Trojaner Winad, bitte um Hilfe |
||
---|---|---|
#0
| ||
01.01.2005, 21:20
...neu hier
Beiträge: 7 |
||
|
||
01.01.2005, 23:09
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@cdolphin
#eScan ftp://mwti.matrix.lv/download/tools/ erstelle den Ordner c:\bases mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R3 - Default URLSearchHook is missing O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O4 - HKLM\..\Run: [uirgaxbe] C:\WINDOWS\System32\utdszzet.exe O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://hot.thebugs.ws/fav.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d4c187b953bfb46fe4554626d075f efdb4aaa4e292b973e4688460fa418acc5432fa0e3daa24c11a9993cee59d390a110112337796862 16654b511e5af9ef1:ef6809508de57060f0dd3f5553147fe9 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13b7a2b432ae828a6506/netzip/RdxIE601_de.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab PC neustarten gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml Loesche: C:\WINDOWS\System32\utdszzet.exe Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen : Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders, Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory -->und "Scan " klicken. poste dann bitte das Scanlog vom eScan (deleted) sowie das neue Log vom HijackThis. __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 01.01.2005 um 23:13 Uhr von Sabina editiert.
|
|
|
||
02.01.2005, 00:45
...neu hier
Themenstarter Beiträge: 7 |
#3
Also schon mal danke für deine Antwort.Habe mich bemüht deine Ratschläge auszuführen (schwitz,bin doch Amateur).Was nicht geklappt hat war das Starten im abgesicherten Modus--->Bildschirm bleibt schwarz mit blinkendem Cursor und nix geht mehr.Starten geht nur im normalen Modus.Wieso??Kann deinen Vorschlag also auch im normalen Modus ausführen evtl.(löschen von C:\WINDOWS\System32\utdszzet.exe)?
Und nun die Logfiles: escan Sun Jan 02 00:33:36 2005 => ********************************************************** Sun Jan 02 00:33:36 2005 => eScan AntiVirus Toolkit Utility. Sun Jan 02 00:33:36 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sun Jan 02 00:33:36 2005 => ********************************************************** Sun Jan 02 00:33:36 2005 => Version 4.1.9 Sun Jan 02 00:33:36 2005 => Log File: C:\bases\mwav.log Sun Jan 02 00:33:37 2005 => Latest Date of files inside MWAV: 02 Jan 2005 01:02:06. Sun Jan 02 00:33:38 2005 => AV Library Loaded... Sun Jan 02 00:33:38 2005 => Scanning File C:\bases\kavss.exe Sun Jan 02 00:33:38 2005 => Scanning File C:\bases\Getvlist.exe Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\kavss.dll Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\kavssdi.dll Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\kavssi.dll Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\kavvlg.dll Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\msvlclnt.dll Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\ipc.dll Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\main.avi Sun Jan 02 00:33:39 2005 => Scanning File C:\bases\virus.avi Sun Jan 02 00:33:39 2005 => Virus Database Date: 2005/01/02 Sun Jan 02 00:33:39 2005 => Virus Database Count: 114553 Sun Jan 02 00:33:56 2005 => ********************************************************** Sun Jan 02 00:33:56 2005 => eScan AntiVirus Toolkit Utility. Sun Jan 02 00:33:56 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sun Jan 02 00:33:56 2005 => Sun Jan 02 00:33:56 2005 => Support: support@mwti.net Sun Jan 02 00:33:56 2005 => Web: http://www.mwti.net Sun Jan 02 00:33:56 2005 => ********************************************************** Sun Jan 02 00:33:56 2005 => Version 4.1.9 Sun Jan 02 00:33:56 2005 => Log File: C:\bases\mwav.log Sun Jan 02 00:33:56 2005 => Latest Date of files inside MWAV: 02 Jan 2005 01:02:06. Sun Jan 02 00:33:56 2005 => Options Selected by User: Sun Jan 02 00:33:56 2005 => Memory Check: Enabled Sun Jan 02 00:33:56 2005 => Registry Check: Enabled Sun Jan 02 00:33:56 2005 => StartUp Folder Check: Enabled Sun Jan 02 00:33:56 2005 => System Folder Check: Disabled Sun Jan 02 00:33:56 2005 => System Area Check: Disabled Sun Jan 02 00:33:56 2005 => Services Check: Enabled Sun Jan 02 00:33:56 2005 => Drive Check Option Disabled Sun Jan 02 00:33:56 2005 => Scanning Type: Scan And Clean Sun Jan 02 00:33:56 2005 => Folder Check: Disabled Sun Jan 02 00:33:56 2005 => ***** Scanning Memory Files ***** Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\system32\services.exe Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\system32\lsass.exe Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:33:56 2005 => Scanning File D:\Programme\Sygate\SPF\smc.exe Sun Jan 02 00:33:56 2005 => Scanning File C:\WINDOWS\Explorer.EXE Sun Jan 02 00:33:57 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\LaunchAp.exe Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\HOTKEY~1.EXE Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\OSD.exe Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\Wbutton.exe Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\realmon.exe Sun Jan 02 00:33:57 2005 => Scanning File C:\WINDOWS\SOUNDMAN.EXE Sun Jan 02 00:33:57 2005 => Scanning File C:\Programme\Synaptics\SynTP\SynTPLpr.exe Sun Jan 02 00:33:57 2005 => Scanning File C:\Programme\Synaptics\SynTP\SynTPEnh.exe Sun Jan 02 00:33:57 2005 => Scanning File C:\WINDOWS\System32\PRISMSTA.EXE Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WORKSS~1\WkUFind.exe Sun Jan 02 00:33:57 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE Sun Jan 02 00:33:57 2005 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe Sun Jan 02 00:33:58 2005 => Scanning File D:\PROGRA~1\Roxio\WINONC~1\DirectCD\DirectCD.exe Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\BROWSE~1\mouse32a.exe Sun Jan 02 00:33:58 2005 => Scanning File C:\WINDOWS\PL15Co2K.exe Sun Jan 02 00:33:58 2005 => Scanning File D:\ACRONI~1\TRUEIM~3.EXE Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Acronis\SCHEDU~1\schedhlp.exe Sun Jan 02 00:33:58 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe Sun Jan 02 00:33:58 2005 => Scanning File C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe Sun Jan 02 00:33:58 2005 => Scanning File C:\Programme\HP\hpcoretech\hpcmpmgr.exe Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWUSC~1.EXE Sun Jan 02 00:33:58 2005 => Scanning File C:\WINDOWS\System32\ctfmon.exe Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe Sun Jan 02 00:33:58 2005 => Scanning File C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Acronis\SCHEDU~1\schedul2.exe Sun Jan 02 00:33:59 2005 => Scanning File C:\WINDOWS\SYSTEM32\GEARSEC.EXE Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoRpc.exe Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoRT.exe Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoTask.exe Sun Jan 02 00:33:59 2005 => Scanning File C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe Sun Jan 02 00:33:59 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe Sun Jan 02 00:33:59 2005 => Scanning File C:\WINDOWS\System32\nvsvc32.exe Sun Jan 02 00:33:59 2005 => Scanning File C:\WINDOWS\System32\HotFixQ0306270.exe Sun Jan 02 00:33:59 2005 => Scanning File C:\WINDOWS\System32\wuauclt.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\System32\wuauclt.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\system32\NOTEPAD.EXE Sun Jan 02 00:34:00 2005 => Scanning File C:\bases\mwavscan.com Sun Jan 02 00:34:00 2005 => Scanning File C:\bases\kavss.exe Sun Jan 02 00:34:00 2005 => ***** Scanning Registry Files ***** Sun Jan 02 00:34:00 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\Explorer.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\system32\userinit.exe Sun Jan 02 00:34:00 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\LaunchAp.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\HOTKEY~1.EXE Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\OSD.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\Wbutton.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\LAUNCH~1\CtrlVol.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\System32\VOBREGCheck.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\realmon.exe Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE Sun Jan 02 00:34:00 2005 => Scanning File C:\WINDOWS\system32\nwiz.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\SOUNDMAN.EXE Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\Synaptics\SynTP\SynTPLpr.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\Synaptics\SynTP\SynTPEnh.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\System32\PSDrvCheck.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\system32\PRISMSTA.EXE Sun Jan 02 00:34:01 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WORKSS~1\WkUFind.