Trojaner Winad, bitte um Hilfe

#0
01.01.2005, 21:20
...neu hier

Beiträge: 7
#1 Hallo.Scanner haben mir Trojaner gemeldet,u.a. Winad Client.Hab TrojaHunter benutzt und gelöscht was ging.Nun meldet das Tool wieder clean,aber da ich nen ziemlicher Laie bin,bin ich nicht sicher ob's tatsächlich passt.Hab nun hier von nem Tool Hijack This gelesen und es benutzt.Hier das Logfile,kann mir einer was dazu sagen plz?Wie sieht es aus und was soll ich weiter tun?

Logfile of HijackThis v1.99.0
Scan saved at 21:04:07, on 01.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\DirectCD.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\WINDOWS\PL15Co2K.exe
D:\Acronis True Image\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HotFixQ0306270.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
C:\WINDOWS\System32\wuauclt.exe
H:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [OSD] C:\Programme\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "D:\Acronis True Image\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [uirgaxbe] C:\WINDOWS\System32\utdszzet.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [THGuard] "H:\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Mountit.lnk = D:\Programme\Roxio\WinOnCD 6 DVD\MountIt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {A4E622F2-E8B8-4D8A-85BF-BEF80767C7C4} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {103DFAE7-50CC-41FC-9D57-1A4BCA0DFD87} (Upload Control) - https://img.web.de/v/mail/mms/activex/mms_upload_1104.cab
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://hot.thebugs.ws/fav.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d4c187b953bfb46fe45546
26d075fefdb4aaa4e292b973e4688460fa418acc5432fa0e3daa24c11a9993cee59d
390a11011233779686216654b511e5af9ef1:ef6809508de57060f0dd3f5553147fe9
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13b7a2b432ae828a6506/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093210330906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8E93275-D2DC-48C2-82C1-702A0977B65E}: NameServer = 217.237.151.225 217.237.150.225
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prolific HotFix Q0306270 - Unknown - C:\WINDOWS\System32\HotFixQ0306270.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - D:\Programme\Sygate\SPF\smc.exe
O23 - Service: Speed Disk service - Acronis - (no file)
Dieser Beitrag wurde am 01.01.2005 um 23:10 Uhr von Sabina editiert.
Seitenanfang Seitenende
01.01.2005, 23:09
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@cdolphin

#eScan
ftp://mwti.matrix.lv/download/tools/

erstelle den Ordner c:\bases
mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [uirgaxbe] C:\WINDOWS\System32\utdszzet.exe
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://hot.thebugs.ws/fav.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d4c187b953bfb46fe4554626d075f efdb4aaa4e292b973e4688460fa418acc5432fa0e3daa24c11a9993cee59d390a110112337796862
16654b511e5af9ef1:ef6809508de57060f0dd3f5553147fe9
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13b7a2b432ae828a6506/netzip/RdxIE601_de.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

PC neustarten
gehe in den abgesicherten Modus

http://www.tu-berlin.de/www/software/virus/savemode.shtml

Loesche:
C:\WINDOWS\System32\utdszzet.exe

Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k


und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->und "Scan " klicken.

poste dann bitte das Scanlog vom eScan (deleted) sowie das neue Log vom HijackThis.
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 01.01.2005 um 23:13 Uhr von Sabina editiert.
Seitenanfang Seitenende
02.01.2005, 00:45
...neu hier

Themenstarter

Beiträge: 7
#3 Also schon mal danke für deine Antwort.Habe mich bemüht deine Ratschläge auszuführen (schwitz,bin doch Amateur).Was nicht geklappt hat war das Starten im abgesicherten Modus--->Bildschirm bleibt schwarz mit blinkendem Cursor und nix geht mehr.Starten geht nur im normalen Modus.Wieso??Kann deinen Vorschlag also auch im normalen Modus ausführen evtl.(löschen von C:\WINDOWS\System32\utdszzet.exe)?
Und nun die Logfiles:
escan
Sun Jan 02 00:33:36 2005 => **********************************************************
Sun Jan 02 00:33:36 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 00:33:36 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 00:33:36 2005 => **********************************************************
Sun Jan 02 00:33:36 2005 => Version 4.1.9
Sun Jan 02 00:33:36 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 00:33:37 2005 => Latest Date of files inside MWAV: 02 Jan 2005 01:02:06.
Sun Jan 02 00:33:38 2005 => AV Library Loaded...
Sun Jan 02 00:33:38 2005 => Scanning File C:\bases\kavss.exe
Sun Jan 02 00:33:38 2005 => Scanning File C:\bases\Getvlist.exe
Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\kavss.dll
Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\kavssdi.dll
Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\kavssi.dll
Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\kavvlg.dll
Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\msvlclnt.dll
Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\ipc.dll
Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\main.avi
Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\virus.avi
Sun Jan 02 00:33:39 2005 => Virus Database Date: 2005/01/02
Sun Jan 02 00:33:39 2005 => Virus Database Count: 114553

Sun Jan 02 00:33:56 2005 => **********************************************************
Sun Jan 02 00:33:56 2005 => eScan AntiVirus Toolkit Utility.
Sun Jan 02 00:33:56 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sun Jan 02 00:33:56 2005 =>
Sun Jan 02 00:33:56 2005 => Support: support@mwti.net
Sun Jan 02 00:33:56 2005 => Web: http://www.mwti.net
Sun Jan 02 00:33:56 2005 => **********************************************************
Sun Jan 02 00:33:56 2005 => Version 4.1.9
Sun Jan 02 00:33:56 2005 => Log File: C:\bases\mwav.log
Sun Jan 02 00:33:56 2005 => Latest Date of files inside MWAV: 02 Jan 2005 01:02:06.

Sun Jan 02 00:33:56 2005 => Options Selected by User:
Sun Jan 02 00:33:56 2005 => Memory Check: Enabled
Sun Jan 02 00:33:56 2005 => Registry Check: Enabled
Sun Jan 02 00:33:56 2005 => StartUp Folder Check: Enabled
Sun Jan 02 00:33:56 2005 => System Folder Check: Disabled
Sun Jan 02 00:33:56 2005 => System Area Check: Disabled
Sun Jan 02 00:33:56 2005 => Services Check: Enabled
Sun Jan 02 00:33:56 2005 => Drive Check Option Disabled
Sun Jan 02 00:33:56 2005 => Scanning Type: Scan And Clean
Sun Jan 02 00:33:56 2005 => Folder Check: Disabled

Sun Jan 02 00:33:56 2005 => ***** Scanning Memory Files *****
Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:33:56 2005 => Scanning File D:\Programme\Sygate\SPF\smc.exe
Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Sun Jan 02 00:33:57 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\LaunchAp.exe
Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\HOTKEY~1.EXE
Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\OSD.exe
Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\Wbutton.exe
Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\realmon.exe
Sun Jan 02 00:33:57 2005 => Scanning File C:\WINDOWS\SOUNDMAN.EXE
Sun Jan 02 00:33:57 2005 => Scanning File C:\Programme\Synaptics\SynTP\SynTPLpr.exe
Sun Jan 02 00:33:57 2005 => Scanning File C:\Programme\Synaptics\SynTP\SynTPEnh.exe
Sun Jan 02 00:33:57 2005 => Scanning File C:\WINDOWS\System32\PRISMSTA.EXE
Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WORKSS~1\WkUFind.exe
Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Sun Jan 02 00:33:57 2005 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
Sun Jan 02 00:33:58 2005 => Scanning File D:\PROGRA~1\Roxio\WINONC~1\DirectCD\DirectCD.exe
Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\BROWSE~1\mouse32a.exe
Sun Jan 02 00:33:58 2005 => Scanning File C:\WINDOWS\PL15Co2K.exe
Sun Jan 02 00:33:58 2005 => Scanning File D:\ACRONI~1\TRUEIM~3.EXE
Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Acronis\SCHEDU~1\schedhlp.exe
Sun Jan 02 00:33:58 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
Sun Jan 02 00:33:58 2005 => Scanning File C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
Sun Jan 02 00:33:58 2005 => Scanning File C:\Programme\HP\hpcoretech\hpcmpmgr.exe
Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWUSC~1.EXE
Sun Jan 02 00:33:58 2005 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe
Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Acronis\SCHEDU~1\schedul2.exe
Sun Jan 02 00:33:59 2005 => Scanning File C:\WINDOWS\SYSTEM32\GEARSEC.EXE
Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoRpc.exe
Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoRT.exe
Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoTask.exe
Sun Jan 02 00:33:59 2005 => Scanning File C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe
Sun Jan 02 00:33:59 2005 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Sun Jan 02 00:33:59 2005 => Scanning File C:\WINDOWS\System32\HotFixQ0306270.exe
Sun Jan 02 00:33:59 2005 => Scanning File C:\WINDOWS\System32\wuauclt.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\System32\wuauclt.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\system32\NOTEPAD.EXE
Sun Jan 02 00:34:00 2005 => Scanning File C:\bases\mwavscan.com
Sun Jan 02 00:34:00 2005 => Scanning File C:\bases\kavss.exe

