojan.html
oeffne das HijackThis, hake an, was ich schreibe und <fix< und PC neustarten
O2 - BHO: CIEStub Class - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\SYSTEM\AMCIS2.DLL
O4 - Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
neustarten
#ueberpruefe unbedingt (!)(es sind 2 aktiv)
C:\WINDOWS\RUNDLL32.EXE [SubSeven.1_9C backdoor (?)\Backdoor.Lastdoor (?)]
C:\WINDOWS\RUNDLL32.EXE
und poste mir das Ergebnis:
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.dhs.org/
#oeffne noch mal das HijackThs:
HijackThis<Config<Misc Tools<Delete a file on reboot< reinkopieren:
C:\WINDOWS\SYSTEM\AMCIS2.DLL <pc neustarten
Gehe in die Registry
und loesche rechts alle von diesen Eintraegen:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\AppInfo\DateManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Date Manager
schliesse die Registry
#Deinstalliere\Loesche
C:\Programme\Date Manager\DateManager.exe
[Spyware/adware based provided by The Gator Corporation]
loesche auch:
< dmuninstaller.exe
<trickler_bic_gatordm_4010.exe
#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
WÄHREND des Scanvorganges müssen ALLE sonstige Anwendungen beendet werden und alle Browserfenster müssen geschlossen sein!.
#Das eScan AV Toolkit (mwav.exe) herunterladen,
http://www.rokop-security.de/board/inde ... topic=3867
(Scanner in c:\bases entpacken
und danach die "kavupd.exe" (automatisches Update ueber DOS) ausführen. (oder unter Start<Ausfuehren<%temp% die kavupd.exe suchen) und anklicken
und den Scanner mit der "mwav.exe" starten. Alle Häkchen setzen :
Auswählen: Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives
<und "Scan " klicken.
<Öffne die mwav.log -> Bearbeiten -> Suchen ->
Wenn man infizierte Dateien in dem eScan Log finden will, sollte man nach infected suchen und die Eintraege hier posten,
und das neue Log vom HijackThis auch noch mal posten.
mfg
Nikita
http://securityresponse.symantec.com/av ... tdoor.html
http://securityresponse.symantec.com/av ... rojan.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von automatix am 17.10.2004, 18:10
Service load: 0% 100%
File: Rundll.exe
Status: OK
Packers detected: None
AntiVir No viruses found (2.34 seconds taken)
Avast No viruses found (4.97 seconds taken)
BitDefender No viruses found (3.93 seconds taken)
ClamAV No viruses found (7.61 seconds taken)
Dr.Web No viruses found (4.48 seconds taken)
F-Prot Antivirus No viruses found (0.38 seconds taken)
Kaspersky Anti-Virus No viruses found (4.13 seconds taken)
mks_vir No viruses found (1.41 seconds taken)
NOD32 No viruses found (2.24 seconds taken)
Norman Virus Control No viruses found (1.25 seconds taken)
Statistics
Last piece of malware found was Win32/TrojanNotifier.Coorat.A in win32_shell.dll, detected by:
Scanner Malware name Time taken
AntiVir TR/Notifiy.Coorat.A 3.53 seconds
Avast X 6.51 seconds
BitDefender X 11.58 seconds
ClamAV X 24.52 seconds
Dr.Web Trojan.Sktop 11.98 seconds
F-Prot Antivirus X 1.14 seconds
Kaspersky Anti-Virus TrojanNotifier.Win32.Coorat.a 11.98 seconds
mks_vir Trojan.Trojannotifier.Coorat.A 5.14 seconds
NOD32 Win32/TrojanNotifier.Coorat.A 7.24 seconds
Norman Virus Control X 3.84 seconds
Service statistics:
1427 files (1052 of those unique) have been uploaded & scanned since 12/10/2004, the day of the last database purge.
367 of those 1052 files contained a virus or any other form of
malware.
This page has been visited 3786 times in this time period.
This service managed to spot 23 pieces of malware no vendor used
knew about at the time of uploading.
The service also warned against 118 suspicious files without any
help from scanner results.
However, 4 files reported to be OK were found out to be malwar later (this is checked daily).
As far as can be told, all this together makes this service 99.62% accurate. However, since it is very well possible malware has been
uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.
Most popular malware:
Rank Malware name Uploaded Last known filename
1 tr/exploit.ms04-28 24 times Exploit.Win32.MS04-028.gen.zip
2 backdoor.sdbot.gen 15 times aas.exe
3 bds/picharad 12 times winset32.exe
4 trojan.isbar.83 11 times opr0371I.js
5 behaveslike:win32.p2p-worm 10 times novarg_upx.zip
6 backdoor.hackarmy.1.gen 7 times main.exe
7 win32:trojan-gen. 7 times Ghost.exe.mwt
8 worm/mabutu.a 7 times photo.zip
9 win32.hllw.forbot.based 6 times lsass2.exe
10 win32:trojan-gen. {other} 6 times MDownloader0.exe
11 tr/spy.delitall.b 6 times winagent.exe
12 tr/winreg.b 5 times Virus Files.zip
13 trojan.downloader.768 5 times Doc2.doc
14 behaveslike:trojan.downloader 5 times e9xr2.chm
15 win32/hpt.j 5 times taskmgn.exe
Service load: 0% 100%
File: Rundll32.exe
Status: OK
Packers detected: None
AntiVir No viruses found (1.55 seconds taken)
Avast No viruses found (4.63 seconds taken)
BitDefender No viruses found (2.70 seconds taken)
ClamAV No viruses found (7.72 seconds taken)
Dr.Web No viruses found (4.53 seconds taken)
F-Prot Antivirus No viruses found (0.37 seconds taken)
Kaspersky Anti-Virus No viruses found (4.12 seconds taken)
mks_vir No viruses found (1.48 seconds taken)
NOD32 No viruses found (2.28 seconds taken)
Norman Virus Control No viruses found (2.91 seconds taken)
Statistics
Last piece of malware found was Frantes.A@mm in euro.exe.worm, detected by:
Scanner Malware name Time taken
AntiVir Worm/Tettona 1.67 seconds
Avast Win32:Tettona 4.68 seconds
BitDefender Win32.Tattona.A@mm 3.65 seconds
ClamAV W32.Higuy 7.68 seconds
Dr.Web Win32.HLLM.Tettona 5.13 seconds
F-Prot Antivirus W32/HLLW.Tettona 0.40 seconds
Kaspersky Anti-Virus I-Worm.Tettona 4.18 seconds
mks_vir Trojan.Euro 1.40 seconds
NOD32 Win32/Frantes.A 2.33 seconds
Norman Virus Control Frantes.A@mm 1.16 seconds
Service statistics:
1429 files (1054 of those unique) have been uploaded & scanned
since 12/10/2004, the day of the last database purge.
368 of those 1054 files contained a virus or any other form of malware.
This page has been visited 3789 times in this time period.
This service managed to spot 23 pieces of malware no vendor used
knew about at the time of uploading.
The service also warned against 118 suspicious files without any
help from scanner results.
However, 4 files reported to be OK were found out to be malware
later (this is checked daily).
As far as can be told, all this together makes this service 99.62%
accurate. However, since it is very well possible malware has been
uploaded no scanner knows about at this time, this number is to be
taken with a proper amount of skepticism.