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe Sun Jan 02 00:34:01 2005 => Scanning File D:\PROGRA~1\Roxio\WINONC~1\DirectCD\DirectCD.exe Sun Jan 02 00:34:01 2005 => ERROR!!! Invalid Entry PPMemCheck = D:\PROGRA~1\PESTPA~1\PPMemCheck.exe. Removing it. Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\PL15Co2K.exe Sun Jan 02 00:34:01 2005 => Scanning File D:\PROGRA~1\Sygate\SPF\smc.exe Sun Jan 02 00:34:01 2005 => Scanning File D:\ACRONI~1\TRUEIM~3.EXE Sun Jan 02 00:34:01 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Acronis\SCHEDU~1\schedhlp.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\Programme\HP\hpcoretech\hpcmpmgr.exe Sun Jan 02 00:34:01 2005 => Scanning File C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWUSC~1.EXE Sun Jan 02 00:34:01 2005 => Scanning File H:\TROJAN~1.0\THGuard.exe Sun Jan 02 00:34:02 2005 => Scanning File H:\AVPersonal\AVGNT.EXE Sun Jan 02 00:34:02 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sun Jan 02 00:34:02 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sun Jan 02 00:34:02 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sun Jan 02 00:34:02 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\ctfmon.exe Sun Jan 02 00:34:02 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sun Jan 02 00:34:02 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sun Jan 02 00:34:02 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sun Jan 02 00:34:02 2005 => Scanning HKCR\txtfile\shell\open\command Sun Jan 02 00:34:02 2005 => Scanning HKCR\comfile\shell\open\command Sun Jan 02 00:34:02 2005 => Scanning HKCR\exefile\shell\open\command Sun Jan 02 00:34:02 2005 => Scanning HKCR\dllfile\shell\open\command Sun Jan 02 00:34:02 2005 => Scanning HKCR\batfile\shell\open\command Sun Jan 02 00:34:02 2005 => Scanning HKCR\piffile\shell\open\command Sun Jan 02 00:34:02 2005 => Scanning HKCR\scrfile\shell\open\command Sun Jan 02 00:34:02 2005 => Scanning HKCR\scrfile\shell\config\command Sun Jan 02 00:34:02 2005 => Scanning HKCR\regfile\shell\open\command Sun Jan 02 00:34:02 2005 => ***** Scanning StartUp Folders ***** Sun Jan 02 00:34:02 2005 => ***** Scanning C:\Dokumente und Einstellungen\cdolphin\Startmenü\Programme\Autostart Folder ***** Sun Jan 02 00:34:02 2005 => Scanning Folder: C:\Dokumente und Einstellungen\cdolphin\Startmenü\Programme\Autostart\*.* Sun Jan 02 00:34:02 2005 => Scanning File C:\Dokumente und Einstellungen\cdolphin\Startmenü\Programme\Autostart\desktop.ini [**] Sun Jan 02 00:34:02 2005 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder ***** Sun Jan 02 00:34:02 2005 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.* Sun Jan 02 00:34:02 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk Sun Jan 02 00:34:02 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**] Sun Jan 02 00:34:02 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Mountit.lnk Sun Jan 02 00:34:02 2005 => ***** Scanning Service Files ***** Sun Jan 02 00:34:02 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPIEC.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Acronis\SCHEDU~1\schedul2.exe Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\drivers\aec.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\agp440.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\drivers\ALCXWDM.SYS Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\alg.exe Sun Jan 02 00:34:02 2005 => Scanning File H:\AVPersonal\AVGUARD.EXE Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\arp1394.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\Drivers\ASAPIW2K.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys Sun Jan 02 00:34:02 2005 => Scanning File H:\AVPERSONAL\AVGNTDD.SYS Sun Jan 02 00:34:02 2005 => Scanning File H:\AVPersonal\AVWUPSRV.EXE Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:02 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\btaudio.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\btport.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\btkrnl.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\by the way.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\Drivers\by the way.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\c2scsi.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\CCDECODE.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\system32\cisvc.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\system32\clipsrv.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\CmBatt.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\compbatt.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\d347bus.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\Drivers\d347prt.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\dmadmin.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\ENTECH.SYS Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:03 2005 => Scanning File C:\WINDOWS\system32\services.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\system32\fxssvc.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\GEARSEC.EXE Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\giveio.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\DOKUME~1\CDOLPHIN\LOKALE~1\TEMP\GSPLITTM.SYS Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\imapi.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\imapi.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoRpc.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoRT.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\PROGRA~1\CA\ETRUST~1\InoTask.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\Drivers\ino_flpy.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\INO_FLTR.SYS Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\IntelC51.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\IntelC52.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\IntelC53.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\irda.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys Sun Jan 02 00:34:04 2005 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MODEMCSA.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mohfilt.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\msdtc.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\msiexec.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\drivers\MSTEE.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\NdisIP.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\system32\netdde.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\system32\netdde.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nic1394.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nscirda.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nv4_mini.sys Sun Jan 02 00:34:05 2005 => Scanning File C:\WINDOWS\System32\nvsvc32.exe Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ohci1394.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pcmcia.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\drivers\pfc.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\HotFixQ0306270.exe Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\system32\services.exe Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\PRISMA00.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\drivers\prodrv06.sys Sun Jan 02 00:34:06 2005 => Scanning File C:\WINDOWS\System32\drivers\prohlp02.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\drivers\prosync1.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\system32\lsass.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasirda.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\system32\sessmgr.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\Drivers\RootMdm.sys Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\locator.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\rsvp.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\R8139n51.SYS Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\system32\lsass.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\sfhlp01.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sfloppy.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\SLIP.sys Sun Jan 02 00:34:12 2005 => Scanning File D:\Programme\Sygate\SPF\smc.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\snapman.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\StreamIP.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\PROGRAMME\SYMANTEC\SYMEVENT.SYS Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\SynTP.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\drivers\tifm.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\tifsfilt.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\timntr.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\wdfmgr.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\ups.exe Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Sun Jan 02 00:34:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\uscbs108.