Sun Jan 02 00:34:00 2005 => ***** Scanning Registry Files *****
Sun Jan 02 00:34:00 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\Explorer.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\system32\userinit.exe
Sun Jan 02 00:34:00 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\LaunchAp.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\HOTKEY~1.EXE
Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\OSD.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\Wbutton.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\CtrlVol.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\System32\VOBREGCheck.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\realmon.exe
Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE
Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\system32\nwiz.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\SOUNDMAN.EXE
Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\Synaptics\SynTP\SynTPLpr.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\Synaptics\SynTP\SynTPEnh.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\System32\PSDrvCheck.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\system32\PRISMSTA.EXE
Sun Jan 02 00:34:01 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WORKSS~1\WkUFind.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
Sun Jan 02 00:34:01 2005 => Scanning File D:\PROGRA~1\Roxio\WINONC~1\DirectCD\DirectCD.exe
Sun Jan 02 00:34:01 2005 => ERROR!!! Invalid Entry PPMemCheck = D:\PROGRA~1\PESTPA~1\PPMemCheck.exe. Removing it.
Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\PL15Co2K.exe
Sun Jan 02 00:34:01 2005 => Scanning File D:\PROGRA~1\Sygate\SPF\smc.exe
Sun Jan 02 00:34:01 2005 => Scanning File D:\ACRONI~1\TRUEIM~3.EXE
Sun Jan 02 00:34:01 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Acronis\SCHEDU~1\schedhlp.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\HP\hpcoretech\hpcmpmgr.exe
Sun Jan 02 00:34:01 2005 => Scanning File C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWUSC~1.EXE
Sun Jan 02 00:34:01 2005 => Scanning File H:\TROJAN~1.0\THGuard.exe
Sun Jan 02 00:34:02 2005 => Scanning File H:\AVPersonal\AVGNT.EXE
Sun Jan 02 00:34:02 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sun Jan 02 00:34:02 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Sun Jan 02 00:34:02 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Sun Jan 02 00:34:02 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Sun Jan 02 00:34:02 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sun Jan 02 00:34:02 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Sun Jan 02 00:34:02 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Sun Jan 02 00:34:02 2005 => Scanning HKCR\txtfile\shell\open\command
Sun Jan 02 00:34:02 2005 => Scanning HKCR\comfile\shell\open\command
Sun Jan 02 00:34:02 2005 => Scanning HKCR\exefile\shell\open\command
Sun Jan 02 00:34:02 2005 => Scanning HKCR\dllfile\shell\open\command
Sun Jan 02 00:34:02 2005 => Scanning HKCR\batfile\shell\open\command
Sun Jan 02 00:34:02 2005 => Scanning HKCR\piffile\shell\open\command
Sun Jan 02 00:34:02 2005 => Scanning HKCR\scrfile\shell\open\command
Sun Jan 02 00:34:02 2005 => Scanning HKCR\scrfile\shell\config\command
Sun Jan 02 00:34:02 2005 => Scanning HKCR\regfile\shell\open\command

Sun Jan 02 00:34:02 2005 => ***** Scanning StartUp Folders *****

Sun Jan 02 00:34:02 2005 => ***** Scanning C:\Dokumente und Einstellungen\cdolphin\Startmenü\Programme\Autostart Folder *****
Sun Jan 02 00:34:02 2005 => Scanning Folder: C:\Dokumente und Einstellungen\cdolphin\Startmenü\Programme\Autostart\*.*
Sun Jan 02 00:34:02 2005 => Scanning File C:\Dokumente und Einstellungen\cdolphin\Startmenü\Programme\Autostart\desktop.ini [**]

Sun Jan 02 00:34:02 2005 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Sun Jan 02 00:34:02 2005 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Sun Jan 02 00:34:02 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
Sun Jan 02 00:34:02 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**]
Sun Jan 02 00:34:02 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Mountit.lnk

Sun Jan 02 00:34:02 2005 => ***** Scanning Service Files *****
Sun Jan 02 00:34:02 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPIEC.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Acronis\SCHEDU~1\schedul2.exe
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\agp440.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\drivers\ALCXWDM.SYS
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\alg.exe
Sun Jan 02 00:34:02 2005 => Scanning File H:\AVPersonal\AVGUARD.EXE
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\arp1394.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\Drivers\ASAPIW2K.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Sun Jan 02 00:34:02 2005 => Scanning File H:\AVPERSONAL\AVGNTDD.SYS
Sun Jan 02 00:34:02 2005 => Scanning File H:\AVPersonal\AVWUPSRV.EXE
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\btaudio.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\btport.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\btkrnl.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\by the way.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\Drivers\by the way.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\c2scsi.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\system32\cisvc.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\compbatt.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\d347bus.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\Drivers\d347prt.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\ENTECH.SYS
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\system32\fxssvc.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\GEARSEC.EXE
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\giveio.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\DOKUME~1\CDOLPHIN\LOKALE~1\TEMP\GSPLITTM.SYS
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\imapi.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\imapi.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoRpc.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoRT.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoTask.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\Drivers\ino_flpy.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\INO_FLTR.SYS
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\IntelC51.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\IntelC52.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\IntelC53.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\irda.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MODEMCSA.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mohfilt.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\msdtc.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\msiexec.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MSTEE.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\NdisIP.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nic1394.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nscirda.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ohci1394.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pcmcia.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\drivers\pfc.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\HotFixQ0306270.exe
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\PRISMA00.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\drivers\prodrv06.sys
Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\drivers\prohlp02.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\drivers\prosync1.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasirda.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\Drivers\RootMdm.sys
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\locator.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\rsvp.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\R8139n51.SYS
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\sfhlp01.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sfloppy.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\SLIP.sys
Sun Jan 02 00:34:12 2005 => Scanning File D:\Programme\Sygate\SPF\smc.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\snapman.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\StreamIP.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\PROGRAMME\SYMANTEC\SYMEVENT.SYS
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\SynTP.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\tifm.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\timntr.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\wdfmgr.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\ups.exe
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\uscbs108.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\uscsc108.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Sun Jan 02 00:34:13 2005 => ERROR!!! Invalid Entry  in SYSTEM\CurrentControlSet\Services\vsdatant...
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\vssvc.exe
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Sun Jan 02 00:34:13 2005 => ERROR!!! Invalid Entry System32\DRIVERS\wanatw4.sys in SYSTEM\CurrentControlSet\Services\wanatw...
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\system32\drivers\Wbutton.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\WPSDRVNT.SYS
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe

Sun Jan 02 00:34:13 2005 => ***** Scanning Important System Files *****
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\winsock.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\ws2help.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\ws2_32.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wscript.exe
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshatm.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshcon.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshde.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshext.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wship6.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshirda.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshisn.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshnetbs.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshom.ocx
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\WshRm.dll
Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\wsnmp32.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\wsock32.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\wstdecod.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\explorer.exe
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\explorer.scf
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\notepad.exe
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\cmd.exe
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\kernel32.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\ntoskrnl.exe
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\ntkrnlpa.exe
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\hal.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\win32k.sys
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\ntdll.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\advapi32.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\user32.dll
Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\gdi32.dll
Sun Jan 02 00:34:15 2005 => Scanning File C:\WINDOWS\System32\bootvid.dll
Sun Jan 02 00:34:15 2005 => Scanning File C:\WINDOWS\System32\command.com

Sun Jan 02 00:34:15 2005 => ***** Checking for specific ITW Viruses *****
Sun Jan 02 00:34:15 2005 => Checking for Welchia Virus...
Sun Jan 02 00:34:15 2005 => Checking for LovGate Virus...
Sun Jan 02 00:34:15 2005 => Checking for CodeRed Virus...
Sun Jan 02 00:34:15 2005 => Checking for OpaServ Virus...
Sun Jan 02 00:34:15 2005 => Checking for Sobig.e Virus...
Sun Jan 02 00:34:15 2005 => Checking for Winupie Virus...
Sun Jan 02 00:34:15 2005 => Checking for Swen Virus...
Sun Jan 02 00:34:15 2005 => Checking for JS.Fortnight Virus...
Sun Jan 02 00:34:15 2005 => Checking for Novarg Virus...

