Probleme mit W32.Sober.I@mm!enc

#16 Es reicht ja, wenn der Wurm im Anhang eines Mails gefunden wird. Hierzu musst Du nicht mal das Mail, geschweige denn das Attachment öffnen.
Diese Meldung bedeutet also nicht, dass auch eine Infektion vorliegt.

Säubere mal deine div. Ordner von überflüssigen Mails, leere den "Trash".
__________
Durchsuchen --> Aussuchen --> Untersuchen

#17 hab ich alles gemacht, allerdings kommt immer noch beim mails abrufen das nette pop-up.....

gibts da nicht ein patch oder irgendwie sowas?

#18 Hallo Leute, ich habe das gleich Problem mit dem Sober.
Habe alle Schritte gemacht die beschrieben worden sind.
Hijack, escan
habe auch SP2 XP und IESP1 installiert
trotzdem habe ich das Problem mit Norton. Hier meine Log-Angaben aus escan mit den infizierten Files+Hijack-Log

File C:\WINDOWS\System32\32RUNdll.exe infected by "Backdoor.Win32.Rbot.bg" Virus. Action Taken: No Action Taken.

File C:\WINDOWS\System32\navprotect.exe infected by "Backdoor.Win32.Rbot.gen" Virus.

File C:\WINDOWS\system32\cosine.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: No Action Taken.
--------------------------------------------------------

Logfile of HijackThis v1.99.0
Scan saved at 11:56:58, on 05.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\AntiVir\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
D:\AntiVir\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\TTTimer.exe
C:\Programme\ATI Technologies\HydraVision\HydraDM.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\TerraTec\Cinergy 600 TV\TTTVRC.exe
D:\AntiVir\AVGNT.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\navprotect.exe
C:\wampp2\mysql\bin\mysqld-nt.exe
C:\Programme\Norton Utilities\SYSDOC32.EXE
D:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\Programme\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\Programme\Speed Disk\nopdb.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
D:\WEBDE\SmartSurfer2.31\SmartSurfer.exe
C:\WINDOWS\system32\slrundll.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Tri Nhan\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0 Pro\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 6.0 Pro\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 6.0 Pro\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\WINDOWS\System32\TTTimer.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Programme\TerraTec\Cinergy 600 TV\TTTVRC.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\AntiVir\AVGNT.EXE /min
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\Run: [cosine] cosine.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [cosine] cosine.exe
O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKCU\..\Run: [cosine] cosine.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: Norton System Doctor.LNK = C:\Programme\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Stardock ObjectDock.lnk = D:\Programme\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Decompiler - E:\SWF Decompiler MX 2002 Pro\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - E:\SWF Decompiler MX 2002 Pro\InternetExplorer.htm (file missing)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - E:\SWF Decompiler MX 2002 Pro\InternetExplorer.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100641997654
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E2DC076-F3FE-40A2-937B-7E836DF877B3}: NameServer = 195.182.110.132 62.134.11.4
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - D:\AntiVir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - D:\AntiVir\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: MySql - Unknown - C:\wampp2\mysql\bin\mysqld-nt (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programme\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\Programme\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Was muss ich jetzt machen?

Danke für eure Hilfe

#19 Hallo@tschifu

Deaktivieren Wiederherstellung
«XP
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924

#Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"

Gehe in den abgesicherten Modus (F8 druecken, wenn der PC hochfaehrt)

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked"

O4 - HKLM\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\Run: [cosine] cosine.exe
O4 - HKLM\..\RunServices: [NAV Auto Protect] navprotect.exe
O4 - HKLM\..\RunServices: [cosine] cosine.exe
O4 - HKCU\..\Run: [NAV Auto Protect] navprotect.exe
O4 - HKCU\..\Run: [cosine] cosine.exe

loesche:
C:\WINDOWS\System32\32RUNdll.exe
C:\WINDOWS\System32\navprotect.exe
C:\WINDOWS\system32\cosine.exe

gehe wieder in den Normalmodus

#Trend-Micro (Online)
http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php