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\uscsc108.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\drivers\vga.sys Sun Jan 02 00:34:13 2005 => ERROR!!! Invalid Entry in SYSTEM\CurrentControlSet\Services\vsdatant... Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\vssvc.exe Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys Sun Jan 02 00:34:13 2005 => ERROR!!! Invalid Entry System32\DRIVERS\wanatw4.sys in SYSTEM\CurrentControlSet\Services\wanatw... Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\system32\drivers\Wbutton.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\WPSDRVNT.SYS Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jan 02 00:34:13 2005 => ***** Scanning Important System Files ***** Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\winsock.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\ws2help.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\ws2_32.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wscript.exe Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshatm.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshcon.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshde.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshext.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wship6.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshirda.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshisn.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshnetbs.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshom.ocx Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\WshRm.dll Sun Jan 02 00:34:13 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\wsnmp32.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\wsock32.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\wstdecod.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\explorer.exe Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\explorer.scf Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\NOTEPAD.EXE Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\notepad.exe Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\cmd.exe Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\kernel32.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\ntoskrnl.exe Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\ntkrnlpa.exe Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\hal.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\win32k.sys Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\ntdll.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\advapi32.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\user32.dll Sun Jan 02 00:34:14 2005 => Scanning File C:\WINDOWS\System32\gdi32.dll Sun Jan 02 00:34:15 2005 => Scanning File C:\WINDOWS\System32\bootvid.dll Sun Jan 02 00:34:15 2005 => Scanning File C:\WINDOWS\System32\command.com Sun Jan 02 00:34:15 2005 => ***** Checking for specific ITW Viruses ***** Sun Jan 02 00:34:15 2005 => Checking for Welchia Virus... Sun Jan 02 00:34:15 2005 => Checking for LovGate Virus... Sun Jan 02 00:34:15 2005 => Checking for CodeRed Virus... Sun Jan 02 00:34:15 2005 => Checking for OpaServ Virus... Sun Jan 02 00:34:15 2005 => Checking for Sobig.e Virus... Sun Jan 02 00:34:15 2005 => Checking for Winupie Virus... Sun Jan 02 00:34:15 2005 => Checking for Swen Virus... Sun Jan 02 00:34:15 2005 => Checking for JS.Fortnight Virus... Sun Jan 02 00:34:15 2005 => Checking for Novarg Virus... Sun Jan 02 00:34:15 2005 => ***** Scanning complete. ***** Sun Jan 02 00:34:15 2005 => Total Number of Files Scanned: 345 Sun Jan 02 00:34:15 2005 => Total Number of Virus(es) Found: 0 Sun Jan 02 00:34:15 2005 => Total Number of Disinfected Files: 0 Sun Jan 02 00:34:15 2005 => Total Number of Files Renamed: 0 Sun Jan 02 00:34:15 2005 => Total Number of Deleted Files: 0 Sun Jan 02 00:34:15 2005 => Total Number of Errors: 3 Sun Jan 02 00:34:15 2005 => Time Elapsed: 00:00:18 Sun Jan 02 00:34:15 2005 => Virus Database Date: 2005/01/02 Sun Jan 02 00:34:15 2005 => Virus Database Count: 114553 Sun Jan 02 00:34:15 2005 => Scan Completed. HijackThis: Logfile of HijackThis v1.99.0 Scan saved at 00:32:53, on 02.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\PRISMSTA.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\DirectCD.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\WINDOWS\PL15Co2K.exe D:\Acronis True Image\TrueImageMonitor.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\HotFixQ0306270.exe C:\WINDOWS\System32\wuauclt.exe H:\hijack\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [OSD] C:\Programme\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "D:\Acronis True Image\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [THGuard] "H:\TrojanHunter 4.0\THGuard.exe" O4 - HKLM\..\Run: [AVGCtrl] "H:\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Mountit.lnk = D:\Programme\Roxio\WinOnCD 6 DVD\MountIt.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {103DFAE7-50CC-41FC-9D57-1A4BCA0DFD87} (Upload Control) - https://img.web.de/v/mail/mms/activex/mms_upload_1104.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093210330906 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - H:\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - H:\AVPersonal\AVWUPSRV.EXE O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Prolific HotFix Q0306270 - Unknown - C:\WINDOWS\System32\HotFixQ0306270.exe O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - D:\Programme\Sygate\SPF\smc.exe O23 - Service: Speed Disk service - Acronis - (no file) Antivir meldete mir nun auch noch Krepper 3 und Stubby C.MistHatte vorher anderes Virenprogramm,was ja wohl gar nix getaugt hat.Was tun? |
|
|
||
02.01.2005, 12:57
...neu hier
Themenstarter Beiträge: 7 |
#4
Hallo,Nachmeldung:habe Start im abgesicherten Modus nun hingekriegt (nachdem der Laptop über Nacht aus war,hab ich's gleich probiert) und die Aktion utdszzet.exe löschen ausgeführt und die Temp Dateien bereinigt,wie du gesagt hast.
Die noname Toolbar,die ich erst übersehen habe,hab ich auch noch gefixed.Möchte aber nicht schon wieder 'n Logfile posten,vielleicht kannst ja das andere erstmal ansehen(?) und auch was zu diesen dummen Krepper3 und Stubby C Meldungen sagen?Bitte. |
|
|
||
02.01.2005, 18:36
Ehrenmitglied
Beiträge: 29434 |
#5
Hallo@cdolphin
Bekommst du denn noch Meldungen vom Krepper ? Das Log (wenigsten aeusserlich -> scheint sauber. (abgesehen vom: O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) du koenntest mal deinen bisherigen Virenscanner deaktivieren Lade: #Antivirus (free)-->warte den Installationsscan in aller Ruhe ab . dann konfiguriere den Scanner (aktiviere den Guard nicht) http://www.free-av.de/ [X] Speicher [X] Bootsektor Suchlaufwerke [ ] Unbekannte Bootsektoren melden [X] Alle Dateien [ ] Programmdateien gehe in den abgesicherten Modus und mache einen Komplettscann (und poste mir das Scanlog) dann kannst du den Antivirus wieder deinstallieren und deinen eTrust aktivieren. ------------------------------------------------------------------------------------------ #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Ad-Aware SE Settings =========================== Festlegen : Nach unbedeutenden Risikoeinträgen suchen Festlegen : Sicherer Modus (stets Bestätigung abfragen) Festlegen : Aktive Prozesse scannen Festlegen : Registrierung scannen Festlegen : Registrierung gründlich scannen Festlegen : IE-Favoriten nach gesperrten URLs durchsuchen Festlegen : Hosts-Datei scannen Extended Ad-Aware SE Settings =========================== Festlegen : Ident. Proz./Mod. beim Scanning aus Speicher entf. Festlegen : Reg. f. für alle Benutzer (nicht nur f. akt. Ben.) scannen Festlegen : Vor dem Löschen stets versuchen, Module aus dem Speicher zu entfernen Festlegen : Explorer/IE b. Löschen ggf. beenden und aus Speicher entf. Festlegen : Geöffnete Dateien beim nächsten Neustart von Windows löschen lassen Festlegen : Nach der Wiederherstellung Objekte unter Quarantäne löschen Festlegen : Grundlegende Ad-Aware-Einstellungen protokollieren Festlegen : Erweiterte Ad-Aware-Einstellungen protokollieren Festlegen : Referenz-Zusammenfassung protokollieren Festlegen : Details zu alternativen Datenströmen protokollieren Festlegen : Wenn kritische Objekte identifiziert wurden, Scanlauf durch akustisches Signal abschließen poste ebenfalls das Scanlog __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 02.01.2005 um 18:39 Uhr von Sabina editiert.
|
|
|
||
02.01.2005, 18:54
...neu hier
Themenstarter Beiträge: 7 |
#6
Also nein Krepper meldet sich nicht,hab ihn nur gefunden,weil ich Antivir gezogen und laufen gelassen hab.Antivir kann ihn aber nicht entfernen.Etrust hab ich komplett deinstalliert,da es eh gar nix gemeldet hat.
