I have an extremely stubborn spyware or malware problem, Spybot S&D finds after cleanup/fixing and following online connection again and again EffectiveBandToolbar + FindSpy.A
Would you be so kind to check my logs please? First off HijackThis, but I am also attaching the logs for Ad-Aware and Startdreck, in case they help (I don't mean to overload you).
WinPatrol also pops up with this message at odd times: "WinPatrol has detected commands have been added to the file wininit.ini These Commands will be executed on the next reboot." I clicked View:
NUL=C:\Windows\tempor~1\content.IE5\index.dat
NUL=:\Windows\cookies\index.dat
Anything malicious here?
Any assistance you can give would be greatly appreciated Best regards, a-lil-lost (& desperate) [sorry about the length of this post]
Logfile of HijackThis v1.99.1Scan saved at 08:44:44, on 07/07/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\SECURITY\FIREWALL SYGATE\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\PROGRAMME\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\LOADQM.EXE
D:\SECURITY\ANTIVIRUS\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
D:\SECURITY\DOWNLOADS\WINPATROL\WINPATROL.EXE
D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINJAM.EXE
D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSMONITOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPOPUP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAMME\MICROSOFT OFFICE\WORD2000\OFFICE\WINWORD.EXE
D:\SECURITY\DOWNLOADS\HIJACKTHIS NEW\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\empty\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SECURITY\ANTISP~1\SPYBOT\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &WINSWEEP Toolbar - {E915E62E-41DA-40D0-8106-3438B4D24394} - D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\SURFBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [InstantAccess] D:\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] D:\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\SECURITY\ANTIVIRUS\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SmcService] D:\SECURITY\FIREWA~2\SMC.EXE -startgui
O4 - HKLM\..\Run: [WinPatrol] D:\SECURITY\DOWNLOADS\WINPATROL\winpatrol.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] D:\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [SmcService] D:\SECURITY\FIREWALL SYGATE\SMC.EXE
O4 - HKCU\..\Run: [TClockEx] D:\DOWNLOADS\TCLOCK\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [WINSWEEP Reklameblockierung] D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\winjam.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSWEEP] D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINSWEEP.Exe /AUTO
O4 - HKCU\..\Run: [WINSWEEP Popupblocker] D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPopup.Exe /STEP1
O4 - Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Word2000\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
[I uninstalled MSN Messenger, should I erase this entry too?]
* * * * * * * * * * * * *
Ad-Aware SE Build 1.05
Logfile Created on:07 July 2005 08:24:12
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
07-07-05 08:24:12 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\WINDOWS\Anwendungsdaten\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\explorer\doc find spec mru
Description : list of recently used search terms for locating files using the microsoft windows operating system
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293869235
Threads : 8
Priority : High
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294928939
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294933979
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294918895
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294961867
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [SMC.EXE]
FilePath : D:\SECURITY\FIREWALL SYGATE\
ProcessID : 4294946735
Threads : 17
Priority : Normal
FileVersion : 5.5.00.2710
ProductVersion : 5.5.00.2710
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE
#:7 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294957079
Threads : 5
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Betriebssystem Microsoft® Windows NT®
CompanyName : Microsoft Corporation
FileDescription : Windows-Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
#:8 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294537279
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : DFÜ-Netzwerk-Programm
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : RNAAPP.EXE
#:9 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294554655
Threads : 5
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows® Telefonieserver
InternalName : Telefoniedienst
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:10 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294448535
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:11 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294471695
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Systemanwendung für Taskleiste
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:12 [INSTANTACCESS.EXE]
FilePath : D:\TEXTBRIDGE CLASSIC 2.0\BIN\
ProcessID : 4294490875
Threads : 1
Priority : Normal
#:13 [EM_EXEC.EXE]
FilePath : C:\PROGRAMME\MOUSE\SYSTEM\
ProcessID : 4294507407
Threads : 1
Priority : Normal
FileVersion : 9.24.80
ProductVersion : 9.24
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2000.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team
#:14 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294655371
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE
#:15 [AVGCTRL.EXE]
FilePath : D:\SECURITY\ANTIVIRUS\
ProcessID : 4294447019
Threads : 3
Priority : Normal
#:16 [QTTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294641391
Threads : 2
Priority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe
#:17 [INTERNAT.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294681319
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Sprachanzeigeprogramm
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : INTERNAT.EXE
#:18 [WINPATROL.EXE]
FilePath : D:\SECURITY\DOWNLOADS\WINPATROL\
ProcessID : 4294453295
Threads : 1
Priority : Normal
FileVersion : 9, 5, 0, 1
ProductVersion : 9.5.0.1
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.