#BitDefender Scan
www.bitdefender.com/scan/Msie/index.php

dann scanne noch mal mit eScan, aktiviere wieder die Wiederherstellung

#Windows-Dienste abschalten"!
http://www.dingens.org/
http://www.ntsvcfg.de/kss_xp/kss_xp.html#smb
__________
MfG Sabina

rund um die PC-Sicherheit

#20 Danke Sabina, hat alles geklappt.
Keine komischen Alerts mehr von Norton.
Nur die Online Virenscans waren nicht erfolgreich, da ich wohl Firefox verwende.
Obwohl die meinen, es wäre auch mit Firefox kein Problem.
Naja, aber nach dem eScan war keine infizierte Datei gefunden.
Nochmals Danke und schöne Grüße nach Lissabon

#21 Also ich versuche es nochmal in diesem thread ;

Hallo ! kann vielleicht jemand mal meinen Log fil prüfen ich habe das mit HijackThis laufen lassen hier sind die Running processes,

Logfile of HijackThis v1.99.0
Scan saved at 13:43:08, on 07.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Programme\ahead\InCD\InCD.exe
C:\Programme\Norton Personal Firewall\IAMAPP.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Virtual CD\System\VCDTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Sierra Imaging\Image Expert\IXApplet.exe
C:\WINDOWS\EzDesk.exe
C:\Programme\CPUCooL\CooLSrv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\Fast.exe
C:\Programme\Norton Personal Firewall\NISSERV.EXE
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Norton Personal Firewall\ATRACK.EXE
C:\Programme\Internet Explorer\iexplore.exe
D:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ssvsayda.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://192.168.0.1:3128/ken2000.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.0.0.174:3128;http=192.0.0.174:3128;https=192.0.0.174:3128;socks=192.0.0.174:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BlockAds] blads.exe
O4 - HKCU\..\Run: [AIM] D:\Downloads\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BPMInit] BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
O4 - Startup: Camio Viewer.lnk = C:\Programme\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Startup: EzWare EzDesk.lnk = C:\WINDOWS\EzDesk.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft\MS Office XP\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\MSOFFI~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Downloads\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://192.168.0.1:3128/ken2000.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BAE3F3E-46F1-49AF-8A5F-701E2F577147}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{87BE70A3-5053-4683-81DB-44C3C7E201A2}: NameServer = 192.0.0.174
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7667C2F-B8C7-4EDB-9C10-74CF4D95AB46}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BAE3F3E-46F1-49AF-8A5F-701E2F577147}: NameServer = 192.168.0.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CPUCooLServer Service - Unknown - C:\Programme\CPUCooL\CooLSrv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Norton Personal Firewall Proxy Service - Symantec Corporation - C:\Programme\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Es wäre spitze wenn jemand mir helfen könnte !

MFG Marco

#22 Hallo@Marco Leichs

#öffne das HijackThis-->> Button "scan" -->>

O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"

Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

Lade die Killbox:
http://www.bleepingcomputer.com/files/killbox.php
<Delete File on Reboot
und klick auf das rote Kreuz,
wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

kopiere rein:
C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll

PC neustarten

Gehe in den abgesicherten Modus und loesche den kompletten Ordnerfalls er noch da ist)
C:\Programme\Gemeinsame Dateien\CMEII
__________
MfG Sabina

rund um die PC-Sicherheit

#23 Danke erstmal das du mir hilfst, nur ich habe die .exe schon mit HijackThis gefixt und dann im abgesicherten modus den Ordner gelöscht ! , Dann hast du hier noch was mit Kill bill dazu gefügt ! was ist das denn ? und funktioniert das überhaupt noch nach dem der ordner gelöscht ist !
gruss marco

#24 versuch mal alles in die Killbox zu kopieren, wenn es existiert, wird es angezeigt.
__________
MfG Sabina

rund um die PC-Sicherheit

#25 Nein das programm hat keiner der Dateien gefunden !

Soll ich dir den neuen logfile nochmal einstellen oder ist jetzt alles I.O. ??

Ps. was kann diese killbox alles ??? Für was kann man den Benutzen ??
(Bin nicht der Fachmann)

#26 Hallo@Marco Leichs

Mit der Killbox kann man Dateien loeschen.