Hab nun auch ewido laufen lassen und ich glaub der hat den Stubby gekillt(muß erst nochmal scannen) Hab auch ad-aware 6.0 und spybot laufen lassen.Muß es denn ad-aware se personal sein?Ist das noch besser? Wenn ja mach ich's natürlich. |
|
|
||
02.01.2005, 22:35
...neu hier
Themenstarter Beiträge: 7 |
#7
Ok,abgesicherter Modus hat mal wieder nicht geklappt,weiß auch nicht warum das nicht immer hinhaut.Aber Ad-Aware SE hab gezogen und laufen lassen.Da hab ich nicht schlecht gestaunt:120 critical Objects gemeldet
Ad-Aware SE Build 1.05 Logfile Created on:Sonntag, 2. Januar 2005 22:11:21 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R24 29.12.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:8):1 total references Alexa(TAC index:5):3 total references AltnetBDE(TAC index:4):31 total references BlazeFind(TAC index:5):9 total references CoolWebSearch(TAC index:10):16 total references MRU List(TAC index:0):41 total references Other(TAC index:5):1 total references Possible Browser Hijack attempt(TAC index:3):6 total references TopMoxie(TAC index:3):2 total references Tracking Cookie(TAC index:3):41 total references VX2(TAC index:10):10 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 02.01.2005 22:11:21 - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 604 ThreadCreationTime : 02.01.2005 21:00:38 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 696 ThreadCreationTime : 02.01.2005 21:00:45 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 720 ThreadCreationTime : 02.01.2005 21:00:48 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 764 ThreadCreationTime : 02.01.2005 21:00:48 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 776 ThreadCreationTime : 02.01.2005 21:00:48 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 936 ThreadCreationTime : 02.01.2005 21:00:49 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 960 ThreadCreationTime : 02.01.2005 21:00:49 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [smc.exe] FilePath : D:\Programme\Sygate\SPF\ ProcessID : 1108 ThreadCreationTime : 02.01.2005 21:00:50 BasePriority : Normal FileVersion : 5.5.00.2710 ProductVersion : 5.5.00.2710 ProductName : Sygate® Security Agent and Personal Firewall CompanyName : Sygate Technologies, Inc. FileDescription : Sygate Agent Firewall InternalName : Smc LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved. OriginalFilename : Smc.EXE #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1176 ThreadCreationTime : 02.01.2005 21:00:55 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1292 ThreadCreationTime : 02.01.2005 21:00:55 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1300 ThreadCreationTime : 02.01.2005 21:00:56 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1476 ThreadCreationTime : 02.01.2005 21:00:56 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [launchap.exe] FilePath : C:\Programme\Launch Manager\ ProcessID : 1736 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : LaunchAp Application FileDescription : LaunchAp MFC Application InternalName : LaunchAp LegalCopyright : Copyright (C) 2001 OriginalFilename : LaunchAp.EXE #:14 [hotkeyapp.exe] FilePath : C:\Programme\Launch Manager\ ProcessID : 1744 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 1, 0, 5, 0 ProductVersion : 1, 0, 5, 0 ProductName : Wistron HotkeyApp CompanyName : Wistron FileDescription : HotkeyApp InternalName : HotkeyApp LegalCopyright : Copyright c 2002 OriginalFilename : HotkeyApp.exe #:15 [osd.exe] FilePath : C:\Programme\Launch Manager\ ProcessID : 1760 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : On Screen Display CompanyName : Wistron FileDescription : On Screen Display InternalName : OSD LegalCopyright : Copyright c 2002 OriginalFilename : OSD.exe #:16 [wbutton.exe] FilePath : C:\Programme\Launch Manager\ ProcessID : 1772 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 1, 0, 2, 5 ProductVersion : 1, 0, 2, 5 ProductName : WButton Application FileDescription : WButton MFC Application InternalName : WButton LegalCopyright : Copyright (C) 2001 OriginalFilename : WButton.EXE #:17 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 1844 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 5.1.00 ProductVersion : 5.1.00 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager #:18 [syntplpr.exe] FilePath : C:\Programme\Synaptics\SynTP\ ProcessID : 1872 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 7.5.5 24Apr03 ProductVersion : 7.5.5 24Apr03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003 OriginalFilename : SynTPLpr.exe #:19 [syntpenh.exe] FilePath : C:\Programme\Synaptics\SynTP\ ProcessID : 1884 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 7.5.5 24Apr03 ProductVersion : 7.5.5 24Apr03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003 OriginalFilename : SynTPEnh.exe #:20 [prismsta.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1936 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 1.00.20 ProductVersion : 1.00.20.0083 ProductName : PRISM Wireless LAN CompanyName : Intersil Americas Inc. FileDescription : PRISM Status Tray Applet InternalName : PRISMSTA.exe LegalCopyright : Copyright © 2003, Intersil Americas Inc. OriginalFilename : PRISMSTA.exe Comments : Developer build. by : Administrator #:21 [wkufind.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\ ProcessID : 1964 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 7.00.0617.0 ProductVersion : 7.00.0617.0 ProductName : Update Detection Module CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works-Aktualisierungserkennung InternalName : WkUFind LegalCopyright : Copyright © 1987-2002 Microsoft Corporation. OriginalFilename : WkUFind.exe #:22 [realsched.exe] FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\ ProcessID : 1976 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 0.1.0.1622 ProductVersion : 0.1.0.1622 ProductName : RealOne Player (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:23 [jusched.exe] FilePath : C:\Programme\Java\j2re1.4.2_03\bin\ ProcessID : 1992 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal #:24 [directcd.exe] FilePath : D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\ ProcessID : 2000 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 5.3.2.34 ProductVersion : 5.3.2.34 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc. OriginalFilename : Directcd.exe #:25 [mouse32a.exe] FilePath : C:\Programme\Browser MOUSE\ ProcessID : 2008 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 3.0.1.0 ProductVersion : 3.0.0.0 LegalCopyright : Copyright 2001 by LEE,WEI-BIN. #:26 [pl15co2k.exe] FilePath : C:\WINDOWS\ ProcessID : 2024 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 1, 0, 0, 7 ProductVersion : 1, 0, 0, 1 ProductName : Hi-Speed USB Flash Disk CompanyName : Prolific Technology Inc. FileDescription : USB Flash Disk Application InternalName : POMELO LegalCopyright : Copyright (C) 2003 Prolific Technology Inc. OriginalFilename : POMELO.exe #:27 [trueimagemonitor.exe] FilePath : D:\Acronis True Image\ ProcessID : 2044 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 7,0,0,611 ProductVersion : 7,0,0,611 ProductName : Acronis True Image CompanyName : Acronis FileDescription : TrueImage InternalName : TrueImageMonitor LegalCopyright : Copyright (C) 2000-2003 Acronis. LegalTrademarks : Acronis OriginalFilename : TrueImageMonitor.exe Comments : Acronis True Image #:28 [schedhlp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\ ProcessID : 212 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 1,0,0,35 ProductVersion : 1,0,0,35 ProductName : Acronis Scheduler Helper CompanyName : Acronis FileDescription : Acronis Scheduler Helper InternalName : Scheduler Helper LegalCopyright : Copyright (C) 2000-2003 Acronis LegalTrademarks : Acronis OriginalFilename : schedhlp.exe Comments : Acronis Scheduler Helper #:29 [toadimon.exe] FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ ProcessID : 256 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 2.16.10 ProductVersion : 2.00 ProductName : Marmiko IT-Solutions GmbH DialAssistent Component CompanyName : Marmiko IT-Solutions GmbH FileDescription : T-Online Verbindungsassistent InternalName : ToADiMon LegalCopyright : Copyright © Marmiko IT-Solutions GmbH 2000-2004, Copyright © T-Online International AG 2001-2004 OriginalFilename : ToADiMon.EXE #:30 [hpztsb10.