Sun Jan 02 00:34:15 2005 => ***** Scanning complete. *****

Sun Jan 02 00:34:15 2005 => Total Number of Files Scanned: 345
Sun Jan 02 00:34:15 2005 => Total Number of Virus(es) Found: 0
Sun Jan 02 00:34:15 2005 => Total Number of Disinfected Files: 0
Sun Jan 02 00:34:15 2005 => Total Number of Files Renamed: 0
Sun Jan 02 00:34:15 2005 => Total Number of Deleted Files: 0
Sun Jan 02 00:34:15 2005 => Total Number of Errors: 3
Sun Jan 02 00:34:15 2005 => Time Elapsed: 00:00:18
Sun Jan 02 00:34:15 2005 => Virus Database Date: 2005/01/02
Sun Jan 02 00:34:15 2005 => Virus Database Count: 114553

Sun Jan 02 00:34:15 2005 => Scan Completed.

HijackThis:
Logfile of HijackThis v1.99.0
Scan saved at 00:32:53, on 02.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\DirectCD.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\WINDOWS\PL15Co2K.exe
D:\Acronis True Image\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HotFixQ0306270.exe
C:\WINDOWS\System32\wuauclt.exe
H:\hijack\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [OSD] C:\Programme\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "D:\Acronis True Image\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [THGuard] "H:\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [AVGCtrl] "H:\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Mountit.lnk = D:\Programme\Roxio\WinOnCD 6 DVD\MountIt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {103DFAE7-50CC-41FC-9D57-1A4BCA0DFD87} (Upload Control) - https://img.web.de/v/mail/mms/activex/mms_upload_1104.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093210330906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - H:\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - H:\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prolific HotFix Q0306270 - Unknown - C:\WINDOWS\System32\HotFixQ0306270.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - D:\Programme\Sygate\SPF\smc.exe
O23 - Service: Speed Disk service - Acronis - (no file)

Antivir meldete mir nun auch noch Krepper 3 und Stubby C.MistHatte vorher anderes Virenprogramm,was ja wohl gar nix getaugt hat.Was tun?
Seitenanfang Seitenende
02.01.2005, 12:57
...neu hier

Themenstarter

Beiträge: 7
#4 Hallo,Nachmeldung:habe Start im abgesicherten Modus nun hingekriegt (nachdem der Laptop über Nacht aus war,hab ich's gleich probiert) und die Aktion utdszzet.exe löschen ausgeführt und die Temp Dateien bereinigt,wie du gesagt hast.
Die noname Toolbar,die ich erst übersehen habe,hab ich auch noch gefixed.Möchte aber nicht schon wieder 'n Logfile posten,vielleicht kannst ja das andere erstmal ansehen(?) und auch was zu diesen dummen Krepper3 und Stubby C Meldungen sagen?Bitte.
Seitenanfang Seitenende
02.01.2005, 18:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 Hallo@cdolphin

Bekommst du denn noch Meldungen vom Krepper ?
Das Log (wenigsten aeusserlich -> scheint sauber.

(abgesehen vom:
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)

du koenntest mal deinen bisherigen Virenscanner deaktivieren

Lade:
#Antivirus (free)-->warte den Installationsscan in aller Ruhe ab .
dann konfiguriere den Scanner (aktiviere den Guard nicht)
http://www.free-av.de/

[X] Speicher
[X] Bootsektor Suchlaufwerke
[ ] Unbekannte Bootsektoren melden
[X] Alle Dateien
[ ] Programmdateien

gehe in den abgesicherten Modus und mache einen Komplettscann (und poste mir das Scanlog)

dann kannst du den Antivirus wieder deinstallieren und deinen eTrust aktivieren.

------------------------------------------------------------------------------------------
#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1

Ad-Aware SE Settings
===========================
Festlegen : Nach unbedeutenden Risikoeinträgen suchen
Festlegen : Sicherer Modus (stets Bestätigung abfragen)
Festlegen : Aktive Prozesse scannen
Festlegen : Registrierung scannen
Festlegen : Registrierung gründlich scannen
Festlegen : IE-Favoriten nach gesperrten URLs durchsuchen
Festlegen : Hosts-Datei scannen

Extended Ad-Aware SE Settings
===========================
Festlegen : Ident. Proz./Mod. beim Scanning aus Speicher entf.
Festlegen : Reg. f. für alle Benutzer (nicht nur f. akt. Ben.) scannen
Festlegen : Vor dem Löschen stets versuchen, Module aus dem Speicher zu entfernen
Festlegen : Explorer/IE b. Löschen ggf. beenden und aus Speicher entf.
Festlegen : Geöffnete Dateien beim nächsten Neustart von Windows löschen lassen
Festlegen : Nach der Wiederherstellung Objekte unter Quarantäne löschen
Festlegen : Grundlegende Ad-Aware-Einstellungen protokollieren
Festlegen : Erweiterte Ad-Aware-Einstellungen protokollieren
Festlegen : Referenz-Zusammenfassung protokollieren
Festlegen : Details zu alternativen Datenströmen protokollieren
Festlegen : Wenn kritische Objekte identifiziert wurden, Scanlauf durch akustisches Signal abschließen

poste ebenfalls das Scanlog
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 02.01.2005 um 18:39 Uhr von Sabina editiert.
Seitenanfang Seitenende
02.01.2005, 18:54
...neu hier

Themenstarter

Beiträge: 7
#6 Also nein Krepper meldet sich nicht,hab ihn nur gefunden,weil ich Antivir gezogen und laufen gelassen hab.Antivir kann ihn aber nicht entfernen.Etrust hab ich komplett deinstalliert,da es eh gar nix gemeldet hat.
Hab nun auch ewido laufen lassen und ich glaub der hat den Stubby gekillt(muß erst nochmal scannen)
Hab auch ad-aware 6.0 und spybot laufen lassen.Muß es denn ad-aware se personal sein?Ist das noch besser? Wenn ja mach ich's natürlich.
Seitenanfang Seitenende
02.01.2005, 22:35
...neu hier

Themenstarter

Beiträge: 7
#7 Ok,abgesicherter Modus hat mal wieder nicht geklappt,weiß auch nicht warum das nicht immer hinhaut.Aber Ad-Aware SE hab gezogen und laufen lassen.Da hab ich nicht schlecht gestaunt:120 critical Objects gemeldet

Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 2. Januar 2005 22:11:21
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):1 total references
Alexa(TAC index:5):3 total references
AltnetBDE(TAC index:4):31 total references
BlazeFind(TAC index:5):9 total references
CoolWebSearch(TAC index:10):16 total references
MRU List(TAC index:0):41 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
TopMoxie(TAC index:3):2 total references
Tracking Cookie(TAC index:3):41 total references
VX2(TAC index:10):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


02.01.2005 22:11:21 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 604
ThreadCreationTime : 02.01.2005 21:00:38
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 02.01.2005 21:00:45
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 02.01.2005 21:00:48
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 02.01.2005 21:00:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 02.01.2005 21:00:48
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 02.01.2005 21:00:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 02.01.2005 21:00:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [smc.exe]
FilePath : D:\Programme\Sygate\SPF\
ProcessID : 1108
ThreadCreationTime : 02.01.2005 21:00:50
BasePriority : Normal
FileVersion : 5.5.00.2710
ProductVersion : 5.5.00.2710
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1176
ThreadCreationTime : 02.01.2005 21:00:55
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1292
ThreadCreationTime : 02.01.2005 21:00:55
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1300
ThreadCreationTime : 02.01.2005 21:00:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 02.01.2005 21:00:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [launchap.exe]
FilePath : C:\Programme\Launch Manager\
ProcessID : 1736
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : LaunchAp Application
FileDescription : LaunchAp MFC Application
InternalName : LaunchAp
LegalCopyright : Copyright (C) 2001
OriginalFilename : LaunchAp.EXE