Du kannst das neue Log vom HijackThis posten + dieses hier:
#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
__________
MfG Sabina

rund um die PC-Sicherheit

#27 Ad-Aware SE Build 1.05
Logfile Created on:Samstag, 8. Januar 2005 16:52:29
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
AltnetBDE(TAC index:4):50 total references
BrilliantDigital(TAC index:6):30 total references
Claria(TAC index:7):16 total references
Cydoor(TAC index:7):395 total references
DateMaker(TAC index:5):5 total references
DownloadWare(TAC index:8):29 total references
ePlugin(TAC index:5):1 total references
Lop(TAC index:7):2 total references
MainPean Dialer(TAC index:5):14 total references
NetworkEssentials(TAC index:7):40 total references
Possible Browser Hijack attempt(TAC index:3):71 total references
SCBAR(TAC index:3):70 total references
TopSearch(TAC index:5):2 total references
Tracking Cookie(TAC index:3):91 total references
WhenU(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


08.01.2005 16:52:29 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

______________________________________________________________

Logfile of HijackThis v1.99.0
Scan saved at 17:32:56, on 08.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Programme\ahead\InCD\InCD.exe
C:\Programme\Norton Personal Firewall\IAMAPP.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Virtual CD\System\VCDTray.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\EzDesk.exe
C:\Programme\CPUCooL\CooLSrv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Personal Firewall\NISUM.EXE
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\Fast.exe
C:\Programme\Norton Personal Firewall\NISSERV.EXE
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Norton Personal Firewall\ATRACK.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Norton AntiVirus\OPScan.exe
D:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ssvsayda.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://192.168.0.1:3128/ken2000.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.0.0.174:3128;http=192.0.0.174:3128;https=192.0.0.174:3128;socks=192.0.0.174:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [BlockAds] blads.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BPMInit] BpmInit.exe C:\PROGRA~1\ALCATech\BPM-ST~1
O4 - HKCU\..\Run: [AIM] D:\Downloads\AIM\aim.exe -cnetwait.odl
O4 - Startup: Camio Viewer.lnk = C:\Programme\Sierra Imaging\Image Expert\IXApplet.exe
O4 - Startup: EzWare EzDesk.lnk = C:\WINDOWS\EzDesk.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft\MS Office XP\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\MSOFFI~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Downloads\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://192.168.0.1:3128/ken2000.html
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BAE3F3E-46F1-49AF-8A5F-701E2F577147}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{87BE70A3-5053-4683-81DB-44C3C7E201A2}: NameServer = 192.0.0.174
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7667C2F-B8C7-4EDB-9C10-74CF4D95AB46}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3BAE3F3E-46F1-49AF-8A5F-701E2F577147}: NameServer = 192.168.0.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CPUCooLServer Service - Unknown - C:\Programme\CPUCooL\CooLSrv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Service - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Programme\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Norton Personal Firewall Proxy Service - Symantec Corporation - C:\Programme\Norton Personal Firewall\SymProxySvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe



Hier das Logfile !

Habe das ad ware programm durch meinen Rechner laufen lassen... und was brauchst du jetzt genau ?????

Danke für Hilfe

Marco Leich

#28 Hallo@Marco Leichs

Fixe mit dem HijackThis:
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx

neustarten

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1

scannen, neustarten und dann poste bitte das komplete Log vom Scann
__________
MfG Sabina

rund um die PC-Sicherheit

#29 das ist aber ziemlich lang ! ich hoffe ich mach das richtige !

Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 9. Januar 2005 11:35:03
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
AltnetBDE(TAC index:4):35 total references
BrilliantDigital(TAC index:6):27 total references
Claria(TAC index:7):13 total references
Cydoor(TAC index:7):394 total references
DateMaker(TAC index:5):5 total references
DownloadWare(TAC index:8):28 total references
MainPean Dialer(TAC index:5):14 total references
MRU List(TAC index:0):54 total references
NetworkEssentials(TAC index:7):37 total references
Possible Browser Hijack attempt(TAC index:3):71 total references
SCBAR(TAC index:3):67 total references
Tracking Cookie(TAC index:3):37 total references
WhenU(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09.01.2005 11:35:03 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 468
ThreadCreationTime : 09.01.2005 10:32:43
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 09.01.2005 10:32:45
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 09.01.2005 10:32:47
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 09.01.2005 10:32:47
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 09.01.2005 10:32:47
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 09.01.2005 10:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 936
ThreadCreationTime : 09.01.2005 10:32:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1068
ThreadCreationTime : 09.01.2005 10:32:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1140
ThreadCreationTime : 09.01.2005 10:32:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1204
ThreadCreationTime : 09.01.2005 10:32:49
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:11 [ccsetmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1232
ThreadCreationTime : 09.01.2005 10:32:49
BasePriority : Normal
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [spbbcsvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\
ProcessID : 1244
ThreadCreationTime : 09.01.2005 10:32:49
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1276
ThreadCreationTime : 09.01.2005 10:32:50
BasePriority : Normal
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1432
ThreadCreationTime : 09.01.2005 10:32:50
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [taskswitch.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1572
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal


#:16 [em_exec.exe]
FilePath : C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\
ProcessID : 1592
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal
FileVersion : 9.73.243
ProductVersion : 9.73
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2002.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:17 [vcdplay.exe]
FilePath : C:\PROGRA~1\VIRTUA~1\System\
ProcessID : 1600
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal
FileVersion : 4, 5, 0, 0
ProductVersion : 4, 5, 0, 0
ProductName : Virtual CD v4
CompanyName : H+H Software GmbH
FileDescription : Virtual CD v4.5 - Player
InternalName : VCDPlay
LegalCopyright : Copyright (C) 2001-2002 by H+H Software GmbH
OriginalFilename : VCDPlay.EXE

#:18 [ghoststarttrayapp.exe]
FilePath : C:\Programme\Norton SystemWorks\Norton Ghost\
ProcessID : 1612
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
LegalCopyright : Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartTrayApp.exe

#:19 [incd.exe]
FilePath : C:\Programme\ahead\InCD\
ProcessID : 1628
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal
FileVersion : 3.37.0
ProductVersion : 3.37.0
ProductName : InCD
CompanyName : Copyright (C) ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright (C) ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:20 [iamapp.exe]
FilePath : C:\Programme\Norton Personal Firewall\
ProcessID : 1652
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal


#:21 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 1684
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [hpqwrg.exe]
FilePath : C:\Programme\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 1692
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal


#:23 [usrprmpt.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\
ProcessID : 1732
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Helper
InternalName : UsrPrmpt.dll
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : UsrPrmpt.dll

#:24 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 1740
ThreadCreationTime : 09.01.2005 10:32:53
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:25 [ccapp.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1760
ThreadCreationTime : 09.01.2005 10:32:54
BasePriority : Normal
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:26 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1792
ThreadCreationTime : 09.01.2005 10:32:54
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:27 [hpobnz08.exe]
FilePath : C:\Programme\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1900
ThreadCreationTime : 09.01.2005 10:32:54
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBNZ08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOBNZ08.EXE
Comments : HP OfficeJet <Banzai> Series COM Device Objects

#:28 [hpotdd01.exe]
FilePath : C:\Programme\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 1920
ThreadCreationTime : 09.01.2005 10:32:54
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe

#:29 [ixapplet.exe]
FilePath : C:\Programme\Sierra Imaging\Image Expert\
ProcessID : 1952
ThreadCreationTime : 09.01.2005 10:32:55
BasePriority : Normal
FileVersion : 1.9.1 (375)
ProductVersion : 1.9.1 (375)
ProductName : Camio Viewer
CompanyName : Sierra Imaging
FileDescription : Camio Viewer
InternalName : IXApplet
LegalCopyright : Copyright © 1995-2001
OriginalFilename : TASK.EXE

#:30 [ezdesk.exe]
FilePath : C:\WINDOWS\
ProcessID : 1984
ThreadCreationTime : 09.01.2005 10:32:55
BasePriority : Normal
FileVersion : 1.8
ProductVersion : 1.8
ProductName : EzDesk
CompanyName : EzWare Technology
FileDescription : EzDesk for Windows 95/NT 4.0
InternalName : EzDesk
LegalCopyright : Copyright© 1995-1997 Melissa Nguyen. All rights reserved.
LegalTrademarks : EzDesk, EzTask, EzWare,EzStart,EzExit,EzRun,EzIcons,EzRegistry,EzAutorun,EzWindow
OriginalFilename : EzDesk.exe
Comments : Inspired by my sons Trung, Ti'n, and Tua^'n Nguye^~n