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ProcessID : 272 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 2.323.0.0 ProductVersion : 2.323.0.0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2004 #:31 [hpcmpmgr.exe] FilePath : C:\Programme\HP\hpcoretech\ ProcessID : 280 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 2.1.1.0 ProductVersion : 2.1.4 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003 OriginalFilename : HpCmpMgr.exe #:32 [hpwuschd2.exe] FilePath : C:\Programme\Hewlett-Packard\HP Software Update\ ProcessID : 316 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 5, 0, 0, 0 ProductVersion : 5, 0, 0, 0 ProductName : HP Software Update Application CompanyName : Hewlett-Packard Company FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright © 2003 OriginalFilename : hpwuSchd.exe #:33 [avgnt.exe] FilePath : H:\AVPersonal\ ProcessID : 336 ThreadCreationTime : 02.01.2005 21:01:02 BasePriority : Normal #:34 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 340 ThreadCreationTime : 02.01.2005 21:01:02 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:35 [bttray.exe] FilePath : C:\Programme\WIDCOMM\Bluetooth Software\ ProcessID : 568 ThreadCreationTime : 02.01.2005 21:01:03 BasePriority : Normal FileVersion : 1.3.2.7 ProductVersion : 1.3.2.7 ProductName : Bluetooth Software 1.3.2.7 FileDescription : Bluetooth Tray Application InternalName : BTTray LegalCopyright : Copyright 2000-2002. OriginalFilename : BTTray.exe #:36 [btstackserver.exe] FilePath : C:\Programme\WIDCOMM\Bluetooth Software\ ProcessID : 692 ThreadCreationTime : 02.01.2005 21:01:03 BasePriority : Normal FileVersion : 1.3.2.7 ProductVersion : 1.3.2.7 ProductName : Bluetooth Software 1.3.2.7 FileDescription : Bluetooth Stack COM Server InternalName : BTStackServer LegalCopyright : Copyright 2000-2002. OriginalFilename : BTStackServer.exe #:37 [schedul2.exe] FilePath : C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\ ProcessID : 2924 ThreadCreationTime : 02.01.2005 21:02:06 BasePriority : Normal FileVersion : 1,0,0,35 ProductVersion : 1,0,0,35 ProductName : Acronis Scheduler 2 CompanyName : Acronis FileDescription : Acronis Scheduler 2 InternalName : Scheduler2 LegalCopyright : Copyright (C) 2000-2003 Acronis LegalTrademarks : Acronis OriginalFilename : schedul2.exe Comments : Acronis Scheduler 2 #:38 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2944 ThreadCreationTime : 02.01.2005 21:02:06 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:39 [avguard.exe] FilePath : H:\AVPersonal\ ProcessID : 2964 ThreadCreationTime : 02.01.2005 21:02:06 BasePriority : Normal #:40 [avwupsrv.exe] FilePath : H:\AVPersonal\ ProcessID : 3012 ThreadCreationTime : 02.01.2005 21:02:07 BasePriority : Normal #:41 [ewidoctrl.exe] FilePath : J:\Programme\ewido\security suite\ ProcessID : 3056 ThreadCreationTime : 02.01.2005 21:02:07 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:42 [gearsec.exe] FilePath : C:\WINDOWS\SYSTEM32\ ProcessID : 3164 ThreadCreationTime : 02.01.2005 21:02:09 BasePriority : Normal FileVersion : 1, 0, 0, 6 ProductVersion : 1, 0, 0, 6 ProductName : gearsec CompanyName : GEAR Software FileDescription : gearsec InternalName : gearsec LegalCopyright : Copyright © 2001-2003 GEAR Software OriginalFilename : gearsec.exe #:43 [logwatnt.exe] FilePath : C:\Programme\CA\SharedComponents\CA_LIC\ ProcessID : 3184 ThreadCreationTime : 02.01.2005 21:02:09 BasePriority : Normal FileVersion : 1.52 ProductVersion : 1, 0, 0, 1 ProductName : Computer Associates LogWatNT CompanyName : Computer Associates FileDescription : LogWatNT InternalName : LogWatNT LegalCopyright : Copyright © 2002 OriginalFilename : LogWatNT.exe #:44 [mdm.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\ ProcessID : 3200 ThreadCreationTime : 02.01.2005 21:02:09 BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:45 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3232 ThreadCreationTime : 02.01.2005 21:02:09 BasePriority : Normal FileVersion : 6.14.10.4487 ProductVersion : 6.14.10.4487 ProductName : NVIDIA Driver Helper Service, Version 44.87 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 44.87 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:46 [hotfixq0306270.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3344 ThreadCreationTime : 02.01.2005 21:02:12 BasePriority : Normal #:47 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3388 ThreadCreationTime : 02.01.2005 21:02:13 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:48 [kernel.exe] FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\ ProcessID : 1188 ThreadCreationTime : 02.01.2005 21:02:41 BasePriority : Normal FileVersion : 1.38.0.1 ProductVersion : xx.xx.xx.xxxx ProductName : T-Online Basissoftware CompanyName : T-Online FileDescription : T-Online StartCenter 5.0 InternalName : T-Online Software LegalCopyright : Copyright 2001 OriginalFilename : kernel.exe #:49 [sc_watch.exe] FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\ ProcessID : 1260 ThreadCreationTime : 02.01.2005 21:02:43 BasePriority : Normal #:50 [profil~1.exe] FilePath : C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\ ProcessID : 2216 ThreadCreationTime : 02.01.2005 21:02:50 BasePriority : Normal FileVersion : 1.34.00.0002 ProductVersion : 5.00.00.0000 ProductName : T-Online Basissoftware CompanyName : T-Online FileDescription : T-Online Profilverwaltung InternalName : Profilemgr LegalCopyright : Copyright 2001 OriginalFilename : profilemgr.exe #:51 [browser.exe] FilePath : C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\ ProcessID : 2840 ThreadCreationTime : 02.01.2005 21:03:11 BasePriority : Normal FileVersion : 5, 3, 0, 34 ProductVersion : 5, 3, 0, 34 ProductName : T-Online Browser CompanyName : T-Online International AG FileDescription : T-Online Browser 5.0 InternalName : T-Online Browser 5.0 LegalCopyright : Copyright (C) T-Online International AG OriginalFilename : T-Online Browser 5.0 #:52 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3300 ThreadCreationTime : 02.01.2005 21:03:17 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:53 [ewidoguard.exe] FilePath : J:\Programme\ewido\security suite\ ProcessID : 3860 ThreadCreationTime : 02.01.2005 21:05:35 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : guard CompanyName : ewido networks FileDescription : guard InternalName : guard LegalCopyright : Copyright © 2004 OriginalFilename : guard.exe #:54 [ad-aware.exe] FilePath : D:\PROGRA~1\Lavasoft\AD-AWA~2\ ProcessID : 3672 ThreadCreationTime : 02.01.2005 21:08:14 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:55 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3324 ThreadCreationTime : 02.01.2005 21:09:48 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4.1 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm4.adm4.1 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25.1 AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\adm25.adm25.1 Value : AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\adm.exe Value : AppID AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe AltnetBDE Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\altnet signing module.exe Value : AppID BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : winadx.installer BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : winadx.installer Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar Value : NumRuns CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar Value : Next CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar Value : ID1 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar Value : ID2 CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg\searchbar Value : PanelNumber CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\serg CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sbsoft CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sbsoft Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sbsoft Value : UninstallString Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}" Rootkey : HKEY_USERS Object : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer\toolbar\webbrowser Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 29 Objects found so far: 29 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\nvidia corporation\global\nview\windowmanagement Description : nvidia nview cached application window positions MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\automap\9.0\findmru Description : list of recently used find queries used in microsoft automap-based products MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\player\recenturllist Description : list of recently used web addresses in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\mediaplayer\preferences Description : last search path used in microsoft windows media player MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\cdolphin\recent Description : list of recently opened documents Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@as-us.falkag[2].txt Category : Data Miner Comment : Hits:6 Value : Cookie:cdolphin@as-us.falkag.net/ Expires : 30.01.2005 18:12:24 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@adserver.geizkragen[1].txt Category : Data Miner Comment : Hits:4 Value : Cookie:cdolphin@adserver.geizkragen.de/ Expires : 16.01.2005 11:00:02 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@findwhat[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@findwhat.com/ Expires : 01.01.2020 01:00:02 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@bluestreak[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@bluestreak.com/ Expires : 25.12.2014 07:13:18 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@cxoadfarm.dyndns[1].txt Category : Data Miner Comment : Hits:16 Value : Cookie:cdolphin@cxoadfarm.dyndns.info/ Expires : 02.01.2006 15:28:32 