Most popular malware:
Rank Malware name Uploaded Last known filename
1 tr/exploit.ms04-28 24 times Exploit.Win32.MS04-028.gen.zip
2 backdoor.sdbot.gen 15 times aas.exe
3 bds/picharad 12 times winset32.exe
4 trojan.isbar.83 11 times opr0371I.js
5 behaveslike:win32.p2p-worm 10 times novarg_upx.zip
6 backdoor.hackarmy.1.gen 7 times main.exe
7 win32:trojan-gen. 7 times Ghost.exe.mwt
8 worm/mabutu.a 7 times photo.zip
9 win32.hllw.forbot.based 6 times lsass2.exe
10 win32:trojan-gen. {other} 6 times MDownloader0.exe
11 tr/spy.delitall.b 6 times winagent.exe
12 tr/winreg.b 5 times Virus Files.zip
13 trojan.downloader.768 5 times Doc2.doc
14 behaveslike:trojan.downloader 5 times e9xr2.chm
15 win32/hpt.j 5 times taskmgn.exe
Logfile of HijackThis v1.98.2
Scan saved at 18:10:42, on 17.10.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\FREERAM\FREERAM.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\EIGENE DATEIEN\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signin.ebay.de/aw-cgi/eBayISAPI.dll?SignIn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\PROGRAMME\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Refresh.lnk = C:\Programme\Internet Explorer\Connection Wizard\ICWRMIND.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12045dfe1f9 ... 601_de.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
File: Rundll.exe
Status: OK
Packers detected: None
AntiVir No viruses found (2.34 seconds taken)
Avast No viruses found (4.97 seconds taken)
BitDefender No viruses found (3.93 seconds taken)
ClamAV No viruses found (7.61 seconds taken)
Dr.Web No viruses found (4.48 seconds taken)
F-Prot Antivirus No viruses found (0.38 seconds taken)
Kaspersky Anti-Virus No viruses found (4.13 seconds taken)
mks_vir No viruses found (1.41 seconds taken)
NOD32 No viruses found (2.24 seconds taken)
Norman Virus Control No viruses found (1.25 seconds taken)
Statistics
Last piece of malware found was Win32/TrojanNotifier.Coorat.A in win32_shell.dll, detected by:
Scanner Malware name Time taken
AntiVir TR/Notifiy.Coorat.A 3.53 seconds
Avast X 6.51 seconds
BitDefender X 11.58 seconds
ClamAV X 24.52 seconds
Dr.Web Trojan.Sktop 11.98 seconds
F-Prot Antivirus X 1.14 seconds
Kaspersky Anti-Virus TrojanNotifier.Win32.Coorat.a 11.98 seconds
mks_vir Trojan.Trojannotifier.Coorat.A 5.14 seconds
NOD32 Win32/TrojanNotifier.Coorat.A 7.24 seconds
Norman Virus Control X 3.84 seconds
Service statistics:
1427 files (1052 of those unique) have been uploaded & scanned since 12/10/2004, the day of the last database purge.
367 of those 1052 files contained a virus or any other form of
malware.
This page has been visited 3786 times in this time period.
This service managed to spot 23 pieces of malware no vendor used
knew about at the time of uploading.
The service also warned against 118 suspicious files without any
help from scanner results.
However, 4 files reported to be OK were found out to be malwar later (this is checked daily).
As far as can be told, all this together makes this service 99.62% accurate. However, since it is very well possible malware has been
uploaded no scanner knows about at this time, this number is to be taken with a proper amount of skepticism.
Most popular malware:
Rank Malware name Uploaded Last known filename
1 tr/exploit.ms04-28 24 times Exploit.Win32.MS04-028.gen.zip
2 backdoor.sdbot.gen 15 times aas.exe
3 bds/picharad 12 times winset32.exe
4 trojan.isbar.83 11 times opr0371I.js
5 behaveslike:win32.p2p-worm 10 times novarg_upx.zip
6 backdoor.hackarmy.1.gen 7 times main.exe
7 win32:trojan-gen. 7 times Ghost.exe.mwt
8 worm/mabutu.a 7 times photo.zip
9 win32.hllw.forbot.based 6 times lsass2.exe
10 win32:trojan-gen. {other} 6 times MDownloader0.exe
11 tr/spy.delitall.b 6 times winagent.exe
12 tr/winreg.b 5 times Virus Files.zip
13 trojan.downloader.768 5 times Doc2.doc
14 behaveslike:trojan.downloader 5 times e9xr2.chm
15 win32/hpt.j 5 times taskmgn.exe
Service load: 0% 100%
File: Rundll32.exe
Status: OK
Packers detected: None
AntiVir No viruses found (1.55 seconds taken)
Avast No viruses found (4.63 seconds taken)
BitDefender No viruses found (2.70 seconds taken)
ClamAV No viruses found (7.72 seconds taken)
Dr.Web No viruses found (4.53 seconds taken)
F-Prot Antivirus No viruses found (0.37 seconds taken)
Kaspersky Anti-Virus No viruses found (4.12 seconds taken)
mks_vir No viruses found (1.48 seconds taken)
NOD32 No viruses found (2.28 seconds taken)
Norman Virus Control No viruses found (2.91 seconds taken)
Statistics
Last piece of malware found was Frantes.A@mm in euro.exe.worm, detected by:
Scanner Malware name Time taken
AntiVir Worm/Tettona 1.67 seconds
Avast Win32:Tettona 4.68 seconds
BitDefender Win32.Tattona.A@mm 3.65 seconds
ClamAV W32.Higuy 7.68 seconds
Dr.Web Win32.HLLM.Tettona 5.13 seconds
F-Prot Antivirus W32/HLLW.Tettona 0.40 seconds
Kaspersky Anti-Virus I-Worm.Tettona 4.18 seconds
mks_vir Trojan.Euro 1.40 seconds
NOD32 Win32/Frantes.A 2.33 seconds
Norman Virus Control Frantes.A@mm 1.16 seconds
Service statistics:
1429 files (1054 of those unique) have been uploaded & scanned
since 12/10/2004, the day of the last database purge.
368 of those 1054 files contained a virus or any other form of malware.
This page has been visited 3789 times in this time period.
This service managed to spot 23 pieces of malware no vendor used
knew about at the time of uploading.
The service also warned against 118 suspicious files without any
help from scanner results.
However, 4 files reported to be OK were found out to be malware
later (this is checked daily).
As far as can be told, all this together makes this service 99.62%
accurate. However, since it is very well possible malware has been
uploaded no scanner knows about at this time, this number is to be
taken with a proper amount of skepticism.
Most popular malware:
Rank Malware name Uploaded Last known filename
1 tr/exploit.ms04-28 24 times Exploit.Win32.MS04-028.gen.zip
2 backdoor.sdbot.gen 15 times aas.exe
3 bds/picharad 12 times winset32.exe
4 trojan.isbar.83 11 times opr0371I.js
5 behaveslike:win32.p2p-worm 10 times novarg_upx.zip
6 backdoor.hackarmy.1.gen 7 times main.exe
7 win32:trojan-gen. 7 times Ghost.exe.mwt
8 worm/mabutu.a 7 times photo.zip
9 win32.hllw.forbot.based 6 times lsass2.exe
10 win32:trojan-gen. {other} 6 times MDownloader0.exe
11 tr/spy.delitall.b 6 times winagent.exe
12 tr/winreg.b 5 times Virus Files.zip
13 trojan.downloader.768 5 times Doc2.doc
14 behaveslike:trojan.downloader 5 times e9xr2.chm
15 win32/hpt.j 5 times taskmgn.exe
Logfile of HijackThis v1.98.2
Scan saved at 18:10:42, on 17.10.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\FREERAM\FREERAM.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\EIGENE DATEIEN\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signin.ebay.de/aw-cgi/eBayISAPI.dll?SignIn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\PROGRAMME\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Refresh.lnk = C:\Programme\Internet Explorer\Connection Wizard\ICWRMIND.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12045dfe1f9 ... 601_de.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
- automatix
- Administrator
- Beiträge: 14686
- Registriert: 12.09.2004, 13:58
- Wohnort: 95138 Bad Steben
C:\WINDOWS\dllmgr32.exe----Win32.Frantes
von Nikita am 17.10.2004, 18:41
Hallo@automatix
die beiden
C:\WINDOWS\RUNDLL32.EXE sind noch aktiv.
Hast du mit eScan gescannt ????