#:14 [hotkeyapp.exe]
FilePath : C:\Programme\Launch Manager\
ProcessID : 1744
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Wistron HotkeyApp
CompanyName : Wistron
FileDescription : HotkeyApp
InternalName : HotkeyApp
LegalCopyright : Copyright c 2002
OriginalFilename : HotkeyApp.exe

#:15 [osd.exe]
FilePath : C:\Programme\Launch Manager\
ProcessID : 1760
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : On Screen Display
CompanyName : Wistron
FileDescription : On Screen Display
InternalName : OSD
LegalCopyright : Copyright c 2002
OriginalFilename : OSD.exe

#:16 [wbutton.exe]
FilePath : C:\Programme\Launch Manager\
ProcessID : 1772
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 1, 0, 2, 5
ProductVersion : 1, 0, 2, 5
ProductName : WButton Application
FileDescription : WButton MFC Application
InternalName : WButton
LegalCopyright : Copyright (C) 2001
OriginalFilename : WButton.EXE

#:17 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1844
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 5.1.00
ProductVersion : 5.1.00
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:18 [syntplpr.exe]
FilePath : C:\Programme\Synaptics\SynTP\
ProcessID : 1872
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 7.5.5 24Apr03
ProductVersion : 7.5.5 24Apr03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:19 [syntpenh.exe]
FilePath : C:\Programme\Synaptics\SynTP\
ProcessID : 1884
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 7.5.5 24Apr03
ProductVersion : 7.5.5 24Apr03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:20 [prismsta.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1936
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 1.00.20
ProductVersion : 1.00.20.0083
ProductName : PRISM Wireless LAN
CompanyName : Intersil Americas Inc.
FileDescription : PRISM Status Tray Applet
InternalName : PRISMSTA.exe
LegalCopyright : Copyright © 2003, Intersil Americas Inc.
OriginalFilename : PRISMSTA.exe
Comments : Developer build. by : Administrator

#:21 [wkufind.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\
ProcessID : 1964
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 7.00.0617.0
ProductVersion : 7.00.0617.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works-Aktualisierungserkennung
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:22 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 1976
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:23 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_03\bin\
ProcessID : 1992
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal


#:24 [directcd.exe]
FilePath : D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\
ProcessID : 2000
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:25 [mouse32a.exe]
FilePath : C:\Programme\Browser MOUSE\
ProcessID : 2008
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 3.0.1.0
ProductVersion : 3.0.0.0
LegalCopyright : Copyright 2001 by LEE,WEI-BIN.

#:26 [pl15co2k.exe]
FilePath : C:\WINDOWS\
ProcessID : 2024
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 1
ProductName : Hi-Speed USB Flash Disk
CompanyName : Prolific Technology Inc.
FileDescription : USB Flash Disk Application
InternalName : POMELO
LegalCopyright : Copyright (C) 2003 Prolific Technology Inc.
OriginalFilename : POMELO.exe

#:27 [trueimagemonitor.exe]
FilePath : D:\Acronis True Image\
ProcessID : 2044
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 7,0,0,611
ProductVersion : 7,0,0,611
ProductName : Acronis True Image
CompanyName : Acronis
FileDescription : TrueImage
InternalName : TrueImageMonitor
LegalCopyright : Copyright (C) 2000-2003 Acronis.
LegalTrademarks : Acronis
OriginalFilename : TrueImageMonitor.exe
Comments : Acronis True Image

#:28 [schedhlp.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\
ProcessID : 212
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 1,0,0,35
ProductVersion : 1,0,0,35
ProductName : Acronis Scheduler Helper
CompanyName : Acronis
FileDescription : Acronis Scheduler Helper
InternalName : Scheduler Helper
LegalCopyright : Copyright (C) 2000-2003 Acronis
LegalTrademarks : Acronis
OriginalFilename : schedhlp.exe
Comments : Acronis Scheduler Helper

#:29 [toadimon.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\
ProcessID : 256
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 2.16.10
ProductVersion : 2.00
ProductName : Marmiko IT-Solutions GmbH DialAssistent Component
CompanyName : Marmiko IT-Solutions GmbH
FileDescription : T-Online Verbindungsassistent
InternalName : ToADiMon
LegalCopyright : Copyright © Marmiko IT-Solutions GmbH 2000-2004, Copyright © T-Online International AG 2001-2004
OriginalFilename : ToADiMon.EXE

#:30 [hpztsb10.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 272
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2004

#:31 [hpcmpmgr.exe]
FilePath : C:\Programme\HP\hpcoretech\
ProcessID : 280
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:32 [hpwuschd2.exe]
FilePath : C:\Programme\Hewlett-Packard\HP Software Update\
ProcessID : 316
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:33 [avgnt.exe]
FilePath : H:\AVPersonal\
ProcessID : 336
ThreadCreationTime : 02.01.2005 21:01:02
BasePriority : Normal


#:34 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 340
ThreadCreationTime : 02.01.2005 21:01:02
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [bttray.exe]
FilePath : C:\Programme\WIDCOMM\Bluetooth Software\
ProcessID : 568
ThreadCreationTime : 02.01.2005 21:01:03
BasePriority : Normal
FileVersion : 1.3.2.7
ProductVersion : 1.3.2.7
ProductName : Bluetooth Software 1.3.2.7
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright 2000-2002.
OriginalFilename : BTTray.exe

#:36 [btstackserver.exe]
FilePath : C:\Programme\WIDCOMM\Bluetooth Software\
ProcessID : 692
ThreadCreationTime : 02.01.2005 21:01:03
BasePriority : Normal
FileVersion : 1.3.2.7
ProductVersion : 1.3.2.7
ProductName : Bluetooth Software 1.3.2.7
FileDescription : Bluetooth Stack COM Server
InternalName : BTStackServer
LegalCopyright : Copyright 2000-2002.
OriginalFilename : BTStackServer.exe

#:37 [schedul2.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\
ProcessID : 2924
ThreadCreationTime : 02.01.2005 21:02:06
BasePriority : Normal
FileVersion : 1,0,0,35
ProductVersion : 1,0,0,35
ProductName : Acronis Scheduler 2
CompanyName : Acronis
FileDescription : Acronis Scheduler 2
InternalName : Scheduler2
LegalCopyright : Copyright (C) 2000-2003 Acronis
LegalTrademarks : Acronis
OriginalFilename : schedul2.exe
Comments : Acronis Scheduler 2

#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2944
ThreadCreationTime : 02.01.2005 21:02:06
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [avguard.exe]
FilePath : H:\AVPersonal\
ProcessID : 2964
ThreadCreationTime : 02.01.2005 21:02:06
BasePriority : Normal


#:40 [avwupsrv.exe]
FilePath : H:\AVPersonal\
ProcessID : 3012
ThreadCreationTime : 02.01.2005 21:02:07
BasePriority : Normal


#:41 [ewidoctrl.exe]
FilePath : J:\Programme\ewido\security suite\
ProcessID : 3056
ThreadCreationTime : 02.01.2005 21:02:07
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:42 [gearsec.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ProcessID : 3164
ThreadCreationTime : 02.01.2005 21:02:09
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:43 [logwatnt.exe]
FilePath : C:\Programme\CA\SharedComponents\CA_LIC\
ProcessID : 3184
ThreadCreationTime : 02.01.2005 21:02:09
BasePriority : Normal
FileVersion : 1.52
ProductVersion : 1, 0, 0, 1
ProductName : Computer Associates LogWatNT
CompanyName : Computer Associates
FileDescription : LogWatNT
InternalName : LogWatNT
LegalCopyright : Copyright © 2002
OriginalFilename : LogWatNT.exe

#:44 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\
ProcessID : 3200
ThreadCreationTime : 02.01.2005 21:02:09
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:45 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3232
ThreadCreationTime : 02.01.2005 21:02:09
BasePriority : Normal
FileVersion : 6.14.10.4487
ProductVersion : 6.14.10.4487
ProductName : NVIDIA Driver Helper Service, Version 44.87
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.87
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:46 [hotfixq0306270.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3344
ThreadCreationTime : 02.01.2005 21:02:12
BasePriority : Normal


#:47 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3388
ThreadCreationTime : 02.01.2005 21:02:13
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:48 [kernel.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
ProcessID : 1188
ThreadCreationTime : 02.01.2005 21:02:41
BasePriority : Normal
FileVersion : 1.38.0.1
ProductVersion : xx.xx.xx.xxxx
ProductName : T-Online Basissoftware
CompanyName : T-Online
FileDescription : T-Online StartCenter 5.0
InternalName : T-Online Software
LegalCopyright : Copyright 2001
OriginalFilename : kernel.exe

