Logfile created: 09.01.2011 11:54:45 Ad-Aware version: 9.0.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: Mariya *********************** Definitions database information *********************** Lavasoft definition file: 150.215 Genotype definition file version: 2010/12/22 17:00:32 Extended engine definition file: 7816.0 ******************************** Scan results: ********************************* Scan profile name: Vollständiger Scan (ID: full) Objects scanned: 69113 Objects detected: 27 Type Detected ========================== Processes.......: 0 Registry entries: 1 Hostfile entries: 0 Files...........: 2 Folders.........: 0 LSPs............: 0 Cookies.........: 24 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0 Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0 Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0 Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0 Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0 Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0 Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0 Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0 Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0 Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0 Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0 Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0 Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0 Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0 Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0 Description: *questionmarket* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408819 Family ID: 0 Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0 Description: *tribalfusion* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408785 Family ID: 0 Description: zedo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408736 Family ID: 0 Quarantined items: Description: c:\programme\dsnet corp\atube catcher 1.0\atc_lvr.exe Family Name: Win32.TrojanPWS.VB Engine: 1 Clean status: Success Item ID: 0 Family ID: 1464 MD5: b6dc45e0363ebcec46c591a6ba4a7bf9 Description: d:\programme\999_roses.exe Family Name: Win32.Backdoor.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 795 MD5: 38ca55c7c695e14bc80cfa46c80d64b3 Description: HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:Userinit Family Name: Win32.Backdoor.Agent Engine: 1 Clean status: Success Item ID: 28364 Family ID: 795 Scan and cleaning complete: Finished correctly after 5184 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Vollständiger Scan ID: folderstoscan, enabled:1, value: C:\,D:\,G:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: licenseandinfo, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Dec 26 18:27:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Dec 26 00:27:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Dec 26 06:27:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Dec 26 12:27:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Dec 26 18:27:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: deffiles, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language ID: autoentertainmentmode, enabled:1, value: false ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: false ID: usespywareheuristics, enabled:1, value: false ID: maintainbackup, enabled:1, value: false ID: modules, enabled:1 ID: processprotection, enabled:0, value: false ID: onaccessprotection, enabled:0, value: false ID: registryprotection, enabled:0, value: true ID: networkprotection, enabled:0, value: true ****************************** System information ****************************** Computer name: M-D47B3CCC46E34 Processor name: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz Processor identifier: x86 Family 6 Model 15 Stepping 13 Processor speed: ~1596MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 570621952 bytes Physical memory total: 1071763456 bytes Virtual memory available: 1892274176 bytes Virtual memory total: 2147352576 bytes Memory load: 46% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 780 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 852 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 884 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 928 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 940 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1128 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1196 name: C:\WINDOWS\system32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 1340 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1452 name: C:\WINDOWS\system32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 1536 name: C:\WINDOWS\system32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 1688 name: C:\WINDOWS\System32\WLTRYSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT PID: 1764 name: C:\WINDOWS\System32\bcmwltry.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1864 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1928 name: C:\Programme\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1996 name: C:\WINDOWS\system32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 300 name: C:\Programme\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 340 name: C:\WINDOWS\system32\FsUsbExService.Exe owner: SYSTEM domain: NT-AUTORITÄT PID: 432 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 576 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 856 name: C:\Programme\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1780 name: C:\WINDOWS\System32\alg.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 1920 name: C:\WINDOWS\Explorer.EXE owner: Mariya domain: M-D47B3CCC46E34 PID: 2264 name: C:\Programme\Avira\AntiVir Desktop\avgnt.exe owner: Mariya domain: M-D47B3CCC46E34 PID: 2340 name: C:\WINDOWS\vsnpstd3.exe owner: Mariya domain: M-D47B3CCC46E34 PID: 2480 name: C:\Programme\FreePDF_XP\fpassist.exe owner: Mariya domain: M-D47B3CCC46E34 PID: 2500 name: C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe owner: Mariya domain: M-D47B3CCC46E34 PID: 4028 name: C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Mariya domain: M-D47B3CCC46E34 PID: 3956 name: C:\Programme\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3164 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 656 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2364 name: C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe owner: Mariya domain: M-D47B3CCC46E34 Startup items: Name: NvCplDaemon imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup Name: avgnt imagepath: "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min Name: NPSStartup Name: snpstd3 imagepath: C:\WINDOWS\vsnpstd3.exe Name: FreePDF Assistant imagepath: C:\Programme\FreePDF_XP\fpassist.exe Name: Ad-Watch imagepath: C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: CTFMON.EXE imagepath: C:\WINDOWS\system32\CTFMON.EXE Name: RestorPoint.exe imagepath: C:\RestorPoint\RestorPoint.exe Name: imagepath: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Name: imagepath: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: Alerter displayname: Warndienst Name: ALG displayname: Gatewaydienst auf Anwendungsebene Name: AntiVirSchedulerService displayname: Avira AntiVir Planer Name: AntiVirService displayname: Avira AntiVir Guard Name: AudioSrv displayname: Windows Audio Name: CryptSvc displayname: CryptSvc Name: DcomLaunch displayname: DCOM-Server-Prozessstart Name: Dhcp displayname: DHCP-Client Name: dmserver displayname: Verwaltung logischer Datenträger Name: Dnscache displayname: DNS-Client Name: ERSvc displayname: Fehlerberichterstattungsdienst Name: Eventlog displayname: Ereignisprotokoll Name: EventSystem displayname: COM+-Ereignissystem Name: FastUserSwitchingCompatibility displayname: Kompatibilität für schnelle Benutzerumschaltung Name: FsUsbExService displayname: FsUsbExService Name: helpsvc displayname: Hilfe und Support Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Arbeitsstationsdienst Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP-NetBIOS-Hilfsprogramm Name: Netman displayname: Netzwerkverbindungen Name: Nla displayname: NLA (Network Location Awareness) Name: NVSvc displayname: NVIDIA Display Driver Service Name: PlugPlay displayname: Plug & Play Name: PolicyAgent displayname: IPSEC-Dienste Name: ProtectedStorage displayname: Geschützter Speicher Name: RasMan displayname: RAS-Verbindungsverwaltung Name: RemoteRegistry displayname: Remote-Registrierung Name: RpcSs displayname: Remoteprozeduraufruf (RPC) Name: SamSs displayname: Sicherheitskontenverwaltung Name: Schedule displayname: Taskplaner Name: seclogon displayname: Secondary Logon Name: SENS displayname: Systemereignisbenachrichtigung Name: SharedAccess displayname: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung Name: ShellHWDetection displayname: Shellhardwareerkennung Name: Spooler displayname: Druckwarteschlange Name: srservice displayname: Systemwiederherstellungsdienst Name: SSDPSRV displayname: SSDP-Suchdienst Name: stisvc displayname: Windows-Bilderfassung (WIA) Name: TapiSrv displayname: Telefonie Name: TermService displayname: Terminaldienste Name: Themes displayname: Designs Name: TrkWks displayname: Überwachung verteilter Verknüpfungen (Client) Name: W32Time displayname: Windows-Zeitgeber Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows-Verwaltungsinstrumentation Name: wltrysvc displayname: Dell Wireless WLAN Tray Service Name: wscsvc displayname: Sicherheitscenter Name: wuauserv displayname: Automatische Updates