#:31 [hpoevm08.exe]
FilePath : C:\Programme\Hewlett-Packard\Digital Imaging\bin\
ProcessID : 2044
ThreadCreationTime : 09.01.2005 10:32:56
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

#:32 [coolsrv.exe]
FilePath : C:\Programme\CPUCooL\
ProcessID : 252
ThreadCreationTime : 09.01.2005 10:32:57
BasePriority : Normal


#:33 [ghosts~2.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\
ProcessID : 276
ThreadCreationTime : 09.01.2005 10:32:57
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe

#:34 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\
ProcessID : 372
ThreadCreationTime : 09.01.2005 10:32:57
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:35 [navapsvc.exe]
FilePath : C:\Programme\Norton AntiVirus\
ProcessID : 424
ThreadCreationTime : 09.01.2005 10:32:57
BasePriority : Normal
FileVersion : 11.0.1.3
ProductVersion : 11.0.1
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:36 [nisum.exe]
FilePath : C:\Programme\Norton Personal Firewall\
ProcessID : 508
ThreadCreationTime : 09.01.2005 10:32:57
BasePriority : Normal
FileVersion : 4.0.1.91
ProductVersion : 4.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Stats
LegalCopyright : Copyright (c) 2001 Symantec Corporation

#:37 [nprotect.exe]
FilePath : C:\Programme\Norton SystemWorks\Norton Utilities\
ProcessID : 736
ThreadCreationTime : 09.01.2005 10:32:58
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:38 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1064
ThreadCreationTime : 09.01.2005 10:32:59
BasePriority : Normal
FileVersion : 6.13.10.4072
ProductVersion : 6.13.10.4072
ProductName : NVIDIA Driver Helper Service, Version 40.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 40.72
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:39 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ProcessID : 1512
ThreadCreationTime : 09.01.2005 10:33:00
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright (C) 2002
OriginalFilename : NOPDB.dll

#:40 [vcdtray.exe]
FilePath : C:\Programme\Virtual CD\System\
ProcessID : 1132
ThreadCreationTime : 09.01.2005 10:33:01
BasePriority : Normal
FileVersion : 4, 5, 0, 0
ProductVersion : 4, 5, 0, 0
ProductName : Virtual CD
CompanyName : H+H Software GmbH
FileDescription : Virtual CD v4.5 - Quick Start Utility
InternalName : VTSTray
LegalCopyright : Copyright © 2000-2002 by H+H Software GmbH
OriginalFilename : VTSTray.exe

#:41 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1672
ThreadCreationTime : 09.01.2005 10:33:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:42 [symlcsvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\
ProcessID : 1712
ThreadCreationTime : 09.01.2005 10:33:02
BasePriority : Normal
FileVersion : 1, 8, 54, 419
ProductVersion : 1, 8, 54, 419
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:43 [symproxysvc.exe]
FilePath : C:\Programme\Norton Personal Firewall\
ProcessID : 2020
ThreadCreationTime : 09.01.2005 10:33:05
BasePriority : Normal
FileVersion : 4.0.1.91
ProductVersion : 4.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Transparent Proxy Server
LegalCopyright : Copyright (c) 2001 Symantec Corporation

#:44 [fast.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2140
ThreadCreationTime : 09.01.2005 10:33:07
BasePriority : Normal
FileVersion : 5.1.3564.0 (Lab06_DEV(lamadio).011003-1729)
ProductVersion : 5.1.3564.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Super Fast User Switcher
InternalName : Fast
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Fast.EXE

#:45 [nisserv.exe]
FilePath : C:\Programme\Norton Personal Firewall\
ProcessID : 2152
ThreadCreationTime : 09.01.2005 10:33:07
BasePriority : Normal
FileVersion : 4.0.1.91
ProductVersion : 4.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IAMSERV.EXE
LegalCopyright : Copyright (c) 2001 Symantec Corporation

#:46 [hposts08.exe]
FilePath : C:\Programme\Hewlett-Packard\Digital Imaging\Bin\
ProcessID : 2672
ThreadCreationTime : 09.01.2005 10:33:32
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