#:49 [sc_watch.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
ProcessID : 1260
ThreadCreationTime : 02.01.2005 21:02:43
BasePriority : Normal


#:50 [profil~1.exe]
FilePath : C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\
ProcessID : 2216
ThreadCreationTime : 02.01.2005 21:02:50
BasePriority : Normal
FileVersion : 1.34.00.0002
ProductVersion : 5.00.00.0000
ProductName : T-Online Basissoftware
CompanyName : T-Online
FileDescription : T-Online Profilverwaltung
InternalName : Profilemgr
LegalCopyright : Copyright 2001
OriginalFilename : profilemgr.exe

#:51 [browser.exe]
FilePath : C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\
ProcessID : 2840
ThreadCreationTime : 02.01.2005 21:03:11
BasePriority : Normal
FileVersion : 5, 3, 0, 34
ProductVersion : 5, 3, 0, 34
ProductName : T-Online Browser
CompanyName : T-Online International AG
FileDescription : T-Online Browser 5.0
InternalName : T-Online Browser 5.0
LegalCopyright : Copyright (C) T-Online International AG
OriginalFilename : T-Online Browser 5.0

#:52 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3300
ThreadCreationTime : 02.01.2005 21:03:17
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

#:53 [ewidoguard.exe]
FilePath : J:\Programme\ewido\security suite\
ProcessID : 3860
ThreadCreationTime : 02.01.2005 21:05:35
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:54 [ad-aware.exe]
FilePath : D:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 3672
ThreadCreationTime : 02.01.2005 21:08:14
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:55 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3324
ThreadCreationTime : 02.01.2005 21:09:48
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadx.installer

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadx.installer
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar
Value : NumRuns

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar
Value : Next

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar
Value : ID1

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar
Value : ID2

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar
Value : PanelNumber

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sbsoft

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sbsoft
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sbsoft
Value : UninstallString

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
Rootkey : HKEY_USERS
Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 29


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29

MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\musicmatch
Description : download location of the musicmatch installer


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\automap\9.0\findmru
Description : list of recently used find queries used in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\cdolphin\recent
Description : list of recently opened documents



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@as-us.falkag[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:cdolphin@as-us.falkag.net/
Expires : 30.01.2005 18:12:24
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@adserver.geizkragen[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:cdolphin@adserver.geizkragen.de/
Expires : 16.01.2005 11:00:02
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@findwhat[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@findwhat.com/
Expires : 01.01.2020 01:00:02
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@bluestreak[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@bluestreak.com/
Expires : 25.12.2014 07:13:18
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@cxoadfarm.dyndns[1].txt
Category : Data Miner
Comment : Hits:16
Value : Cookie:cdolphin@cxoadfarm.dyndns.info/
Expires : 02.01.2006 15:28:32
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@realmedia[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:cdolphin@realmedia.com/
Expires : 01.01.2011 01:00:00
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@targetnet[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:cdolphin@targetnet.com/
Expires : 18.05.2033 04:33:20
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@adservervv.geizkragen[1].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:cdolphin@adservervv.geizkragen.de/
Expires : 03.01.2005 03:04:02
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@www7.paypopup[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@www7.paypopup.com/
Expires : 01.01.2005 16:42:56
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@please[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@ad2.de.mediainter.net/please/
Expires : 25.11.2005 11:41:16
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@imrworldwide.com/cgi-bin
Expires : 19.01.2009
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@excite[1].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:cdolphin@excite.de/
Expires : 01.01.2006 13:18:04
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@tripod[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:cdolphin@tripod.com/
Expires : 31.12.2005 16:36:34
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@gator[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:cdolphin@gator.com/
Expires : 01.03.2005 18:31:10
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@as1.falkag[2].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:cdolphin@as1.falkag.de/
Expires : 01.02.2005 14:32:12
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@partners.webmasterplan[1].txt
Category : Data Miner
Comment : Hits:83
Value : Cookie:cdolphin@partners.webmasterplan.com/
Expires : 01.02.2005
LastSync : Hits:83
UseCount : 0
Hits : 83

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@valueclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@valueclick.com/
Expires : 24.12.2029 14:49:44
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:cdolphin@tradedoubler.com/
Expires : 03.01.2005 02:57:44
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@maxserving[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:cdolphin@maxserving.com/
Expires : 29.12.2014 16:35:12
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:13
Value : Cookie:cdolphin@z1.adserver.com/
Expires : 02.01.2006 16:33:26
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@atdmt.com/
Expires : 01.01.2010 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@advertising[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:cdolphin@advertising.com/
Expires : 30.12.2009 16:34:48
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@fastclick[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:cdolphin@fastclick.net/
Expires : 23.12.2006 15:54:46
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:cdolphin@2o7.net/
Expires : 30.12.2009 18:25:46
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@count.xhit[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:cdolphin@count.xhit.com/
Expires : 29.10.2005 14:58:54
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@servedby.advertising[2].txt
Category : Data Miner
Comment : Hits:47
Value : Cookie:cdolphin@servedby.advertising.com/
Expires : 31.01.2005 15:25:40
LastSync : Hits:47
UseCount : 0
Hits : 47

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@casalemedia[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:cdolphin@casalemedia.com/
Expires : 22.12.2005 11:39:48
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@doubleclick[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:cdolphin@doubleclick.net/
Expires : 02.01.2008 18:46:38
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@servedby.netshelter[1].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:cdolphin@servedby.netshelter.net/
Expires : 29.06.2021 14:48:54
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@adtech[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:cdolphin@adtech.de/
Expires : 31.12.2014 18:46:38
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@versiontracker[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:cdolphin@versiontracker.com/
Expires : 02.01.2007 14:06:16
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@tribalfusion.com/
Expires : 01.01.2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@mediaplex[1].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:cdolphin@mediaplex.com/
Expires : 22.06.2009 01:00:00
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 33
Objects found so far: 103



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : barlinks.ini
Category : Malware
Comment :
Object : C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\



CoolWebSearch Object Recognized!
Type : File
Data : links.ini
Category : Malware
Comment :
Object : C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@partners.webmasterplan[1].txt
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\cdolphin\Lokale Einstellungen\Temp\Cookies\cdolphin@partners.webmasterplan[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ronja@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ronja@adtech[2].txt
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@adtech[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ronja@casalemedia[2].txt
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@casalemedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ronja@count.xhit[1].txt
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@count.xhit[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ronja@partners.webmasterplan[2].txt
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@partners.webmasterplan[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ronja@sel.as-eu.falkag[1].txt
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@sel.as-eu.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ronja@statcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@statcounter[1].txt

VX2 Object Recognized!
Type : File
Data : Dc1.tcf
Category : Malware
Comment :
Object : C:\RECYCLER\S-1-5-21-2236685999-2259171284-2586937267-1008\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


TopMoxie Object Recognized!
Type : File
Data : Dc5.exe
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-2236685999-2259171284-2586937267-1008\



BlazeFind Object Recognized!
Type : File
Data : Key2.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



AltnetBDE Object Recognized!
Type : File
Data : Setup.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\Altnet\
FileVersion : 1, 0, 4, 13
ProductVersion : 1, 0, 0, 0
ProductName : AltnetInstaller
CompanyName : Altnet
FileDescription : AltnetInstaller
InternalName : AltnetInstaller
LegalCopyright : Copyright © 2003
OriginalFilename : AltnetInstaller.exe


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 117


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
3 entries scanned.
New critical objects:0
Objects found so far: 117



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cra*hier nicht!*.com - keyg*hier nicht*, patches, crackz....url
Category : Misc
Comment : Problematic URL discovered: http://Cra*hier nicht!*.com
Object : C:\Dokumente und Einstellungen\cdolphin\Favoriten\Cra*hier nicht!*\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cra*hier nicht!*.US - Cra*hier nicht!* search engine.url
Category : Misc
Comment : Problematic URL discovered: http://www.Cra*hier nicht!*.us
Object : C:\Dokumente und Einstellun
Seitenanfang Seitenende
02.01.2005, 23:46
...neu hier

Themenstarter

Beiträge: 7
#8 Hallo nochmal,hab mit Antivir gescannt,allerdings nicht im abgesicherten Modus(klappte ja irgendwie nicht),sondern im Normalen und nochmal mit Ad-Aware Se nachgescannt.Keine Meldung in Antivir mehr zu Krepper oder Stubby.
Hier die aktuellen Logfiles:

Erstellungsdatum der Reportdatei: Sonntag, 2. Januar 2005 22:35

AntiVir®/XP (2000 + NT) Personal Edition v6.29.00.03 vom 13.12.2004
VDF-Datei v6.29.0.44 (0) vom 31.12.2004


Dieses Programm ist nur für den PRIVATEN EINSATZ bestimmt.
Jede andere Verwendung ist NICHT gestattet.
Informationen über kommerzielle Versionen von AntiVir erhalten Sie bei:
www.antivir.de.