LastSync : Hits:16 UseCount : 0 Hits : 16 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@realmedia[2].txt Category : Data Miner Comment : Hits:6 Value : Cookie:cdolphin@realmedia.com/ Expires : 01.01.2011 01:00:00 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@targetnet[1].txt Category : Data Miner Comment : Hits:11 Value : Cookie:cdolphin@targetnet.com/ Expires : 18.05.2033 04:33:20 LastSync : Hits:11 UseCount : 0 Hits : 11 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@adservervv.geizkragen[1].txt Category : Data Miner Comment : Hits:11 Value : Cookie:cdolphin@adservervv.geizkragen.de/ Expires : 03.01.2005 03:04:02 LastSync : Hits:11 UseCount : 0 Hits : 11 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@www7.paypopup[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@www7.paypopup.com/ Expires : 01.01.2005 16:42:56 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@please[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@ad2.de.mediainter.net/please/ Expires : 25.11.2005 11:41:16 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@cgi-bin[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@imrworldwide.com/cgi-bin Expires : 19.01.2009 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@excite[1].txt Category : Data Miner Comment : Hits:17 Value : Cookie:cdolphin@excite.de/ Expires : 01.01.2006 13:18:04 LastSync : Hits:17 UseCount : 0 Hits : 17 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@tripod[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:cdolphin@tripod.com/ Expires : 31.12.2005 16:36:34 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@gator[1].txt Category : Data Miner Comment : Hits:7 Value : Cookie:cdolphin@gator.com/ Expires : 01.03.2005 18:31:10 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@as1.falkag[2].txt Category : Data Miner Comment : Hits:14 Value : Cookie:cdolphin@as1.falkag.de/ Expires : 01.02.2005 14:32:12 LastSync : Hits:14 UseCount : 0 Hits : 14 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@partners.webmasterplan[1].txt Category : Data Miner Comment : Hits:83 Value : Cookie:cdolphin@partners.webmasterplan.com/ Expires : 01.02.2005 LastSync : Hits:83 UseCount : 0 Hits : 83 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@valueclick[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@valueclick.com/ Expires : 24.12.2029 14:49:44 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@tradedoubler[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:cdolphin@tradedoubler.com/ Expires : 03.01.2005 02:57:44 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@maxserving[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:cdolphin@maxserving.com/ Expires : 29.12.2014 16:35:12 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@z1.adserver[1].txt Category : Data Miner Comment : Hits:13 Value : Cookie:cdolphin@z1.adserver.com/ Expires : 02.01.2006 16:33:26 LastSync : Hits:13 UseCount : 0 Hits : 13 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@atdmt[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@atdmt.com/ Expires : 01.01.2010 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@advertising[1].txt Category : Data Miner Comment : Hits:2 Value : Cookie:cdolphin@advertising.com/ Expires : 30.12.2009 16:34:48 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@fastclick[1].txt Category : Data Miner Comment : Hits:7 Value : Cookie:cdolphin@fastclick.net/ Expires : 23.12.2006 15:54:46 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@2o7[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:cdolphin@2o7.net/ Expires : 30.12.2009 18:25:46 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@count.xhit[1].txt Category : Data Miner Comment : Hits:7 Value : Cookie:cdolphin@count.xhit.com/ Expires : 29.10.2005 14:58:54 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@servedby.advertising[2].txt Category : Data Miner Comment : Hits:47 Value : Cookie:cdolphin@servedby.advertising.com/ Expires : 31.01.2005 15:25:40 LastSync : Hits:47 UseCount : 0 Hits : 47 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@casalemedia[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:cdolphin@casalemedia.com/ Expires : 22.12.2005 11:39:48 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@doubleclick[1].txt Category : Data Miner Comment : Hits:4 Value : Cookie:cdolphin@doubleclick.net/ Expires : 02.01.2008 18:46:38 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@servedby.netshelter[1].txt Category : Data Miner Comment : Hits:12 Value : Cookie:cdolphin@servedby.netshelter.net/ Expires : 29.06.2021 14:48:54 LastSync : Hits:12 UseCount : 0 Hits : 12 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@adtech[2].txt Category : Data Miner Comment : Hits:5 Value : Cookie:cdolphin@adtech.de/ Expires : 31.12.2014 18:46:38 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@versiontracker[2].txt Category : Data Miner Comment : Hits:5 Value : Cookie:cdolphin@versiontracker.com/ Expires : 02.01.2007 14:06:16 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@tribalfusion[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@tribalfusion.com/ Expires : 01.01.2038 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@mediaplex[1].txt Category : Data Miner Comment : Hits:7 Value : Cookie:cdolphin@mediaplex.com/ Expires : 22.06.2009 01:00:00 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 33 Objects found so far: 103 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : File Data : barlinks.ini Category : Malware Comment : Object : C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\ CoolWebSearch Object Recognized! Type : File Data : links.ini Category : Malware Comment : Object : C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\ Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@partners.webmasterplan[1].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\cdolphin\Lokale Einstellungen\Temp\Cookies\cdolphin@partners.webmasterplan[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : ronja@2o7[2].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@2o7[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : ronja@adtech[2].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@adtech[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : ronja@casalemedia[2].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@casalemedia[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : ronja@count.xhit[1].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@count.xhit[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : ronja@partners.webmasterplan[2].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@partners.webmasterplan[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : ronja@sel.as-eu.falkag[1].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@sel.as-eu.falkag[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : ronja@statcounter[1].txt Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\ronja\Cookies\ronja@statcounter[1].txt VX2 Object Recognized! Type : File Data : Dc1.tcf Category : Malware Comment : Object : C:\RECYCLER\S-1-5-21-2236685999-2259171284-2586937267-1008\ FileVersion : 1, 0, 0, 12 ProductVersion : 1, 0, 0, 12 ProductName : Install Utility CompanyName : BetterInternet, Inc. FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software. InternalName : Install Utility LegalCopyright : BetterInternet, Inc. © 2004 OriginalFilename : InstUtil.exe Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info. TopMoxie Object Recognized! Type : File Data : Dc5.exe Category : Data Miner Comment : Object : C:\RECYCLER\S-1-5-21-2236685999-2259171284-2586937267-1008\ BlazeFind Object Recognized! Type : File Data : Key2.txt Category : Malware Comment : Object : C:\WINDOWS\ AltnetBDE Object Recognized! Type : File Data : Setup.exe Category : Data Miner Comment : Object : C:\WINDOWS\Temp\Altnet\ FileVersion : 1, 0, 4, 13 ProductVersion : 1, 0, 0, 0 ProductName : AltnetInstaller CompanyName : Altnet FileDescription : AltnetInstaller InternalName : AltnetInstaller LegalCopyright : Copyright © 2003 OriginalFilename : AltnetInstaller.exe Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 117 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 3 entries scanned. New critical objects:0 Objects found so far: 117 Possible Browser Hijack attempt Object Recognized! Type : File Data : Cra*hier nicht!*.com - keyg*hier nicht*, patches, crackz....url Category : Misc Comment : Problematic URL discovered: http://Cra*hier nicht!*.com Object : C:\Dokumente und Einstellungen\cdolphin\Favoriten\Cra*hier nicht!*\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Cra*hier nicht!*.US - Cra*hier nicht!* search engine.url Category : Misc Comment : Problematic URL discovered: http://www.Cra*hier nicht!*.us Object : C:\Dokumente und Einstellun |
|
|
||
02.01.2005, 23:46
...neu hier
Themenstarter Beiträge: 7 |
#8
Hallo nochmal,hab mit Antivir gescannt,allerdings nicht im abgesicherten Modus(klappte ja irgendwie nicht),sondern im Normalen und nochmal mit Ad-Aware Se nachgescannt.Keine Meldung in Antivir mehr zu Krepper oder Stubby.
Hier die aktuellen Logfiles: Erstellungsdatum der Reportdatei: Sonntag, 2. Januar 2005 22:35 AntiVir®/XP (2000 + NT) Personal Edition v6.29.00.03 vom 13.12.2004 VDF-Datei v6.29.0.44 (0) vom 31.12.2004 Dieses Programm ist nur für den PRIVATEN EINSATZ bestimmt. Jede andere Verwendung ist NICHT gestattet. Informationen über kommerzielle Versionen von AntiVir erhalten Sie bei: www.antivir.de. Es wird nach 94905 Viren bzw. unerwünschten Programmen gesucht. Lizenznehmer: AntiVir Personal Edition Seriennummer: 0000149996-ADJIE-0001 FUSE: Grundlizenz Bitte tragen Sie in dieses Formular den Rechnerstandort und den zuständigen Ansprechpartner mit Telefonnummer ein: Name ___________________________________________ Straße ___________________________________________ PLZ/Ort ___________________________________________ Telefon/Fax ___________________________________________ EMail ___________________________________________ Plattform: Windows NT Workstation Windows-Version: 5.1 Build 2600 (Service Pack 1) Benutzername: cdolphin Computername: JOKER Prozessor: Pentium Arbeitsspeicher: 523248 KB frei Versionsinformationen: AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58 AVEWIN32.DLL : v6.29.0.5 782848 15.12.2004 10:03:52 AVGNT.EXE : v6.28.00.02 127016 08.11.2004 08:12:44 AVGUARD.EXE : v6.29.00.03 241704 17.11.2004 14:44:04 GUARDMSG.DLL : v6.28.00.02 98344 30.09.2004 08:10:44 AVGCMSG.DLL : v6.28.00.02 266280 08.11.2004 08:12:44 AVGNTDD.SYS : v6.29.00.02 32560 10.12.2004 12:46:28 AVPACK32.DLL : v6, 28, 0, 4 303144 28.10.2004 10:37:46 AVGETVER.DLL : v6.22.00.00 24576 30.09.2004 08:10:40 AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58 AVSHLEXT.DLL : v6.22.00.00 57344 30.09.2004 08:10:42 AVSched32.EXE : v6.29.00.00 110632 19.11.2004 12:04:14 AVSched32.DLL : v6.28.00.01 122880 30.09.2004 08:10:42 AVREG.DLL : v6.27.00.01 41000 30.09.2004 08:10:42 AVRep.DLL : v6.29.00.44 839720 31.12.2004 10:24:50 INETUPD.EXE : v6.29.00.02 262203 23.11.2004 12:51:52 INETUPD.DLL : v6.29.00.02 159815 23.11.2004 12:51:52 CTL3D32.DLL : v2.31.000 27136 29.08.2002 13:00:00 MFC42.DLL : v6.00.8665.0 995383 29.08.2002 13:00:00 MSVCRT.DLL : v7.0.2600.1106 (xpsp1.020828-1920 MSVCRT.DLL : v7.0.2600.1106 323072 29.08.2002 13:00:00 CTL3DV2.DLL : v2.31.000 27632 14.07.1995 00:43:30 Konfigurationsdaten: Name der Konfigurationsdatei: H:\AVPersonal\AVWIN.INI Name der Reportdatei: H:\AVPersonal\LOGFILES\AVWIN.LOG Startpfad: H:\AVPersonal Kommandozeile: Startmodus: unbekannt Modus der Reportdatei: [ ] Kein Report erstellen [X] Report überschreiben [ ] Neuen Report anhängen Daten in Reportdatei: [X] Infizierte Dateien [ ] Infizierte Dateien mit Pfaden [ ] Alle durchsuchten Dateien [ ] Komplette Information Reportdatei kürzen: [ ] Reportdatei kürzen Warnungen im Report: [X] Zugriffsfehler/Datei gesperrt [X] Falsche Dateigröße im Verzeichnis [X] Falsche Erstellungszeit im Verzeichnis [ ] COM-Datei zu groß [X] Ungültige Startadresse [X] Ungültiger EXE-Header [X] Möglicherweise beschädigt Kurzreport: [X] Kurzreport erstellen Ausgabedatei: AVWIN.ACT Maximale Anzahl Einträge: 100 Wo zu suchen ist: [X] Speicher [X] Bootsektor Suchlaufwerke [ ] Unbekannte Bootsektoren melden [ ] Alle Dateien [X] Programmdateien Endungen: .386 .?HT* .ACM .ADE .ADP .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM . VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP Reaktion bei Fund: [X] Reparieren mit Rückfrage [ ] Reparieren ohne Rückfrage [ ] Löschen mit Rückfrage [ ] Löschen ohne Rückfrage [ ] Nur in Logdatei aufzeichnen [X] Akustische Warnung Reaktion bei defekten Dateien: [X] Löschen mit Rückfrage [ ] Löschen ohne Rückfrage [ ] Ignorieren Reaktion bei defekten Dateien: [X] Nicht verändern [ ] Aktuelle Systemzeit [ ] Datum korrigieren Drag&Drop-Einstellungen: [X] Unterverzeichnisse durchsuchen Profil-Einstellungen: [X] Unterverzeichnisse durchsuchen Einstellungen der Archive [X] Archive durchsuchen [X] Alle Archive-Typen Diverse Optionen: Temporärer Pfad: %TEMP% -> C:\DOKUME~1\cdolphin\LOKALE~1\Temp [X] Virulente Dateien überschreiben [ ] Leerlaufzeit entdecken [X] Stoppen der Prüfung zulassen [X] AVWin®/NT Guard beim Systemstart laden Allgemeine Einstellungen: [X] Einstellungen beim Beenden speichern Priorität: mittel Laufwerke: C: Festplatte D: Festplatte E: Festplatte F: CDRom G: CDRom H: Festplatte I: CDRom J: Festplatte K: Festplatte L: Diskettenlaufwerk Start des Suchlaufs: Sonntag, 2. Januar 2005 22:35 Speichertest OK Master-Bootsektor von Festplatte HD0 OK Master-Bootsektor von Festplatte HD1 OK Master-Bootsektor von Festplatte HD2 OK Bootsektor von Laufwerk C: OK C:\ hiberfil.sys Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! pagefile.sys Zugriff verweigert! Fehler beim Öffnen der Datei. Dies ist eine Auslagerungsdatei von Windows. Diese Datei ist von Windows gelockt. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery AlexaRelated.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt BlazeFindBrowserhelper.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt BlazeFindBrowserhelper1.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp1.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp2.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp3.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp4.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp5.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp6.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp7.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp8.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchCameUp9.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchToolband.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchWCADW.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt CoolWWWSearchWCADW1.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit1.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit10.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit11.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit12.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit13.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit14.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit15.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit16.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit17.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit18.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit19.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit2.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit20.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit21.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit22.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit23.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit24.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit25.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit26.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit27.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit28.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit29.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit3.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit30.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit31.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit32.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit33.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit34.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit4.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit5.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit6.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit7.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit8.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt DSOExploit9.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt GAINGator.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt GoldenPalaceCasino.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt nCase.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt nCase1.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt nCase2.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt nCase3.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt nCase4.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt VXf.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt VXf1.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt VXf2.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt VXf3.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt VXf4.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt VXf5.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt WebRebatesTopRebates.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt WebRebatesTopRebates1.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt WebRebatesTopRebates2.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt WebRebatesTopRebates3.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt WebRebatesTopRebates4.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt WebRebatesTopRebates5.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt WebRebatesTopRebates6.zip ArchiveType: ZIP HINWEIS! Das gesamte Archiv ist passwortgeschützt C:\Dokumente und Einstellungen\cdolphin\Eigene Dateien\Neuer Ordner mdp.exe Die Datei enthält Signatur des Scherzprogrammes Joke/MDP und wurde vom Benutzer unterdrückt. Fehler beim Wechsel in das Verzeichnis System Volume Information C:\WINDOWS\SoftwareDistribution\Download\fa6fb01ac82a6e60ca928c584157ebda hmmapi.dll Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! C:\WINDOWS\SoftwareDistribution\EventCache {15DD0689-44E6-45D4-B321-62BA03F05221}.bin Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! {69A352E8-529E-4252-A218-486F125C0433}.bin Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! C:\WINDOWS\system32 DETour.exe ArchiveType: ZIP SFX (self extracting) --> v2i.swf HINWEIS! Unerwartetes Dateiende erreicht --> computer.swf HINWEIS! Unerwartetes Dateiende erreicht --> Topic4.swf HINWEIS! Unerwartetes Dateiende erreicht --> Topic3.swf HINWEIS! Unerwartetes Dateiende erreicht --> Topic2.swf HINWEIS! Unerwartetes Dateiende erreicht --> Topic1.swf HINWEIS! Unerwartetes Dateiende erreicht --> Drive Image.swf HINWEIS! Unerwartetes Dateiende erreicht C:\WINDOWS\system32\config default Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! SAM Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! SECURITY Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! software Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! system Zugriff verweigert! Fehler beim Öffnen der Datei. Fehlercode: 0x000D WARNUNG! Zugriffsfehler/Datei gesperrt! Ende des Suchlaufs: Sonntag, 2. Januar 2005 23:36 Benötigte Zeit: 61:03 min 4958 Verzeichnisse wurden durchsucht 78782 Dateien wurden geprüft 10 Warnungen wurden ausgegeben 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Viren bzw. unerwünschte Programme wurden gefunden Ad-Aware SE Build 1.05 Logfile Created on:Sonntag, 2. Januar 2005 23:04:59 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R24 29.12.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):4 total references Tracking Cookie(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 02.01.2005 23:05:00 - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 604 ThreadCreationTime : 02.01.2005 21:00:38 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 696 ThreadCreationTime : 02.01.2005 21:00:45 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 720 ThreadCreationTime : 02.01.2005 21:00:48 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 764 ThreadCreationTime : 02.01.2005 21:00:48 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 776 ThreadCreationTime : 02.01.2005 21:00:48 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 936 ThreadCreationTime : 02.01.2005 21:00:49 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 960 ThreadCreationTime : 02.01.2005 21:00:49 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [smc.exe] FilePath : D:\Programme\Sygate\SPF\ ProcessID : 1108 ThreadCreationTime : 02.01.2005 21:00:50 BasePriority : Normal FileVersion : 5.5.00.2710 ProductVersion : 5.5.00.2710 ProductName : Sygate® Security Agent and Personal Firewall CompanyName : Sygate Technologies, Inc. FileDescription : Sygate Agent Firewall InternalName : Smc LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved. OriginalFilename : Smc.EXE #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1176 ThreadCreationTime : 02.01.2005 21:00:55 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1292 ThreadCreationTime : 02.01.2005 21:00:55 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1300 ThreadCreationTime : 02.01.2005 21:00:56 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1476 ThreadCreationTime : 02.01.2005 21:00:56 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [launchap.exe] FilePath : C:\Programme\Launch Manager\ ProcessID : 1736 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : LaunchAp Application FileDescription : LaunchAp MFC Application InternalName : LaunchAp LegalCopyright : Copyright (C) 2001 OriginalFilename : LaunchAp.EXE #:14 [hotkeyapp.exe] FilePath : C:\Programme\Launch Manager\ ProcessID : 1744 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 1, 0, 5, 0 ProductVersion : 1, 0, 5, 0 ProductName : Wistron HotkeyApp CompanyName : Wistron FileDescription : HotkeyApp InternalName : HotkeyApp LegalCopyright : Copyright c 2002 OriginalFilename : HotkeyApp.exe #:15 [osd.exe] FilePath : C:\Programme\Launch Manager\ ProcessID : 1760 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : On Screen Display CompanyName : Wistron FileDescription : On Screen Display InternalName : OSD LegalCopyright : Copyright c 2002 OriginalFilename : OSD.exe #:16 [wbutton.exe] FilePath : C:\Programme\Launch Manager\ ProcessID : 1772 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 1, 0, 2, 5 ProductVersion : 1, 0, 2, 5 ProductName : WButton Application FileDescription : WButton MFC Application InternalName : WButton LegalCopyright : Copyright (C) 2001 OriginalFilename : WButton.EXE #:17 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 1844 ThreadCreationTime : 02.01.2005 21:00:58 BasePriority : Normal FileVersion : 5.1.00 ProductVersion : 5.1.00 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager #:18 [syntplpr.exe] FilePath : C:\Programme\Synaptics\SynTP\ ProcessID : 1872 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 7.5.5 24Apr03 ProductVersion : 7.5.5 24Apr03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003 OriginalFilename : SynTPLpr.exe #:19 [syntpenh.exe] FilePath : C:\Programme\Synaptics\SynTP\ ProcessID : 1884 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 7.5.5 24Apr03 ProductVersion : 7.5.5 24Apr03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2003 OriginalFilename : SynTPEnh.exe #:20 [prismsta.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1936 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 1.00.20 ProductVersion : 1.00.20.0083 ProductName : PRISM Wireless LAN CompanyName : Intersil Americas Inc. FileDescription : PRISM Status Tray Applet InternalName : PRISMSTA.exe LegalCopyright : Copyright © 2003, Intersil Americas Inc. OriginalFilename : PRISMSTA.exe Comments : Developer build. by : Administrator #:21 [wkufind.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\ ProcessID : 1964 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 7.00.0617.0 ProductVersion : 7.00.0617.0 ProductName : Update Detection Module CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works-Aktualisierungserkennung InternalName : WkUFind LegalCopyright : Copyright © 1987-2002 Microsoft Corporation. OriginalFilename : WkUFind.exe #:22 [realsched.exe] FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\ ProcessID : 1976 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 0.1.0.1622 ProductVersion : 0.1.0.1622 ProductName : RealOne Player (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:23 [jusched.exe] FilePath : C:\Programme\Java\j2re1.4.2_03\bin\ ProcessID : 1992 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal #:24 [directcd.exe] FilePath : D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\ ProcessID : 2000 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 5.3.2.34 ProductVersion : 5.3.2.34 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright (c) 2001,2002, Roxio, Inc. OriginalFilename : Directcd.exe #:25 [mouse32a.exe] FilePath : C:\Programme\Browser MOUSE\ ProcessID : 2008 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 3.0.1.0 ProductVersion : 3.0.0.0 LegalCopyright : Copyright 2001 by LEE,WEI-BIN. #:26 [pl15co2k.exe] FilePath : C:\WINDOWS\ ProcessID : 2024 ThreadCreationTime : 02.01.2005 21:00:59 BasePriority : Normal FileVersion : 1, 0, 0, 7 ProductVersion : 1, 0, 0, 1 ProductName : Hi-Speed USB Flash Disk CompanyName : Prolific Technology Inc. FileDescription : USB Flash Disk Application InternalName : POMELO LegalCopyright : Copyright (C) 2003 Prolific Technology Inc. OriginalFilename : POMELO.exe #:27 [trueimagemonitor.exe] FilePath : D:\Acronis True Image\ ProcessID : 2044 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 7,0,0,611 ProductVersion : 7,0,0,611 ProductName : Acronis True Image CompanyName : Acronis FileDescription : TrueImage InternalName : TrueImageMonitor LegalCopyright : Copyright (C) 2000-2003 Acronis. LegalTrademarks : Acronis OriginalFilename : TrueImageMonitor.exe Comments : Acronis True Image #:28 [schedhlp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\ ProcessID : 212 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 1,0,0,35 ProductVersion : 1,0,0,35 ProductName : Acronis Scheduler Helper CompanyName : Acronis FileDescription : Acronis Scheduler Helper InternalName : Scheduler Helper LegalCopyright : