Lavasoft Support Forums > Another W32.Myzor.FK@yf issue

Full Version: Another W32.Myzor.FK@yf issue

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues

gecko

Oct 5 2006, 11:48 AM

Hi,

I've read the other threads on this topic and have tried the Smitfraudfix, but to no avail.

I must be thick or something. Help.

Here's the Ad-aware and Hijackthis logs;

Ad-Aware SE Build 1.06r1
Logfile Created on:Donnerstag, 5. Oktober 2006 12:40:38
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R124 19.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):35 total references
Tracking Cookie(TAC index:3):3 total references
Win32.Trojandownloader.Zlob(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

05.10.2006 12:40:38 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 660
ThreadCreationTime : 05.10.2006 10:07:38
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 05.10.2006 10:07:39
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 05.10.2006 10:07:43
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 05.10.2006 10:07:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 816
ThreadCreationTime : 05.10.2006 10:07:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 05.10.2006 10:07:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 05.10.2006 10:07:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 05.10.2006 10:07:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1240
ThreadCreationTime : 05.10.2006 10:07:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1308
ThreadCreationTime : 05.10.2006 10:07:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1720
ThreadCreationTime : 05.10.2006 10:07:45
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:12 [brsvc01a.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1816
ThreadCreationTime : 05.10.2006 10:07:45
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2001
OriginalFilename : brsvc01a.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1832
ThreadCreationTime : 05.10.2006 10:07:46
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [brss01a.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1844
ThreadCreationTime : 05.10.2006 10:07:46
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper

#:15 [isamonitor.exe]
FilePath : C:\Programme\SoftCodec\
ProcessID : 184
ThreadCreationTime : 05.10.2006 10:07:47
BasePriority : Normal

#:16 [smtray.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 204
ThreadCreationTime : 05.10.2006 10:07:47
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2003 Analog Devices
OriginalFilename : SMTray.exe

#:17 [atiptaxx.exe]
FilePath : C:\Programme\ATI Technologies\ATI Control Panel\
ProcessID : 236
ThreadCreationTime : 05.10.2006 10:07:47
BasePriority : Normal
FileVersion : 6.14.10.5014
ProductVersion : 6.14.10.5014
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:18 [isamini.exe]
FilePath : C:\Programme\SoftCodec\
ProcessID : 264
ThreadCreationTime : 05.10.2006 10:07:47
BasePriority : Normal

#:19 [warn0900.exe]
FilePath : C:\PROGRA~1\0900WA~1\
ProcessID : 344
ThreadCreationTime : 05.10.2006 10:07:47
BasePriority : Normal
FileVersion : 4.0.0.202
ProductVersion : 4.0
ProductName : 0190 Warner / 0900 Warner
CompanyName : Mirko Böer
FileDescription : 0190 Warner / 0900 Warner
LegalCopyright : Copyright © 2001 - 2003 Mirko Böer
Comments : http://www.wt-rate.com/

#:20 [aoldial.exe]
FilePath : C:\Programme\Gemeinsame Dateien\AOL\ACS\
ProcessID : 412
ThreadCreationTime : 05.10.2006 10:07:47
BasePriority : Normal
FileVersion : 2.6.6.3.DE.55
ProductVersion : 2.6.6.3.DE.55
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:21 [wkufind.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\
ProcessID : 468
ThreadCreationTime : 05.10.2006 10:07:48
BasePriority : Normal
FileVersion : 7.00.0617.0
ProductVersion : 7.00.0617.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works-Aktualisierungserkennung
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:22 [avgnt.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 488
ThreadCreationTime : 05.10.2006 10:07:48
BasePriority : Normal

#:23 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 504
ThreadCreationTime : 05.10.2006 10:07:48
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:24 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 05.10.2006 10:07:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:25 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 528
ThreadCreationTime : 05.10.2006 10:07:48
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:26 [iwatch.exe]
FilePath : C:\Programme\FRITZ!\
ProcessID : 552
ThreadCreationTime : 05.10.2006 10:07:48
BasePriority : Normal
FileVersion : 2.00.09
ProductVersion : 2.00.09
ProductName : ISDNWatch
CompanyName : AVM Berlin
FileDescription : ISDNWatch Monitor
InternalName : ISDNWatch
LegalCopyright : Copyright © AVM Berlin
OriginalFilename : IWatch.exe

#:27 [findfast.exe]
FilePath : C:\Programme\Microsoft Office\Office\
ProcessID : 584
ThreadCreationTime : 05.10.2006 10:07:48
BasePriority : Normal
FileVersion : 8.0
ProductVersion : 8.0
ProductName : Microsoft® Indexerstellung
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office-Indexerstellung
InternalName : FINDFAST
LegalCopyright : Copyright © Microsoft Corp. 1995-1997
OriginalFilename : FINDFAST.EXE

#:28 [osa.exe]
FilePath : C:\Programme\Microsoft Office\Office\
ProcessID : 592
ThreadCreationTime : 05.10.2006 10:07:48
BasePriority : Normal