Es wird nach 94905 Viren bzw. unerwünschten Programmen gesucht.

Lizenznehmer: AntiVir Personal Edition
Seriennummer: 0000149996-ADJIE-0001
FUSE: Grundlizenz

Bitte tragen Sie in dieses Formular den Rechnerstandort und
den zuständigen Ansprechpartner mit Telefonnummer ein:

Name ___________________________________________

Straße ___________________________________________

PLZ/Ort ___________________________________________

Telefon/Fax ___________________________________________

EMail ___________________________________________

Plattform: Windows NT Workstation
Windows-Version: 5.1 Build 2600 (Service Pack 1)
Benutzername: cdolphin
Computername: JOKER
Prozessor: Pentium
Arbeitsspeicher: 523248 KB frei

Versionsinformationen:
AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58
AVEWIN32.DLL : v6.29.0.5 782848 15.12.2004 10:03:52
AVGNT.EXE : v6.28.00.02 127016 08.11.2004 08:12:44
AVGUARD.EXE : v6.29.00.03 241704 17.11.2004 14:44:04
GUARDMSG.DLL : v6.28.00.02 98344 30.09.2004 08:10:44
AVGCMSG.DLL : v6.28.00.02 266280 08.11.2004 08:12:44
AVGNTDD.SYS : v6.29.00.02 32560 10.12.2004 12:46:28
AVPACK32.DLL : v6, 28, 0, 4 303144 28.10.2004 10:37:46
AVGETVER.DLL : v6.22.00.00 24576 30.09.2004 08:10:40
AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58
AVSHLEXT.DLL : v6.22.00.00 57344 30.09.2004 08:10:42
AVSched32.EXE : v6.29.00.00 110632 19.11.2004 12:04:14
AVSched32.DLL : v6.28.00.01 122880 30.09.2004 08:10:42
AVREG.DLL : v6.27.00.01 41000 30.09.2004 08:10:42
AVRep.DLL : v6.29.00.44 839720 31.12.2004 10:24:50
INETUPD.EXE : v6.29.00.02 262203 23.11.2004 12:51:52
INETUPD.DLL : v6.29.00.02 159815 23.11.2004 12:51:52
CTL3D32.DLL : v2.31.000 27136 29.08.2002 13:00:00
MFC42.DLL : v6.00.8665.0 995383 29.08.2002 13:00:00
MSVCRT.DLL : v7.0.2600.1106 (xpsp1.020828-1920
MSVCRT.DLL : v7.0.2600.1106 323072 29.08.2002 13:00:00
CTL3DV2.DLL : v2.31.000 27632 14.07.1995 00:43:30

Konfigurationsdaten:

Name der Konfigurationsdatei: H:\AVPersonal\AVWIN.INI
Name der Reportdatei: H:\AVPersonal\LOGFILES\AVWIN.LOG
Startpfad: H:\AVPersonal
Kommandozeile:
Startmodus: unbekannt

Modus der Reportdatei:
[ ] Kein Report erstellen
[X] Report überschreiben
[ ] Neuen Report anhängen

Daten in Reportdatei:
[X] Infizierte Dateien
[ ] Infizierte Dateien mit Pfaden
[ ] Alle durchsuchten Dateien
[ ] Komplette Information

Reportdatei kürzen:
[ ] Reportdatei kürzen

Warnungen im Report:
[X] Zugriffsfehler/Datei gesperrt
[X] Falsche Dateigröße im Verzeichnis
[X] Falsche Erstellungszeit im Verzeichnis
[ ] COM-Datei zu groß
[X] Ungültige Startadresse
[X] Ungültiger EXE-Header
[X] Möglicherweise beschädigt

Kurzreport:
[X] Kurzreport erstellen
Ausgabedatei: AVWIN.ACT
Maximale Anzahl Einträge: 100

Wo zu suchen ist:
[X] Speicher
[X] Bootsektor Suchlaufwerke
[ ] Unbekannte Bootsektoren melden
[ ] Alle Dateien
[X] Programmdateien
Endungen: .386 .?HT* .ACM .ADE .ADP .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL
.CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE
.JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .POT .PPS .PPT .PRG
.RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .
VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Reaktion bei Fund:
[X] Reparieren mit Rückfrage
[ ] Reparieren ohne Rückfrage
[ ] Löschen mit Rückfrage
[ ] Löschen ohne Rückfrage
[ ] Nur in Logdatei aufzeichnen
[X] Akustische Warnung

Reaktion bei defekten Dateien:
[X] Löschen mit Rückfrage
[ ] Löschen ohne Rückfrage
[ ] Ignorieren

Reaktion bei defekten Dateien:
[X] Nicht verändern
[ ] Aktuelle Systemzeit
[ ] Datum korrigieren

Drag&Drop-Einstellungen:
[X] Unterverzeichnisse durchsuchen

Profil-Einstellungen:
[X] Unterverzeichnisse durchsuchen

Einstellungen der Archive
[X] Archive durchsuchen
[X] Alle Archive-Typen

Diverse Optionen:
Temporärer Pfad: %TEMP% -> C:\DOKUME~1\cdolphin\LOKALE~1\Temp
[X] Virulente Dateien überschreiben
[ ] Leerlaufzeit entdecken
[X] Stoppen der Prüfung zulassen
[X] AVWin®/NT Guard beim Systemstart laden

Allgemeine Einstellungen:
[X] Einstellungen beim Beenden speichern
Priorität: mittel

Laufwerke:
C: Festplatte
D: Festplatte
E: Festplatte
F: CDRom
G: CDRom
H: Festplatte
I: CDRom
J: Festplatte
K: Festplatte
L: Diskettenlaufwerk

Start des Suchlaufs: Sonntag, 2. Januar 2005 22:35

Speichertest OK
Master-Bootsektor von Festplatte HD0 OK
Master-Bootsektor von Festplatte HD1 OK
Master-Bootsektor von Festplatte HD2 OK
Bootsektor von Laufwerk C: OK


C:\
hiberfil.sys
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
pagefile.sys
Zugriff verweigert! Fehler beim Öffnen der Datei.
Dies ist eine Auslagerungsdatei von Windows. Diese Datei ist von Windows gelockt.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery
AlexaRelated.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
BlazeFindBrowserhelper.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
BlazeFindBrowserhelper1.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp1.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp2.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp3.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp4.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp5.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp6.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp7.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp8.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchCameUp9.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchToolband.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchWCADW.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
CoolWWWSearchWCADW1.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit1.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit10.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit11.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit12.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit13.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit14.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit15.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit16.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit17.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit18.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit19.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit2.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit20.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit21.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit22.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit23.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit24.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit25.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit26.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit27.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit28.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit29.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit3.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit30.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit31.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit32.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit33.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit34.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit4.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit5.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit6.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit7.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit8.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
DSOExploit9.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
GAINGator.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
GoldenPalaceCasino.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
nCase.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
nCase1.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
nCase2.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
nCase3.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
nCase4.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
VXf.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
VXf1.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
VXf2.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
VXf3.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
VXf4.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
VXf5.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
WebRebatesTopRebates.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
WebRebatesTopRebates1.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
WebRebatesTopRebates2.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
WebRebatesTopRebates3.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
WebRebatesTopRebates4.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
WebRebatesTopRebates5.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
WebRebatesTopRebates6.zip
ArchiveType: ZIP
HINWEIS! Das gesamte Archiv ist passwortgeschützt
C:\Dokumente und Einstellungen\cdolphin\Eigene Dateien\Neuer Ordner
mdp.exe
Die Datei enthält Signatur des Scherzprogrammes Joke/MDP und wurde vom Benutzer unterdrückt.
Fehler beim Wechsel in das Verzeichnis System Volume Information
C:\WINDOWS\SoftwareDistribution\Download\fa6fb01ac82a6e60ca928c584157ebda
hmmapi.dll
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
C:\WINDOWS\SoftwareDistribution\EventCache
{15DD0689-44E6-45D4-B321-62BA03F05221}.bin
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
{69A352E8-529E-4252-A218-486F125C0433}.bin
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
C:\WINDOWS\system32
DETour.exe
ArchiveType: ZIP SFX (self extracting)
--> v2i.swf
HINWEIS! Unerwartetes Dateiende erreicht
--> computer.swf
HINWEIS! Unerwartetes Dateiende erreicht
--> Topic4.swf
HINWEIS! Unerwartetes Dateiende erreicht
--> Topic3.swf
HINWEIS! Unerwartetes Dateiende erreicht
--> Topic2.swf
HINWEIS! Unerwartetes Dateiende erreicht
--> Topic1.swf
HINWEIS! Unerwartetes Dateiende erreicht
--> Drive Image.swf
HINWEIS! Unerwartetes Dateiende erreicht
C:\WINDOWS\system32\config
default
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
SAM
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
SECURITY
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
software
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!
system
Zugriff verweigert! Fehler beim Öffnen der Datei.
Fehlercode: 0x000D
WARNUNG! Zugriffsfehler/Datei gesperrt!

Ende des Suchlaufs: Sonntag, 2. Januar 2005 23:36
Benötigte Zeit: 61:03 min


4958 Verzeichnisse wurden durchsucht
78782 Dateien wurden geprüft
10 Warnungen wurden ausgegeben
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Viren bzw. unerwünschte Programme wurden gefunden


Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 2. Januar 2005 23:04:59
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


02.01.2005 23:05:00 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 604
ThreadCreationTime : 02.01.2005 21:00:38
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 02.01.2005 21:00:45
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 02.01.2005 21:00:48
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 02.01.2005 21:00:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 02.01.2005 21:00:48
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 02.01.2005 21:00:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 02.01.2005 21:00:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [smc.exe]
FilePath : D:\Programme\Sygate\SPF\
ProcessID : 1108
ThreadCreationTime : 02.01.2005 21:00:50
BasePriority : Normal
FileVersion : 5.5.00.2710
ProductVersion : 5.5.00.2710
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1176
ThreadCreationTime : 02.01.2005 21:00:55
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1292
ThreadCreationTime : 02.01.2005 21:00:55
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1300
ThreadCreationTime : 02.01.2005 21:00:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1476
ThreadCreationTime : 02.01.2005 21:00:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [launchap.exe]
FilePath : C:\Programme\Launch Manager\
ProcessID : 1736
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : LaunchAp Application
FileDescription : LaunchAp MFC Application
InternalName : LaunchAp
LegalCopyright : Copyright (C) 2001
OriginalFilename : LaunchAp.EXE

#:14 [hotkeyapp.exe]
FilePath : C:\Programme\Launch Manager\
ProcessID : 1744
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 1, 0, 5, 0
ProductVersion : 1, 0, 5, 0
ProductName : Wistron HotkeyApp
CompanyName : Wistron
FileDescription : HotkeyApp
InternalName : HotkeyApp
LegalCopyright : Copyright c 2002
OriginalFilename : HotkeyApp.exe

#:15 [osd.exe]
FilePath : C:\Programme\Launch Manager\
ProcessID : 1760
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : On Screen Display
CompanyName : Wistron
FileDescription : On Screen Display
InternalName : OSD
LegalCopyright : Copyright c 2002
OriginalFilename : OSD.exe

#:16 [wbutton.exe]
FilePath : C:\Programme\Launch Manager\
ProcessID : 1772
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 1, 0, 2, 5
ProductVersion : 1, 0, 2, 5
ProductName : WButton Application
FileDescription : WButton MFC Application
InternalName : WButton
LegalCopyright : Copyright (C) 2001
OriginalFilename : WButton.EXE

#:17 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1844
ThreadCreationTime : 02.01.2005 21:00:58
BasePriority : Normal
FileVersion : 5.1.00
ProductVersion : 5.1.00
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:18 [syntplpr.exe]
FilePath : C:\Programme\Synaptics\SynTP\
ProcessID : 1872
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 7.5.5 24Apr03
ProductVersion : 7.5.5 24Apr03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003
OriginalFilename : SynTPLpr.exe

#:19 [syntpenh.exe]
FilePath : C:\Programme\Synaptics\SynTP\
ProcessID : 1884
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 7.5.5 24Apr03
ProductVersion : 7.5.5 24Apr03
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003
OriginalFilename : SynTPEnh.exe

#:20 [prismsta.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1936
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 1.00.20
ProductVersion : 1.00.20.0083
ProductName : PRISM Wireless LAN
CompanyName : Intersil Americas Inc.
FileDescription : PRISM Status Tray Applet
InternalName : PRISMSTA.exe
LegalCopyright : Copyright © 2003, Intersil Americas Inc.
OriginalFilename : PRISMSTA.exe
Comments : Developer build. by : Administrator

#:21 [wkufind.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\
ProcessID : 1964
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 7.00.0617.0
ProductVersion : 7.00.0617.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works-Aktualisierungserkennung
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:22 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 1976
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:23 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_03\bin\
ProcessID : 1992
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal


#:24 [directcd.exe]
FilePath : D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\
ProcessID : 2000
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:25 [mouse32a.exe]
FilePath : C:\Programme\Browser MOUSE\
ProcessID : 2008
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 3.0.1.0
ProductVersion : 3.0.0.0
LegalCopyright : Copyright 2001 by LEE,WEI-BIN.

#:26 [pl15co2k.exe]
FilePath : C:\WINDOWS\
ProcessID : 2024
ThreadCreationTime : 02.01.2005 21:00:59
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 1
ProductName : Hi-Speed USB Flash Disk
CompanyName : Prolific Technology Inc.
FileDescription : USB Flash Disk Application
InternalName : POMELO
LegalCopyright : Copyright (C) 2003 Prolific Technology Inc.
OriginalFilename : POMELO.exe

#:27 [trueimagemonitor.exe]
FilePath : D:\Acronis True Image\
ProcessID : 2044
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 7,0,0,611
ProductVersion : 7,0,0,611
ProductName : Acronis True Image
CompanyName : Acronis
FileDescription : TrueImage
InternalName : TrueImageMonitor
LegalCopyright : Copyright (C) 2000-2003 Acronis.
LegalTrademarks : Acronis
OriginalFilename : TrueImageMonitor.exe
Comments : Acronis True Image

#:28 [schedhlp.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\
ProcessID : 212
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 1,0,0,35
ProductVersion : 1,0,0,35
ProductName : Acronis Scheduler Helper
CompanyName : Acronis
FileDescription : Acronis Scheduler Helper
InternalName : Scheduler Helper
LegalCopyright : Copyright (C) 2000-2003 Acronis
LegalTrademarks : Acronis
OriginalFilename : schedhlp.exe
Comments : Acronis Scheduler Helper

#:29 [toadimon.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\
ProcessID : 256
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 2.16.10
ProductVersion : 2.00
ProductName : Marmiko IT-Solutions GmbH DialAssistent Component
CompanyName : Marmiko IT-Solutions GmbH
FileDescription : T-Online Verbindungsassistent
InternalName : ToADiMon
LegalCopyright : Copyright © Marmiko IT-Solutions GmbH 2000-2004, Copyright © T-Online International AG 2001-2004
OriginalFilename : ToADiMon.EXE

#:30 [hpztsb10.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 272
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2004

#:31 [hpcmpmgr.exe]
FilePath : C:\Programme\HP\hpcoretech\
ProcessID : 280
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:32 [hpwuschd2.exe]
FilePath : C:\Programme\Hewlett-Packard\HP Software Update\
ProcessID : 316
ThreadCreationTime : 02.01.2005 21:01:01
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:33 [avgnt.exe]
FilePath : H:\AVPersonal\
ProcessID : 336
ThreadCreationTime : 02.01.2005 21:01:02
BasePriority : Normal


#:34 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 340
ThreadCreationTime : 02.01.2005 21:01:02
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [bttray.exe]
FilePath : C:\Programme\WIDCOMM\Bluetooth Software\
ProcessID : 568
ThreadCreationTime : 02.01.2005 21:01:03
BasePriority : Normal
FileVersion : 1.3.2.7
ProductVersion : 1.3.2.7
ProductName : Bluetooth Software 1.3.2.7
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright 2000-2002.
OriginalFilename : BTTray.exe