#:19 [WINJAM.EXE]
FilePath : D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\
ProcessID : 4294447211
Threads : 2
Priority : Normal
FileVersion : 1.05.0002
ProductVersion : 1.05.0002
ProductName : WINJAM
CompanyName : Software-Entwicklung Frank-Oliver Dzewas
FileDescription : Reklameblockierung für den Internet-PC
InternalName : WinJam
LegalCopyright : Copyright © 2003-2004 Software-Entwicklung Frank-Oliver Dzewas
LegalTrademarks : WINJAM
OriginalFilename : WinJam.exe
#:20 [WSMONITOR.EXE]
FilePath : D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\
ProcessID : 4294269819
Threads : 2
Priority : Normal
FileVersion : 3.03.0004
ProductVersion : 3.03.0004
ProductName : WINSWEEP
InternalName : WSMonitor
LegalCopyright : © 2003-2004 Software-Entwicklung Frank-Oliver Dzewas
LegalTrademarks : WINSWEEP
OriginalFilename : WSMonitor.Exe
#:21 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294263455
Threads : 4
Priority : Realtime
FileVersion : 4.06.02.0436
ProductVersion : 4.06.02.0436
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : ddhelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-1999
OriginalFilename : ddhelp.exe
#:22 [WSPOPUP.EXE]
FilePath : D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\
ProcessID : 4294686135
Threads : 1
Priority : Normal
FileVersion : 1.00.0057
ProductVersion : 1.00.0057
ProductName : WINSWEEP
CompanyName : Software-Entwicklung Frank-Oliver Dzewas
FileDescription : Popup-Blocker für den Internet-Explorer
InternalName : WSPopup
LegalCopyright : © 2003-2004 Software-Entwicklung Frank-Oliver Dzewas
LegalTrademarks : WINSWEEP
OriginalFilename : WSPopup.exe
#:23 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294219115
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:24 [AD-AWARE.EXE]
FilePath : D:\SECURITY\DOWNLOADS\_AD AWARE SE PERS 1.05\AD-AWARE SE PERSONAL\
ProcessID : 4294657575
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (d:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for d:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (e:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for e:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 4
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
08:30:59 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:47.160
Objects scanned:52937
Objects identified:0
Objects ignored:0
New critical objects:0
* * * * * * * * * * * * *
StartDreck (build 2.1.7 public stable) - 2005-07-07 @ 08:47:57 (GMT +01:00)
Platform: Windows 98 (Win 4.10.1998 )
Internet Explorer: 6.0.2800.1106
Logged in as FM at G3V3Z6
»Registry
»Run Keys
»Current User
»Run
*TClockEx=D:\DOWNLOADS\TCLOCK\TCLOCKEX\TCLOCKEX.EXE
*WINSWEEP Reklameblockierung=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\winjam.exe
*MsnMsgr="C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
*WINSWEEP=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINSWEEP.Exe /AUTO
*WINSWEEP Popupblocker=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPopup.Exe /STEP1
»RunOnce
»Default User
»Run
*TClockEx=D:\DOWNLOADS\TCLOCK\TCLOCKEX\TCLOCKEX.EXE
*WINSWEEP Reklameblockierung=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\winjam.exe
*MsnMsgr="C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
*WINSWEEP=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINSWEEP.Exe /AUTO
*WINSWEEP Popupblocker=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPopup.Exe /STEP1
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*AtiPTA=Atiptaxx.exe
*InstantAccess=D:\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
*RegisterDropHandler=D:\TEXTBR~1.0\BIN\REGIST~1.EXE
*AtiQiPcl=AtiQiPcl.exe
*mdac_runonce=C:\WINDOWS\SYSTEM\runonce.exe
*EM_EXEC=C:\PROGRA~1\MOUSE\SYSTEM\EM_EXEC.EXE
*LoadQM=loadqm.exe
*AVGCtrl=D:\SECURITY\ANTIVIRUS\AVGCTRL.EXE /min
*QuickTime Task="C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*internat.exe=internat.exe
*SmcService=D:\SECURITY\FIREWA~2\SMC.EXE -startgui
*WinPatrol=D:\SECURITY\DOWNLOADS\WINPATROL\winpatrol.exe
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
*RegisterDropHandler=D:\TEXTBR~1.0\BIN\REGIST~1.EXE
*SmcService=D:\SECURITY\FIREWALL SYGATE\SMC.EXE
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="D:\SECURITY\ANTI SPY\SPYBOT\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.html
*htmlfile="C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=D:\SECURITY\ANTISP~1\SPYBOT\SPYBOT~1\SDHELPER.DLL
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk
»Default User
*C:\WINDOWS\Startmenü\Programme\Autostart\Microsoft Office.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\wininit.bak
*C:\WINDOWS\hosts
»System/Drivers
»Running Processes
+FFEF3EB3=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF6A2B=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF7DDB=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF42EF=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFFEACB=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFFAFAF=D:\SECURITY\FIREWALL SYGATE\SMC.EXE
+FFFFD817=C:\WINDOWS\EXPLORER.EXE
+FFF9703F=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFF9B41F=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFF81597=C:\WINDOWS\TASKMON.EXE
+FFF8700F=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFF8BAFB=D:\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
+FFF8FB8F=C:\PROGRAMME\MOUSE\SYSTEM\EM_EXEC.EXE
+FFFB3D8B=C:\WINDOWS\LOADQM.EXE
+FFF80FAB=D:\SECURITY\ANTIVIRUS\AVGCTRL.EXE
+FFFB06EF=C:\WINDOWS\SYSTEM\QTTASK.EXE
+FFFBA2E7=C:\WINDOWS\SYSTEM\INTERNAT.EXE
+FFF8282F=D:\SECURITY\DOWNLOADS\WINPATROL\WINPATROL.EXE
+FFF8106B=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WINJAM.EXE
+FFF55B7B=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSMONITOR.EXE
+FFF5429F=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFFBB5B7=D:\SECURITY\WINSWEEP334\WINSWEEP3\WINSWEEP\WSPOPUP.EXE
+FFF4956B=C:\WINDOWS\SYSTEM\SPOOL32.EXE
+FFF50217=D:\SECURITY\DOWNLOADS\_START DRECK\STARTDRECK\STARTDRECK.EXE
»NT Services
»Application specific