Gehe in die Registry
und suche + loesche rechts in der Registry diesen Schluessel:
<HKCU\Software\Microsoft\WAB\WAB4\Wab File Name
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\DllManager=C:\WINDOWS\dllmgr32.exe
Suche und loesche:
<euro.exe
<win32_shell.dll
<C:\WINDOWS\dllmgr32.dat
<C:\WINDOWS\dllmgr32.exe
Mache auch noch diese Onlinescanns.
Online-Scann <f-secure<
http://support.f-secure.com/enu/home/ols.shtml
#McAfee FreeScan (Online)
www.mcafee.com/myapps/mfs/default.asp
#Internet Explorer 6 Service Pack 1
http://www.microsoft.com/downloads/deta ... B602228DE6
Dann berichte , was die 3 Scanner gefunden haben.
mfg
Nikita
______________________________________________________
TrojanNotifier
otifier Trojan (generic description)
TrojanNotifier is usually a standalone application that notifies someone about some event. For example a notifier can inform an author of a backdoor that it is installed on a computer with specific IP address on a specific port. In many cases such functionality is built-in in most of present day malware, but in some cases notifiers can be standalone files. Notifiers can send e-mails, instant messages or contact certain websites to inform malware authors about certain events.
http://www.f-secure.com/v-descs/trojnotf.shtml
Win32.Frantes.A
t copies itself to " dllmgr32.exe " in the Windows directory, and adds the following registry value so it is run each time Windows starts:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DllManager="[Windows]\dllmgr32.exe"
The worm finds the Windows address book file by checking the following registry value:
HKCU\Software\Microsoft\WAB\WAB4\Wab File Name
It then uses it's own SMTP code to send itself to addresses taken from this file. It also creates a file called " dllmgr32.dat " in the Windows directory once it has sent itself, and doesn't send again if this file exists.
In addition, the worm acts as a backdoor , listening for remote connections on TCP port 5001. It allows a malicious user to perform remote actions such as viewing and executing files on the infected machine.
http://www3.ca.com/securityadvisor/viru ... x?id=12325
**
Several minutes after this DLLMGR32.EXE file is run, it retrieves the default SMTP Display Name, Email Address, and Server from the registry:
* HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\
http://us.mcafee.com/virusInfo/default. ... us_k=99524
die beiden
C:\WINDOWS\RUNDLL32.EXE sind noch aktiv.
Hast du mit eScan gescannt ????
Gehe in die Registry
und suche + loesche rechts in der Registry diesen Schluessel:
<HKCU\Software\Microsoft\WAB\WAB4\Wab File Name
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\DllManager=C:\WINDOWS\dllmgr32.exe
Suche und loesche:
<euro.exe
<win32_shell.dll
<C:\WINDOWS\dllmgr32.dat
<C:\WINDOWS\dllmgr32.exe
Mache auch noch diese Onlinescanns.
Online-Scann <f-secure<
http://support.f-secure.com/enu/home/ols.shtml
#McAfee FreeScan (Online)
www.mcafee.com/myapps/mfs/default.asp
#Internet Explorer 6 Service Pack 1
http://www.microsoft.com/downloads/deta ... B602228DE6
Dann berichte , was die 3 Scanner gefunden haben.
mfg
Nikita
______________________________________________________
TrojanNotifier
otifier Trojan (generic description)
TrojanNotifier is usually a standalone application that notifies someone about some event. For example a notifier can inform an author of a backdoor that it is installed on a computer with specific IP address on a specific port. In many cases such functionality is built-in in most of present day malware, but in some cases notifiers can be standalone files. Notifiers can send e-mails, instant messages or contact certain websites to inform malware authors about certain events.
http://www.f-secure.com/v-descs/trojnotf.shtml
Win32.Frantes.A
t copies itself to " dllmgr32.exe " in the Windows directory, and adds the following registry value so it is run each time Windows starts:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DllManager="[Windows]\dllmgr32.exe"
The worm finds the Windows address book file by checking the following registry value:
HKCU\Software\Microsoft\WAB\WAB4\Wab File Name
It then uses it's own SMTP code to send itself to addresses taken from this file. It also creates a file called " dllmgr32.dat " in the Windows directory once it has sent itself, and doesn't send again if this file exists.
In addition, the worm acts as a backdoor , listening for remote connections on TCP port 5001. It allows a malicious user to perform remote actions such as viewing and executing files on the infected machine.
http://www3.ca.com/securityadvisor/viru ... x?id=12325
**
Several minutes after this DLLMGR32.EXE file is run, it retrieves the default SMTP Display Name, Email Address, and Server from the registry:
* HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\
http://us.mcafee.com/virusInfo/default. ... us_k=99524
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von automatix am 31.10.2004, 23:35
Hallo nikita!
Also, das Programm Ad-Aware SE Personal habe ich durchgeführt. Das Ergebnis ist folgendes:
Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 31. Oktober 2004 10:32:38
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Aureate(TAC index:5):24 total references
Claria(TAC index:7):3 total references
MRU List(TAC index:0):19 total references
TopMoxie(TAC index:3):3 total references
Tracking Cookie(TAC index:3):28 total references
WinAD(TAC index:7):1 total references
WinFavorites(TAC index:6):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
31.10.04 10:32:38 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291797607
Threads : 7
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294940291
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294961943
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294951767
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294860851
Threads : 2
Priority : Normal
FileVersion : 4.71.1968.1
ProductVersion : 4.71.1968.1
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [VSMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\ZONELABS\
ProcessID : 4294864251
Threads : 15
Priority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:7 [ADSERVICE.EXE]
FilePath : C:\PROGRAMME\IOMEGA\AUTODISK\
ProcessID : 4294877331
Threads : 4
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe
#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294958963
Threads : 15
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Betriebssystem Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : Windows-Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
#:9 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294711719
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:10 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294710147
Threads : 2
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Applet für die Taskleiste
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1999
OriginalFilename : SYSTRAY.EXE
#:11 [TOADIMON.EXE]
FilePath : C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\
ProcessID : 4294727291
Threads : 1
Priority : Normal
FileVersion : 2.12.10
ProductVersion : 2.00
ProductName : Marmiko IT-Solutions GmbH DialAssistent Component
CompanyName : Marmiko IT-Solutions GmbH
FileDescription : T-Online Verbindungsassistent
InternalName : ToADiMon
LegalCopyright : Copyright © Marmiko IT-Solutions GmbH 2000-2003, Copyright © T-Online International AG 2001-2003
OriginalFilename : ToADiMon.EXE
#:12 [WARN0190.EXE]
FilePath : C:\PROGRAMME\0190 WARNER\
ProcessID : 4294724447
Threads : 6
Priority : Normal
FileVersion : 4.0.0.206
ProductVersion : 4.0
ProductName : 0190 Warner / 0900 Warner
CompanyName : Mirko Böer
FileDescription : 0190 Warner / 0900 Warner
LegalCopyright : Copyright © 2001 - 2003 Mirko Böer
Comments : http://www.wt-rate.com/
#:13 [AVGCTRL.EXE]
FilePath : C:\PROGRAMME\AVPERSONAL\
ProcessID : 4294743391
Threads : 2
Priority : Normal
#:14 [REALPLAY.EXE]
FilePath : C:\PROGRAMME\REALPLAYER\
ProcessID : 4294768971
Threads : 1
Priority : Normal
FileVersion : 5.0.0.97
ProductVersion : 5.0.0.97
ProductName : RealPlayer (32-bit) Version 5.0
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : RVPLAYER
LegalCopyright : Copyright © 1995-1997, RealNetworks (tm), Inc.
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : RVPLAYER.EXE
#:15 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294730587
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:16 [ADUSERMON.EXE]
FilePath : C:\PROGRAMME\IOMEGA\AUTODISK\
ProcessID : 4294682567
Threads : 2
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe
#:17 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294702191
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:18 [IMGICON.EXE]
FilePath : C:\PROGRAMME\IOMEGA\DRIVEICONS\
ProcessID : 4294689651
Threads : 1
Priority : Normal
#:19 [ZLCLIENT.EXE]
FilePath : C:\PROGRAMME\ZONE LABS\ZONEALARM\
ProcessID : 4294590199
Threads : 6
Priority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:20 [WINCOMM.EXE]
FilePath : C:\PROGRAM FILES\WIN COMM\
ProcessID : 4294594403
Threads : 4
Priority : Normal
#:21 [WEBREBATES0.EXE]
FilePath : C:\PROGRAMME\WEB_REBATES\
ProcessID : 4294635551
Threads : 6
Priority : Normal
#:22 [WINLOCK.EXE]
FilePath : C:\PROGRAM FILES\WIN COMM\
ProcessID : 4294524199
Threads : 2
Priority : Normal
#:23 [BABYLON.EXE]
FilePath : C:\PROGRAMME\BABYLON\
ProcessID : 4294541035
Threads : 3
Priority : Normal
FileVersion : 4.0.3.16
ProductVersion : 4.0.3.16
ProductName : Babylon
CompanyName : Babylon Ltd.
FileDescription : Babylon Information Tool
InternalName : capture
LegalCopyright : Copyright © Babylon Ltd. 1997-2003
OriginalFilename : capture
#:24 [FREERAM.EXE]
FilePath : C:\PROGRAMME\FREERAM\
ProcessID : 4294825091
Threads : 1
Priority : Normal
FileVersion : 3.2.0.0
ProductVersion : 3.2
ProductName : BySoft FreeRAM - freeware
CompanyName : BySoft
FileDescription : BySoft FreeRAM - freeware
LegalCopyright : Copyright © 2001-2004 BySoft
OriginalFilename : FreeRAM.exe
Comments : www.bysoft.com
#:25 [WZQKPICK.EXE]
FilePath : C:\PROGRAMME\WINZIP\
ProcessID : 4294677071
Threads : 1
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:26 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294441327
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:27 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294403747
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : DFÜ-Netzwerkprogramm
InternalName : RNAAPP
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE
#:28 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294667239
Threads : 5
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows(R) Telefonieserver
InternalName : Telefoniedienst
LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:29 [shlhook.exe]
FilePath : C:\PROGRAMME\BABYLON\utils\
ProcessID : 4294248683
Threads : 1
Priority : Normal
#:30 [IEXPLORE.EXE]
FilePath : C:\PROGRAMME\INTERNET EXPLORER\
ProcessID : 4294636511
Threads : 7
Priority : Normal
FileVersion : 6.00.2600.0000
ProductVersion : 6.00.2600.0000
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE
#:31 [WEBREBATES1.EXE]
FilePath : C:\PROGRAMME\WEB_REBATES\
ProcessID : 4294521587
Threads : 4
Priority : Normal
#:32 [AD-AWARE.EXE]
FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294826223
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ebbfe288-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ebbfe288-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ebbfe28a-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ebbfe28a-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe27b-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe27b-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe287-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe287-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe289-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe289-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.ciestub
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.ciestub
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.ciestub.1
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.ciestub.1
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.netscapestop
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.netscapestop
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.netscapestop.1
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.netscapestop.1
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ebbfe26d-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\aureate
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\aureate
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\radiate advertising
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\radiate advertising
Value : DisplayName
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\radiate advertising
Value : UninstallString
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com
TopMoxie Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\menuext\web rebates
TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\menuext\web rebates
Value :
TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\menuext\web rebates
Value : Contexts
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao.1
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao.1
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 37
Objects found so far: 37
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@atdmt[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:richard beyer@atdmt.com/
Expires : 28.08.09 01:00:00
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@promo.match[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@promo.match.com/
Expires : 03.11.04 01:16:08
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@adviva[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:richard beyer@adviva.net/
Expires : 07.09.09 13:38:16
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@cxoadfarm.dyndns[2].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:richard beyer@cxoadfarm.dyndns.info/
Expires : 16.10.05 18:30:18
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@maxserving[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@maxserving.com/
Expires : 27.08.14 12:44:46
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@adserver.betandwin[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:richard beyer@adserver.betandwin.de/
Expires : 06.09.14 20:19:52
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@bfast[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:richard beyer@bfast.com/
Expires : 03.10.24 13:37:16
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@partners.webmasterplan[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:richard beyer@partners.webmasterplan.com/
Expires : 09.11.04
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:450
Value : Cookie:richard beyer@servedby.advertising.com/
Expires : 23.11.04 11:44:12
LastSync : Hits:450
UseCount : 0
Hits : 450
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@versiontracker[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:richard beyer@versiontracker.com/
Expires : 03.10.06 06:47:24
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@as-eu.falkag[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@as-eu.falkag.net/
Expires : 29.11.04 14:38:46
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:richard beyer@tribalfusion.com/
Expires : 01.01.38 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@tradedoubler.com/
Expires : 28.09.24 13:34:20
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@as1.falkag[1].txt
Category : Data Miner
Comment : Hits:729
Value : Cookie:richard beyer@as1.falkag.de/
Expires : 29.11.04 22:50:26
LastSync : Hits:729
UseCount : 0
Hits : 729
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:richard beyer@imrworldwide.com/cgi-bin
Expires : 19.01.09
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@tophits4u[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@tophits4u.de/
Expires : 31.12.10 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@please[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:richard beyer@ad2.de.mediainter.net/please/
Expires : 22.09.05 10:27:22
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@doubleclick[1].txt
Category : Data Miner
Comment : Hits:129
Value : Cookie:richard beyer@doubleclick.net/
Expires : 27.08.07 19:49:42
LastSync : Hits:129
UseCount : 0
Hits : 129
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@advertising[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:richard beyer@advertising.com/
Expires : 04.09.09 20:15:12
LastSync : Hits:17
UseCount : 0
Hits : 17
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@mediaplex[1].txt
Category : Data Miner
Comment : Hits:45
Value : Cookie:richard beyer@mediaplex.com/
Expires : 22.06.09 01:00:00
LastSync : Hits:45
UseCount : 0
Hits : 45
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@~~local~~[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:richard beyer@~~local~~/
Expires : 17.10.04 18:06:06
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@bluestreak.com/
Expires : 14.10.14 14:30:14
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@adtech[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:richard beyer@adtech.de/
Expires : 04.09.14 12:10:12
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@serving-sys[2].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:richard beyer@serving-sys.com/
Expires : 01.01.38 09:00:00
LastSync : Hits:21
UseCount : 0
Hits : 21
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@fastclick[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:richard beyer@fastclick.net/
Expires : 14.10.06 11:41:44
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:richard beyer@z1.adserver.com/
Expires : 03.09.05 18:01:58
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\richard beyer@tribalfusion[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\richard beyer@bluestreak[2].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 65
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65
WinAD Object Recognized!
Type : File
Data : ide21201.vxd
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
Disk Scan Result for C:\WINDOWS\SYSTEM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66
Disk Scan Result for C:\WINDOWS\TEMP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66
MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : .DEFAULT\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b88a3af1-4f1b-4400-8ffb-3fcb108ce115}
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b88a3af1-4f1b-4400-8ffb-3fcb108ce115}
Value :
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 87
10:34:01 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:22.340
Objects scanned:30784
Objects identified:68
Objects ignored:0
New critical objects:68
---------------------------------------------------------------------------------------------------
Soweit ok. Was soll ich davon löschen?
Das was ich in der Registry löschen soll ist entweder nicht da oder ich finde es nicht.
Die online scans haben nichts bewegendes ergeben.
Den 1. online scan habe ich 3 mal durchgeführt. Jedes mal wurden von meinem Virenscanner Würmer erkannt. Netsky und Kelz.
Der zweite scan hat nichts mehr gefunden. Der dritte ist kein Virenscanner sondern der Download des Microsoft Internetexplorers 6.0.
Zum Schluss noch das Protokoll von HijackThis:
Logfile of HijackThis v1.98.2
Scan saved at 22:33:07, on 31.10.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
C:\PROGRAMME\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\FREERAM\FREERAM.EXE
C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\PROGRAMME\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\EIGENE DATEIEN\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signin.ebay.de/aw-cgi/eBayISAPI.dll?SignIn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [RealTray] C:\PROGRAMME\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAMME\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Refresh.lnk = C:\Programme\Internet Explorer\Connection Wizard\ICWRMIND.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAMME\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12045dfe1f9 ... 601_de.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 677af13876
d80575558a5afedcb2919a3d40919a1a6
1851a4834019fcdf82a9ac44068923192c2d035e328f6c13f:d850ebd7cca3b498dc248e2dbf7775d2
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
Also, das Programm Ad-Aware SE Personal habe ich durchgeführt. Das Ergebnis ist folgendes:
Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 31. Oktober 2004 10:32:38
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Aureate(TAC index:5):24 total references
Claria(TAC index:7):3 total references
MRU List(TAC index:0):19 total references
TopMoxie(TAC index:3):3 total references
Tracking Cookie(TAC index:3):28 total references
WinAD(TAC index:7):1 total references
WinFavorites(TAC index:6):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
31.10.04 10:32:38 - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291797607
Threads : 7
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294940291
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294961943
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294951767
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294860851
Threads : 2
Priority : Normal
FileVersion : 4.71.1968.1
ProductVersion : 4.71.1968.1
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [VSMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\ZONELABS\
ProcessID : 4294864251
Threads : 15
Priority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:7 [ADSERVICE.EXE]
FilePath : C:\PROGRAMME\IOMEGA\AUTODISK\
ProcessID : 4294877331
Threads : 4
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe
#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294958963
Threads : 15
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Betriebssystem Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : Windows-Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
#:9 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294711719
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:10 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294710147
Threads : 2
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Applet für die Taskleiste
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1999
OriginalFilename : SYSTRAY.EXE
#:11 [TOADIMON.EXE]
FilePath : C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\
ProcessID : 4294727291
Threads : 1
Priority : Normal
FileVersion : 2.12.10
ProductVersion : 2.00
ProductName : Marmiko IT-Solutions GmbH DialAssistent Component
CompanyName : Marmiko IT-Solutions GmbH
FileDescription : T-Online Verbindungsassistent
InternalName : ToADiMon
LegalCopyright : Copyright © Marmiko IT-Solutions GmbH 2000-2003, Copyright © T-Online International AG 2001-2003
OriginalFilename : ToADiMon.EXE
#:12 [WARN0190.EXE]
FilePath : C:\PROGRAMME\0190 WARNER\
ProcessID : 4294724447
Threads : 6
Priority : Normal
FileVersion : 4.0.0.206
ProductVersion : 4.0
ProductName : 0190 Warner / 0900 Warner
CompanyName : Mirko Böer
FileDescription : 0190 Warner / 0900 Warner
LegalCopyright : Copyright © 2001 - 2003 Mirko Böer
Comments : http://www.wt-rate.com/
#:13 [AVGCTRL.EXE]
FilePath : C:\PROGRAMME\AVPERSONAL\
ProcessID : 4294743391
Threads : 2
Priority : Normal
#:14 [REALPLAY.EXE]
FilePath : C:\PROGRAMME\REALPLAYER\
ProcessID : 4294768971
Threads : 1
Priority : Normal
FileVersion : 5.0.0.97
ProductVersion : 5.0.0.97
ProductName : RealPlayer (32-bit) Version 5.0
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : RVPLAYER
LegalCopyright : Copyright © 1995-1997, RealNetworks (tm), Inc.
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : RVPLAYER.EXE
#:15 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294730587
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:16 [ADUSERMON.EXE]
FilePath : C:\PROGRAMME\IOMEGA\AUTODISK\
ProcessID : 4294682567
Threads : 2
Priority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe
#:17 [RUNDLL32.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294702191
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:18 [IMGICON.EXE]
FilePath : C:\PROGRAMME\IOMEGA\DRIVEICONS\
ProcessID : 4294689651
Threads : 1
Priority : Normal
#:19 [ZLCLIENT.EXE]
FilePath : C:\PROGRAMME\ZONE LABS\ZONEALARM\
ProcessID : 4294590199
Threads : 6
Priority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:20 [WINCOMM.EXE]
FilePath : C:\PROGRAM FILES\WIN COMM\
ProcessID : 4294594403
Threads : 4
Priority : Normal
#:21 [WEBREBATES0.EXE]
FilePath : C:\PROGRAMME\WEB_REBATES\
ProcessID : 4294635551
Threads : 6
Priority : Normal
#:22 [WINLOCK.EXE]
FilePath : C:\PROGRAM FILES\WIN COMM\
ProcessID : 4294524199
Threads : 2
Priority : Normal
#:23 [BABYLON.EXE]
FilePath : C:\PROGRAMME\BABYLON\
ProcessID : 4294541035
Threads : 3
Priority : Normal
FileVersion : 4.0.3.16
ProductVersion : 4.0.3.16
ProductName : Babylon
CompanyName : Babylon Ltd.
FileDescription : Babylon Information Tool
InternalName : capture
LegalCopyright : Copyright © Babylon Ltd. 1997-2003
OriginalFilename : capture
#:24 [FREERAM.EXE]
FilePath : C:\PROGRAMME\FREERAM\
ProcessID : 4294825091
Threads : 1
Priority : Normal
FileVersion : 3.2.0.0
ProductVersion : 3.2
ProductName : BySoft FreeRAM - freeware
CompanyName : BySoft
FileDescription : BySoft FreeRAM - freeware
LegalCopyright : Copyright © 2001-2004 BySoft
OriginalFilename : FreeRAM.exe
Comments : www.bysoft.com
#:25 [WZQKPICK.EXE]
FilePath : C:\PROGRAMME\WINZIP\
ProcessID : 4294677071
Threads : 1
Priority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English
#:26 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294441327
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:27 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294403747
Threads : 2
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : DFÜ-Netzwerkprogramm
InternalName : RNAAPP
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE
#:28 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294667239
Threads : 5
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows(R) Telefonieserver
InternalName : Telefoniedienst
LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:29 [shlhook.exe]
FilePath : C:\PROGRAMME\BABYLON\utils\
ProcessID : 4294248683
Threads : 1
Priority : Normal
#:30 [IEXPLORE.EXE]
FilePath : C:\PROGRAMME\INTERNET EXPLORER\
ProcessID : 4294636511
Threads : 7
Priority : Normal
FileVersion : 6.00.2600.0000
ProductVersion : 6.00.2600.0000
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE
#:31 [WEBREBATES1.EXE]
FilePath : C:\PROGRAMME\WEB_REBATES\
ProcessID : 4294521587
Threads : 4
Priority : Normal
#:32 [AD-AWARE.EXE]
FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294826223
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ebbfe288-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ebbfe288-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ebbfe28a-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ebbfe28a-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe27b-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe27b-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe287-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe287-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe289-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ebbfe289-bdf0-11d2-bbe5-00609419f467}
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.ciestub
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.ciestub
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.ciestub.1
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.ciestub.1
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.netscapestop
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.netscapestop
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.netscapestop.1
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : stub.netscapestop.1
Value :
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ebbfe26d-bdf0-11d2-bbe5-00609419f467}
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\aureate
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\aureate
Aureate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\radiate advertising
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\radiate advertising
Value : DisplayName
Aureate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\radiate advertising
Value : UninstallString
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG
Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com
TopMoxie Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\menuext\web rebates
TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\menuext\web rebates
Value :
TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\menuext\web rebates
Value : Contexts
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao.1
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao.1
Value :
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 37
Objects found so far: 37
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 37
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@atdmt[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:richard beyer@atdmt.com/
Expires : 28.08.09 01:00:00
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@promo.match[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@promo.match.com/
Expires : 03.11.04 01:16:08
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@adviva[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:richard beyer@adviva.net/
Expires : 07.09.09 13:38:16
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@cxoadfarm.dyndns[2].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:richard beyer@cxoadfarm.dyndns.info/
Expires : 16.10.05 18:30:18
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@maxserving[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@maxserving.com/
Expires : 27.08.14 12:44:46
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@adserver.betandwin[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:richard beyer@adserver.betandwin.de/
Expires : 06.09.14 20:19:52
LastSync : Hits:9
UseCount : 0
Hits : 9
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@bfast[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:richard beyer@bfast.com/
Expires : 03.10.24 13:37:16
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@partners.webmasterplan[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:richard beyer@partners.webmasterplan.com/
Expires : 09.11.04
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@servedby.advertising[1].txt
Category : Data Miner
Comment : Hits:450
Value : Cookie:richard beyer@servedby.advertising.com/
Expires : 23.11.04 11:44:12
LastSync : Hits:450
UseCount : 0
Hits : 450
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@versiontracker[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:richard beyer@versiontracker.com/
Expires : 03.10.06 06:47:24
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@as-eu.falkag[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@as-eu.falkag.net/
Expires : 29.11.04 14:38:46
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:richard beyer@tribalfusion.com/
Expires : 01.01.38 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@tradedoubler.com/
Expires : 28.09.24 13:34:20
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@as1.falkag[1].txt
Category : Data Miner
Comment : Hits:729
Value : Cookie:richard beyer@as1.falkag.de/
Expires : 29.11.04 22:50:26
LastSync : Hits:729
UseCount : 0
Hits : 729
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:richard beyer@imrworldwide.com/cgi-bin
Expires : 19.01.09
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@tophits4u[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@tophits4u.de/
Expires : 31.12.10 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@please[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:richard beyer@ad2.de.mediainter.net/please/
Expires : 22.09.05 10:27:22
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@doubleclick[1].txt
Category : Data Miner
Comment : Hits:129
Value : Cookie:richard beyer@doubleclick.net/
Expires : 27.08.07 19:49:42
LastSync : Hits:129
UseCount : 0
Hits : 129
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@advertising[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:richard beyer@advertising.com/
Expires : 04.09.09 20:15:12
LastSync : Hits:17
UseCount : 0
Hits : 17
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@mediaplex[1].txt
Category : Data Miner
Comment : Hits:45
Value : Cookie:richard beyer@mediaplex.com/
Expires : 22.06.09 01:00:00
LastSync : Hits:45
UseCount : 0
Hits : 45
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@~~local~~[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:richard beyer@~~local~~/
Expires : 17.10.04 18:06:06
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:richard beyer@bluestreak.com/
Expires : 14.10.14 14:30:14
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@adtech[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:richard beyer@adtech.de/
Expires : 04.09.14 12:10:12
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@serving-sys[2].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:richard beyer@serving-sys.com/
Expires : 01.01.38 09:00:00
LastSync : Hits:21
UseCount : 0
Hits : 21
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@fastclick[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:richard beyer@fastclick.net/
Expires : 14.10.06 11:41:44
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:22
Value : Cookie:richard beyer@z1.adserver.com/
Expires : 03.09.05 18:01:58
LastSync : Hits:22
UseCount : 0
Hits : 22
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\richard beyer@tribalfusion[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : richard beyer@bluestreak[2].txt
Category : Data Miner
Comment :
Value : C:\WINDOWS\Cookies\richard beyer@bluestreak[2].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 28
Objects found so far: 65
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 65
WinAD Object Recognized!
Type : File
Data : ide21201.vxd
Category : Data Miner
Comment :
Object : C:\WINDOWS\SYSTEM\
Disk Scan Result for C:\WINDOWS\SYSTEM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66
Disk Scan Result for C:\WINDOWS\TEMP\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 66
MRU List Object Recognized!
Location: : .DEFAULT\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : .DEFAULT\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : .DEFAULT\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b88a3af1-4f1b-4400-8ffb-3fcb108ce115}
WinFavorites Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b88a3af1-4f1b-4400-8ffb-3fcb108ce115}
Value :
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 87
10:34:01 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:22.340
Objects scanned:30784
Objects identified:68
Objects ignored:0
New critical objects:68
---------------------------------------------------------------------------------------------------
Soweit ok. Was soll ich davon löschen?
Das was ich in der Registry löschen soll ist entweder nicht da oder ich finde es nicht.
Die online scans haben nichts bewegendes ergeben.
Den 1. online scan habe ich 3 mal durchgeführt. Jedes mal wurden von meinem Virenscanner Würmer erkannt. Netsky und Kelz.
Der zweite scan hat nichts mehr gefunden. Der dritte ist kein Virenscanner sondern der Download des Microsoft Internetexplorers 6.0.
Zum Schluss noch das Protokoll von HijackThis:
Logfile of HijackThis v1.98.2
Scan saved at 22:33:07, on 31.10.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
C:\PROGRAMME\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\FREERAM\FREERAM.EXE
C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\PROGRAMME\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\EIGENE DATEIEN\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signin.ebay.de/aw-cgi/eBayISAPI.dll?SignIn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [RealTray] C:\PROGRAMME\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAMME\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Refresh.lnk = C:\Programme\Internet Explorer\Connection Wizard\ICWRMIND.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAMME\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12045dfe1f9 ... 601_de.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 677af13876
d80575558a5afedcb2919a3d40919a1a6
1851a4834019fcdf82a9ac44068923192c2d035e328f6c13f:d850ebd7cca3b498dc248e2dbf7775d2
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
- automatix
- Administrator
- Beiträge: 14686
- Registriert: 12.09.2004, 13:58
- Wohnort: 95138 Bad Steben
von Nikita am 01.11.2004, 00:53
Hallo@automatix
#gehe in die Registry
Loesche rechts folgende Eintraege:
<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Communicator = wincomm.exe
<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Windows Communicator = wincomm.exe
[WebRebates0] "C:\PROGRAMME\WEB_REBATES
schliesse die Registry
oeffne das HijackThis<scan<anhaken<fix< PC neustarten
O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAMME\WEB_REBATES\WebRebates0.exe"
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAMME\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 2677af1387
6d80575558a5afedcb2919a3d40919a1a61851a4834019fcdf
neustarten
oeffne das HijackThis:
<HijackThis<Config<Misc Tools<Delete a file on reboot< reinkopieren:
c:\windows\system\wincomm.exe <PC NEUSTARTEN
das machst du mit:
<C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
<C:\PROGRAMME\WEB_REBATES\WEBREBATES0.EXE
<C:\PROGRAMME\WEB_REBATES\WEBREBATES1.EXE
<C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
Datentraegerbereinigung: und Loeschen der Temporary-Dateien
1. Start<Ausfuehren<cleanmgr
#Click Temporary Internet Files, O.K
#Temporary Files
ueberpruefe:..poste das Ergebnis (!)
C:\WINDOWS\RUNDLL32.EXE
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.dhs.org/
<Das eScan AV Toolkit (mwav.exe) herunterladen, oeffnen, aber nicht scannen
http://www.mwti.net/antivirus/free_utilities.asp
*
danach die "kavupd.exe" (automatisches Update ueber DOS) ausführen. (oder unter Start<Ausfuehren<%temp% die kavupd.exe suchen) und anklicken.
und den Scanner starten. Alle Häkchen setzen :
Auswählen: Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives
<und "Scan " klicken.
<Öffne die mwav.log -> Bearbeiten -> Suchen ->
Wenn man infizierte Dateien in dem eScan Log finden will, sollte man nach infected suchen und die Eintraege hier posten
zusammen mit dem neuen Log vom HijackThis.
mfg
Nikita
#gehe in die Registry
Loesche rechts folgende Eintraege:
<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Communicator = wincomm.exe
<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Windows Communicator = wincomm.exe
[WebRebates0] "C:\PROGRAMME\WEB_REBATES
schliesse die Registry
oeffne das HijackThis<scan<anhaken<fix< PC neustarten
O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAMME\WEB_REBATES\WebRebates0.exe"
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAMME\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 2677af1387
6d80575558a5afedcb2919a3d40919a1a61851a4834019fcdf
neustarten
oeffne das HijackThis:
<HijackThis<Config<Misc Tools<Delete a file on reboot< reinkopieren:
c:\windows\system\wincomm.exe <PC NEUSTARTEN
das machst du mit:
<C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
<C:\PROGRAMME\WEB_REBATES\WEBREBATES0.EXE
<C:\PROGRAMME\WEB_REBATES\WEBREBATES1.EXE
<C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
Datentraegerbereinigung: und Loeschen der Temporary-Dateien
1. Start<Ausfuehren<cleanmgr
#Click Temporary Internet Files, O.K
#Temporary Files
ueberpruefe:..poste das Ergebnis (!)
C:\WINDOWS\RUNDLL32.EXE
Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.dhs.org/
<Das eScan AV Toolkit (mwav.exe) herunterladen, oeffnen, aber nicht scannen
http://www.mwti.net/antivirus/free_utilities.asp
*
danach die "kavupd.exe" (automatisches Update ueber DOS) ausführen. (oder unter Start<Ausfuehren<%temp% die kavupd.exe suchen) und anklicken.
und den Scanner starten. Alle Häkchen setzen :
Auswählen: Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives
<und "Scan " klicken.
<Öffne die mwav.log -> Bearbeiten -> Suchen ->
Wenn man infizierte Dateien in dem eScan Log finden will, sollte man nach infected suchen und die Eintraege hier posten
zusammen mit dem neuen Log vom HijackThis.
mfg
Nikita
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von automatix am 01.11.2004, 19:15
Hallo Nikita!
Einmal pro Woche update ich meinen Virenscanner (AntiVir) und führe einen kompletten Scan durch. Nachdem ich die empfohlenen online scans durchgeführt hatte, wurde ich von Viren und Würmern geradezu überfallen. Als ich meinen letzten Kommentar eintragen wollte ging es los. Ständig meldete sich mein Virenscanner.
Leider kann ich die ersten beiden Einträge nicht finden:
Loesche rechts folgende Eintraege:
<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Communicator = wincomm.exe
<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Windows Communicator = wincomm.exe
Ich habe einfach über die Suchfunktion alles von WebRebates und wincomm gelöscht.
oeffne das HijackThis<scan<anhaken<fix< PC neustarten
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAMME\WEB_REBATES\WebRebates0.exe"
Dieser Eintrag ist nicht vorhanden. Den hab ich wohl gelöscht!?
oeffne das HijackThis:
<HijackThis<Config<Misc Tools<Delete a file on reboot< reinkopieren:
c:\windows\system\wincomm.exe <PC NEUSTARTEN
das machst du mit:
<C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
<C:\PROGRAMME\WEB_REBATES\WEBREBATES0.EXE XXX
<C:\PROGRAMME\WEB_REBATES\WEBREBATES1.EXE XXX
<C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
XXX Diese Beiden sind auch nicht vorhanden, hab ich wohl auch gelöscht.
Datentraegerbereinigung ist ok, die Dateien sind gelöscht.
Service load: 0% 100%
File: RUNDLL32.EXE
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: None
AntiVir No viruses found (1.78 seconds taken)
Avast No viruses found (5.04 seconds taken)
BitDefender No viruses found (4.28 seconds taken)
ClamAV No viruses found (3.24 seconds taken)
Dr.Web No viruses found (4.94 seconds taken)
F-Prot Antivirus No viruses found (0.40 seconds taken)
Kaspersky Anti-Virus No viruses found (12.44 seconds taken)
mks_vir No viruses found (2.34 seconds taken)
NOD32 No viruses found (2.65 seconds taken)
Norman Virus Control No viruses found (3.67 seconds taken)
Mon Nov 01 18:04:58 2004 => ***** Scanning complete. *****
Mon Nov 01 18:04:58 2004 => Total Files Scanned: 71766
Mon Nov 01 18:04:58 2004 => Total Virus(es) Found: 21
Mon Nov 01 18:04:58 2004 => Total Disinfected Files: 0
Mon Nov 01 18:04:58 2004 => Total Files Renamed: 0
Mon Nov 01 18:04:58 2004 => Total Deleted Files: 0
Mon Nov 01 18:04:58 2004 => Total Errors: 6
Mon Nov 01 18:04:58 2004 => Time Elapsed: 00:50:01
Mon Nov 01 18:04:58 2004 => Virus Database Date: 2004/11/01
Mon Nov 01 18:04:58 2004 => Virus Database Count: 107925
Mon Nov 01 18:04:58 2004 => Scan Completed.
Logfile of HijackThis v1.98.2
Scan saved at 18:11:52, on 01.11.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\FREERAM\FREERAM.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\EIGENE DATEIEN\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signin.ebay.de/aw-cgi/eBayISAPI.dll?SignIn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: 0190/0900 Warner Browser Helper - {D2F63D33-C571-41E9-9525-A17CA1804D3B} - C:\PROGRA~1\0190WA~1\WHELPER1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [RealTray] C:\PROGRAMME\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunServices: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\RunServices: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - HKCU\..\RunServicesOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Refresh.lnk = C:\Programme\Internet Explorer\Connection Wizard\ICWRMIND.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12045dfe1f9 ... 601_de.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... b5cd172677
af13876d80
575558a5afedcb2919a3d409
19a1a61851a4834019fcdf82a9ac44068923192c2d035e328f6c13f:d850ebd7cca3b498dc248e2
dbf7775d2
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
Erstellungsdatum der Reportdatei: Montag, 1. November 2004 13:46
AntiVir®/9x Personal Edition v6.28.00.07 vom 14.10.2004
VDF-Datei v6.28.0.47 (0) vom 29.10.2004
Dieses Programm ist nur für den PRIVATEN EINSATZ bestimmt.
Jede andere Verwendung ist NICHT gestattet.
Informationen über kommerzielle Versionen von AntiVir erhalten Sie bei:
www.antivir.de.
Es wird nach 92353 Viren bzw. unerwünschten Programmen gesucht.
Lizenznehmer: AntiVir Personal Edition
Seriennummer: 0000149996-WURGE-0001
FUSE: Grundlizenz
Bitte tragen Sie in dieses Formular den Rechnerstandort und
den zuständigen Ansprechpartner mit Telefonnummer ein:
Name ___________________________________________
Straße ___________________________________________
PLZ/Ort ___________________________________________
Telefon/Fax ___________________________________________
EMail ___________________________________________
Plattform: Windows 98
Windows-Version: 4.10.2222 A
Benutzername: Richard Beyer
Prozessor: Pentium
Arbeitsspeicher: 261572 KB frei
Versionsinformationen:
AVWIN.DLL : v6.28.00.07 524328 19.10.2004 14:17:02
AVEWIN32.DLL : v6.28.0.12 569856 01.11.2004 13:39:58
SYS_RW16.DLL : v6.19.0 12800 17.03.2004 15:01:00
SYS_RW32.DLL : v6.19.0 16384 17.03.2004 15:01:02
AVGCTRL.EXE : v6.28.00.00 86016 05.10.2004 17:06:24
AVGUARD.VXD : v6.28.0.12 376463 01.11.2004 13:39:58
AVPACK32.DLL : v6.28.0.2 294952 19.10.2004 14:17:02
AVGETVER.DLL : v6.22.00.00 24576 17.03.2004 14:59:42
AVWIN.DLL : v6.28.00.07 524328 19.10.2004 14:17:02
AVSHLEXT.DLL : v6.22.00.00 57344 17.03.2004 15:00:00
AVSched32.EXE : v6.28.00.00 110672 05.10.2004 17:06:28
AVSched32.DLL : v6.28.00.01 122880 05.10.2004 17:06:28
AVREG.DLL : v6.27.00.01 41000 04.08.2004 12:15:34
AVRep.DLL : v6.28.00.21 692264 19.10.2004 14:17:02
INETUPD.EXE : v6.28.00.07 200704 19.10.2004 14:17:02
INETUPD.DLL : v6.28.00.07 159744 19.10.2004 14:17:02
Einmal pro Woche update ich meinen Virenscanner (AntiVir) und führe einen kompletten Scan durch. Nachdem ich die empfohlenen online scans durchgeführt hatte, wurde ich von Viren und Würmern geradezu überfallen. Als ich meinen letzten Kommentar eintragen wollte ging es los. Ständig meldete sich mein Virenscanner.
Leider kann ich die ersten beiden Einträge nicht finden:
Loesche rechts folgende Eintraege:
<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Communicator = wincomm.exe
<HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Windows Communicator = wincomm.exe
Ich habe einfach über die Suchfunktion alles von WebRebates und wincomm gelöscht.
oeffne das HijackThis<scan<anhaken<fix< PC neustarten
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAMME\WEB_REBATES\WebRebates0.exe"
Dieser Eintrag ist nicht vorhanden. Den hab ich wohl gelöscht!?
oeffne das HijackThis:
<HijackThis<Config<Misc Tools<Delete a file on reboot< reinkopieren:
c:\windows\system\wincomm.exe <PC NEUSTARTEN
das machst du mit:
<C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
<C:\PROGRAMME\WEB_REBATES\WEBREBATES0.EXE XXX
<C:\PROGRAMME\WEB_REBATES\WEBREBATES1.EXE XXX
<C:\PROGRAM FILES\WIN COMM\WINLOCK.EXE
XXX Diese Beiden sind auch nicht vorhanden, hab ich wohl auch gelöscht.
Datentraegerbereinigung ist ok, die Dateien sind gelöscht.
Service load: 0% 100%
File: RUNDLL32.EXE
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: None
AntiVir No viruses found (1.78 seconds taken)
Avast No viruses found (5.04 seconds taken)
BitDefender No viruses found (4.28 seconds taken)
ClamAV No viruses found (3.24 seconds taken)
Dr.Web No viruses found (4.94 seconds taken)
F-Prot Antivirus No viruses found (0.40 seconds taken)
Kaspersky Anti-Virus No viruses found (12.44 seconds taken)
mks_vir No viruses found (2.34 seconds taken)
NOD32 No viruses found (2.65 seconds taken)
Norman Virus Control No viruses found (3.67 seconds taken)
Mon Nov 01 18:04:58 2004 => ***** Scanning complete. *****
Mon Nov 01 18:04:58 2004 => Total Files Scanned: 71766
Mon Nov 01 18:04:58 2004 => Total Virus(es) Found: 21
Mon Nov 01 18:04:58 2004 => Total Disinfected Files: 0
Mon Nov 01 18:04:58 2004 => Total Files Renamed: 0
Mon Nov 01 18:04:58 2004 => Total Deleted Files: 0
Mon Nov 01 18:04:58 2004 => Total Errors: 6
Mon Nov 01 18:04:58 2004 => Time Elapsed: 00:50:01
Mon Nov 01 18:04:58 2004 => Virus Database Date: 2004/11/01
Mon Nov 01 18:04:58 2004 => Virus Database Count: 107925
Mon Nov 01 18:04:58 2004 => Scan Completed.
Logfile of HijackThis v1.98.2
Scan saved at 18:11:52, on 01.11.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADSERVICE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\TOADIMON.EXE
C:\PROGRAMME\0190 WARNER\WARN0190.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\FREERAM\FREERAM.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\EIGENE DATEIEN\HIJACK\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signin.ebay.de/aw-cgi/eBayISAPI.dll?SignIn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de;localhost;<local>
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: 0190/0900 Warner Browser Helper - {D2F63D33-C571-41E9-9525-A17CA1804D3B} - C:\PROGRA~1\0190WA~1\WHELPER1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BASIS-SOFTWARE\BASIS1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [RealTray] C:\PROGRAMME\REALPLAYER\REALPLAY.EXE SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ADService] C:\Programme\Iomega\AutoDisk\ADService.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunServices: [Babylon Translator] C:\Programme\Babylon\Babylon.exe
O4 - HKCU\..\RunServices: [BySoft FreeRAM] C:\PROGRAMME\FREERAM\FREERAM.EXE
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - HKCU\..\RunServicesOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE.EXE -trayboot
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Refresh.lnk = C:\Programme\Internet Explorer\Connection Wizard\ICWRMIND.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add bid - {866875B8-9855-48f8-BAAB-8002C325BE69} - C:\Programme\Paragon\Last Minute Gebot\plmg.exe (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12045dfe1f9 ... 601_de.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... b5cd172677
af13876d80
575558a5afedcb2919a3d409
19a1a61851a4834019fcdf82a9ac44068923192c2d035e328f6c13f:d850ebd7cca3b498dc248e2
dbf7775d2
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
Erstellungsdatum der Reportdatei: Montag, 1. November 2004 13:46
AntiVir®/9x Personal Edition v6.28.00.07 vom 14.10.2004
VDF-Datei v6.28.0.47 (0) vom 29.10.2004
Dieses Programm ist nur für den PRIVATEN EINSATZ bestimmt.
Jede andere Verwendung ist NICHT gestattet.
Informationen über kommerzielle Versionen von AntiVir erhalten Sie bei:
www.antivir.de.
Es wird nach 92353 Viren bzw. unerwünschten Programmen gesucht.
Lizenznehmer: AntiVir Personal Edition
Seriennummer: 0000149996-WURGE-0001
FUSE: Grundlizenz
Bitte tragen Sie in dieses Formular den Rechnerstandort und
den zuständigen Ansprechpartner mit Telefonnummer ein:
Name ___________________________________________
Straße ___________________________________________
PLZ/Ort ___________________________________________
Telefon/Fax ___________________________________________
EMail ___________________________________________
Plattform: Windows 98
Windows-Version: 4.10.2222 A
Benutzername: Richard Beyer
Prozessor: Pentium
Arbeitsspeicher: 261572 KB frei
Versionsinformationen:
AVWIN.DLL : v6.28.00.07 524328 19.10.2004 14:17:02
AVEWIN32.DLL : v6.28.0.12 569856 01.11.2004 13:39:58
SYS_RW16.DLL : v6.19.0 12800 17.03.2004 15:01:00
SYS_RW32.DLL : v6.19.0 16384 17.03.2004 15:01:02
AVGCTRL.EXE : v6.28.00.00 86016 05.10.2004 17:06:24
AVGUARD.VXD : v6.28.0.12 376463 01.11.2004 13:39:58
AVPACK32.DLL : v6.28.0.2 294952 19.10.2004 14:17:02
AVGETVER.DLL : v6.22.00.00 24576 17.03.2004 14:59:42
AVWIN.DLL : v6.28.00.07 524328 19.10.2004 14:17:02
AVSHLEXT.DLL : v6.22.00.00 57344 17.03.2004 15:00:00
AVSched32.EXE : v6.28.00.00 110672 05.10.2004 17:06:28
AVSched32.DLL : v6.28.00.01 122880 05.10.2004 17:06:28
AVREG.DLL : v6.27.00.01 41000 04.08.2004 12:15:34
AVRep.DLL : v6.28.00.21 692264 19.10.2004 14:17:02
INETUPD.EXE : v6.28.00.07 200704 19.10.2004 14:17:02
INETUPD.DLL : v6.28.00.07 159744 19.10.2004 14:17:02