#:47 [atrack.exe]
FilePath : C:\Programme\Norton Personal Firewall\
ProcessID : 2828
ThreadCreationTime : 09.01.2005 10:33:39
BasePriority : Normal
FileVersion : 4.0.1.91
ProductVersion : 4.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Alert Tracker
LegalCopyright : Copyright (c) 2001 Symantec Corporation

#:48 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3460
ThreadCreationTime : 09.01.2005 10:34:56
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\altnet
Value : SharedMediaDir

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\brilliant digital entertainment

BrilliantDigital Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : DisplayName

BrilliantDigital Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bdeplayer
Value : UnInstallString

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : uets

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMI

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : LastInstall

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : PAK

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SSeq

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SEvt

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\cydoor
Value : ConnType

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\cydoor services

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : AdwrCnt

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : C:\Programme\Babylon\babylon.exe

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : C:\Programme\Kazaa\kazaa.exe

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\cydoor
Value : ConnType

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\cydoor services

DateMaker Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\siteicons\dialers

DateMaker Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\siteicons\dialers

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{85a702ba-ea8f-4b83-aa07-07a5186acd7e}

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{85a702ba-ea8f-4b83-aa07-07a5186acd7e}
Value :

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}
Value :

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\downloadware

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\downloadware

DownloadWare Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\webinstall

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\webinstall
Value : Filename

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\webinstall
Value : Version

DownloadWare Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\\software\webinstall
Value : Guid

MainPean Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : Pre

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : PreNumber

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : DeviceName

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : Country

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : Language

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : Machine

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : InstallFlags

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : PassFlags

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial
Value : Password

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}
Value :

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42dc659-33b5-409e-a433-650ac42ecca4}

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42dc659-33b5-409e-a433-650ac42ecca4}
Value :

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}
Value :

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sp.smartpops

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sp.smartpops
Value :

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sp.smartpops.1

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sp.smartpops.1
Value :

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{fa777197-4bf7-4aa9-a088-a0d803198de0}

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : Register

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : Guid

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : Version

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : MDM

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : LMDM

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : LastUpdate

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : CfgVersion

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : CookieDomain

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : DyStart

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : SeStart

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : nSeT

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : nSeG

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : nSeLC

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : nDyT

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : nDyG

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : nDyLC

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : LastTime

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\hopper
Value : LastType

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\webinstall

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\webinstall
Value : Filename

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\webinstall
Value : Version

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-839522115-1060284298-1003\software\webinstall
Value : Guid

NetworkEssentials Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\downloadware

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\downloadware
Value : UninstallString

NetworkEssentials Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\downloadware
Value : DisplayName

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{49de8655-4d15-4536-b67c-2aa6c1106740}

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{49de8655-4d15-4536-b67c-2aa6c1106740}
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9368d063-44be-49b9-bd14-bb9663fd38fc}

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9368d063-44be-49b9-bd14-bb9663fd38fc}
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1eb48aa7-d3fe-4e4c-ac8e-b01594496ac0}

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1eb48aa7-d3fe-4e4c-ac8e-b01594496ac0}
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42bd9965-303d-4cfb-aae0-dcadcb791a55}

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42bd9965-303d-4cfb-aae0-dcadcb791a55}
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f5f0a448-2bcd-459e-8743-c39154ee1ca8}

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f5f0a448-2bcd-459e-8743-c39154ee1ca8}
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{a8f92c35-530b-4907-922c-ce31d4b6b14a}

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.webbho

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.webbho
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.webbho.1

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.webbho.1
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.webcommand

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.webcommand
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.webcommand.1

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.webcommand.1
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.websearch

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.websearch
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.websearch.1

SCBAR Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : webcom.websearch.1
Value :

SCBAR Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}

SCBAR Object Recognized!
Type : RegValue
Data :
Cate

#30 Hallo@Marco Leichs

#eScan-Erkennungstool[/u]
http://www.rokop-security.de/board/index.php?showtopic=3867
erstelle den Ordner c:\bases
mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen

gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml

und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->und "Scan " klicken.

mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein



jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
und ganz unten steht die zusammenfassung, diese auch hier posten
__________
MfG Sabina

rund um die PC-Sicherheit