#:29 [kstart32.exe]
FilePath : C:\Programme\klickTel\klickTel Herbst 2006\
ProcessID : 676
ThreadCreationTime : 05.10.2006 10:07:49
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 6.00
ProductName : Schnellstarter für klickTel Mai 99
CompanyName : klickTel GmbH
LegalCopyright : klickTel GmbH

#:30 [w0svc.exe]
FilePath : C:\PROGRA~1\0900WA~1\
ProcessID : 1412
ThreadCreationTime : 05.10.2006 10:07:56
BasePriority : Normal
FileVersion : 4.0.0.16
ProductVersion : 4.0
ProductName : 0190/0900 Warner
CompanyName : Mirko Böer
FileDescription : 0190/0900 Warner Service
InternalName : w0svc
LegalCopyright : Copyright © 2003 Mirko Böer
OriginalFilename : w0svc.exe

#:31 [avguard.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1440
ThreadCreationTime : 05.10.2006 10:07:56
BasePriority : Normal

#:32 [aolacsd.exe]
FilePath : C:\Programme\Gemeinsame Dateien\AOL\ACS\
ProcessID : 1448
ThreadCreationTime : 05.10.2006 10:07:56
BasePriority : Normal

#:33 [avwupsrv.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1460
ThreadCreationTime : 05.10.2006 10:07:56
BasePriority : Normal

#:34 [netmdsb.exe]
FilePath : C:\Programme\Sony\MD Simple Burner\
ProcessID : 1576
ThreadCreationTime : 05.10.2006 10:07:56
BasePriority : Normal
FileVersion : 2.0.03.16212
ProductVersion : 2.0.03.16212
ProductName : MD Simple Burner
CompanyName : Sony Corporation
FileDescription : MD Simple Burner
InternalName : MD Simple Burner
LegalCopyright : Copyright 2001, 2002, 2003 Sony Corporation
OriginalFilename : NetMDSB.exe
Comments : MD Simple Burner

#:35 [smagent.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 1528
ThreadCreationTime : 05.10.2006 10:08:07
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:36 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 348
ThreadCreationTime : 05.10.2006 10:08:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:37 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 652
ThreadCreationTime : 05.10.2006 10:08:09
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:38 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2376
ThreadCreationTime : 05.10.2006 10:08:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:39 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 2516
ThreadCreationTime : 05.10.2006 10:08:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:40 [waol.exe]
FilePath : C:\Programme\AOL 9.0\
ProcessID : 3744
ThreadCreationTime : 05.10.2006 10:14:07
BasePriority : Normal

#:41 [shellmon.exe]
FilePath : C:\Programme\AOL 9.0\
ProcessID : 3980
ThreadCreationTime : 05.10.2006 10:14:12
BasePriority : Normal

#:42 [aoltpspd.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Aol\
ProcessID : 404
ThreadCreationTime : 05.10.2006 10:14:13
BasePriority : Normal
FileVersion : 1, 1, 1, 0
ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:43 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3304
ThreadCreationTime : 05.10.2006 10:23:44
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:44 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 564
ThreadCreationTime : 05.10.2006 10:40:21
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{202a961f-23ae-42b1-9505-ffe3c818d717}

Win32.Trojandownloader.Zlob Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{202a961f-23ae-42b1-9505-ffe3c818d717}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ingelore sitt@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:ingelore sitt@as1.falkag.de/
Expires : 04.12.2006 12:03:12
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ingelore sitt@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ingelore sitt@2o7.net/
Expires : 04.10.2011 12:03:32
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ingelore sitt@adtech[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:ingelore sitt@adtech.de/
Expires : 02.10.2016 11:54:56
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 5

Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Disk Scan Result for C:\DOKUME~1\INGELO~1\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Ingelore Sitt\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\automap\9.0\findmru
Description : list of recently used find queries used in microsoft automap-based products

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\automap\9.0\recent file list
Description : list of recently used files in microsoft automap-based products

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\office\8.0\excel\recent file list
Description : list of recent files used by microsoft excel

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-2076431261-552710833-2743496542-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

12:42:59 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:20.938
Objects scanned:96796
Objects identified:5
Objects ignored:0
New critical objects:5

Logfile of HijackThis v1.99.1
Scan saved at 12:54:47, on 05.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programme\SoftCodec\isamonitor.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\SoftCodec\isamini.exe
C:\PROGRA~1\0900WA~1\WARN0900.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\klickTel\klickTel Herbst 2006\KSTART32.EXE
C:\PROGRA~1\0900WA~1\w0svc.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
c:\Programme\Microsoft Works\MSWorks.exe
C:\Programme\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\SoftCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe
O4 - HKLM\..\Run: [0900 Warner] C:\PROGRA~1\0900WA~1\WARN0900.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: klickTel Herbst 2006 - Schnellstarter.lnk = C:\Programme\klickTel\klickTel Herbst 2006\KSTART32.EXE
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73237ADC-EC30-4BA2-9A86-BAF553918058}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4211BE8-1762-445D-B0AD-90804E5A528D}: NameServer = 192.168.120.252,192.168.120.253
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Mirko Böer - C:\PROGRA~1\0900WA~1\w0svc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.