#:36 [btstackserver.exe]
FilePath : C:\Programme\WIDCOMM\Bluetooth Software\
ProcessID : 692
ThreadCreationTime : 02.01.2005 21:01:03
BasePriority : Normal
FileVersion : 1.3.2.7
ProductVersion : 1.3.2.7
ProductName : Bluetooth Software 1.3.2.7
FileDescription : Bluetooth Stack COM Server
InternalName : BTStackServer
LegalCopyright : Copyright 2000-2002.
OriginalFilename : BTStackServer.exe

#:37 [schedul2.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\
ProcessID : 2924
ThreadCreationTime : 02.01.2005 21:02:06
BasePriority : Normal
FileVersion : 1,0,0,35
ProductVersion : 1,0,0,35
ProductName : Acronis Scheduler 2
CompanyName : Acronis
FileDescription : Acronis Scheduler 2
InternalName : Scheduler2
LegalCopyright : Copyright (C) 2000-2003 Acronis
LegalTrademarks : Acronis
OriginalFilename : schedul2.exe
Comments : Acronis Scheduler 2

#:38 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2944
ThreadCreationTime : 02.01.2005 21:02:06
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:39 [avguard.exe]
FilePath : H:\AVPersonal\
ProcessID : 2964
ThreadCreationTime : 02.01.2005 21:02:06
BasePriority : Normal


#:40 [avwupsrv.exe]
FilePath : H:\AVPersonal\
ProcessID : 3012
ThreadCreationTime : 02.01.2005 21:02:07
BasePriority : Normal


#:41 [ewidoctrl.exe]
FilePath : J:\Programme\ewido\security suite\
ProcessID : 3056
ThreadCreationTime : 02.01.2005 21:02:07
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:42 [gearsec.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ProcessID : 3164
ThreadCreationTime : 02.01.2005 21:02:09
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe

#:43 [logwatnt.exe]
FilePath : C:\Programme\CA\SharedComponents\CA_LIC\
ProcessID : 3184
ThreadCreationTime : 02.01.2005 21:02:09
BasePriority : Normal
FileVersion : 1.52
ProductVersion : 1, 0, 0, 1
ProductName : Computer Associates LogWatNT
CompanyName : Computer Associates
FileDescription : LogWatNT
InternalName : LogWatNT
LegalCopyright : Copyright © 2002
OriginalFilename : LogWatNT.exe

#:44 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\
ProcessID : 3200
ThreadCreationTime : 02.01.2005 21:02:09
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:45 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3232
ThreadCreationTime : 02.01.2005 21:02:09
BasePriority : Normal
FileVersion : 6.14.10.4487
ProductVersion : 6.14.10.4487
ProductName : NVIDIA Driver Helper Service, Version 44.87
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.87
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:46 [hotfixq0306270.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3344
ThreadCreationTime : 02.01.2005 21:02:12
BasePriority : Normal


#:47 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3388
ThreadCreationTime : 02.01.2005 21:02:13
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:48 [kernel.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
ProcessID : 1188
ThreadCreationTime : 02.01.2005 21:02:41
BasePriority : Normal
FileVersion : 1.38.0.1
ProductVersion : xx.xx.xx.xxxx
ProductName : T-Online Basissoftware
CompanyName : T-Online
FileDescription : T-Online StartCenter 5.0
InternalName : T-Online Software
LegalCopyright : Copyright 2001
OriginalFilename : kernel.exe

#:49 [sc_watch.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
ProcessID : 1260
ThreadCreationTime : 02.01.2005 21:02:43
BasePriority : Normal


#:50 [profil~1.exe]
FilePath : C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\
ProcessID : 2216
ThreadCreationTime : 02.01.2005 21:02:50
BasePriority : Normal
FileVersion : 1.34.00.0002
ProductVersion : 5.00.00.0000
ProductName : T-Online Basissoftware
CompanyName : T-Online
FileDescription : T-Online Profilverwaltung
InternalName : Profilemgr
LegalCopyright : Copyright 2001
OriginalFilename : profilemgr.exe

#:51 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3300
ThreadCreationTime : 02.01.2005 21:03:17
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

#:52 [ewidoguard.exe]
FilePath : J:\Programme\ewido\security suite\
ProcessID : 3860
ThreadCreationTime : 02.01.2005 21:05:35
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:53 [ad-aware.exe]
FilePath : D:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 3672
ThreadCreationTime : 02.01.2005 21:08:14
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:54 [avwin.exe]
FilePath : H:\AVPersonal\
ProcessID : 3044
ThreadCreationTime : 02.01.2005 21:35:03
BasePriority : Normal
FileVersion : 6.29.00.03
ProductVersion : 6.29.00.03
ProductName : AVWIN
CompanyName : H+BEDV Datentechnik GmbH
FileDescription : AVWIN.EXE
InternalName : AVWIN.EXE
LegalCopyright : Copyright © 1996-2004 by H+BEDV Datentechnik GmbH, Germany
LegalTrademarks : AntiVir® is a registered trademark of H+BEDV Datentechnik GmbH, Germany
OriginalFilename : AVWIN.EXE

#:55 [taskmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1148
ThreadCreationTime : 02.01.2005 21:52:22
BasePriority : High
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Task-Manager
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : taskmgr.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\cdolphin\recent
Description : list of recently opened documents



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : cdolphin@mediaplex[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:cdolphin@mediaplex.com/
Expires : 22.06.2009 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 5


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
3 entries scanned.
New critical objects:0
Objects found so far: 5




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

23:36:43 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:31:43.563
Objects scanned:161614
Objects identified:1
Objects ignored:0
New critical objects:1
Seitenanfang Seitenende
03.01.2005, 13:19
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9 Hallo@cdolphin

loesche:
C:\RECYCLER\S-1-5-21-2236685999-2259171284-2586937267-1008\Dc5.exe
C:\Dokumente und Einstellungen\cdolphin\Favoriten\Cra*hier nicht!*\
C:\WINDOWS\Temp\Altnet
C:\WINDOWS\Key2.txt

Data : barlinks.ini
C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\

Data : links.ini
Object : C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\

in der Registry:
HKEY_LOCAL_MACHINE
Object : software\180solutions

HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sbsoft
------------------------------------------------------------------------------------------
#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

- die eingetragenen URLs
- Autovervollständigen-Einträge in Web-Formularen des IE (bisher
nur Win9x/ME)
- Download-Listen des Netscape/Opera

MRU-Clear XP 1.2
Windows merkt sich von jedem Benutzer die zuletzt benutzten Dateien und ausgeführten Funktionen. Diese Einstellungen werden nicht in einer extra Datei, sondern in der Registrierdatenbank abgelegt. Auf diese MRU-Einträge der einzelnen USER kann aber auch ein anderer Benutzer über die Registry zugreifen und so feststellen, was der Anwender denn so als letztes auf seinem Rechner gemacht hat.
Diese MRU-Listen können Sie mit MRU-Clear XP anzeigen und löschen.
http://www.ok-s.de/download/download.html
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 03.01.2005 um 13:20 Uhr von Sabina editiert.
Seitenanfang Seitenende
03.01.2005, 21:42
...neu hier

Themenstarter

Beiträge: 7
#10 gelöscht:C:\RECYCLER\S-1-5-21-2236685999-2259171284-2586937267-1008\Dc5.exe


nicht gefunden oder vorhanden:
C:\Dokumente und Einstellungen\cdolphin\Favoriten\Cra*hier nicht!*\
C:\WINDOWS\Key2.txt
C:\WINDOWS\Temp\Altnet dafür gibt es einen Ordner: C.\programm files\altnet muß der weg?

auch nicht in der Registry vorhanden:
Object : software\microsoft\windows\currentversion\uninstall\sbsoft
Object : software\180solutions
weder im angegebenen Pfad,noch bei Eingabe unter "suchen" hab ich die gefunden,kann aber nochmal mit jv16 power tools suchen gleich

nicht richtig verstanden hab ich:
Data : barlinks.ini
C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\

Data : links.ini
Object : C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\
was bedeutet;)ata : barlinks.ini und Data : links.ini ? Habe nun ganzen Ordner SbSSoft gelöscht,war das falsch?

Die beiden Proggis hab ich gezogen und möcht sie gleich ausführen
Bin dir echt dankbar für deine Hilfe


Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: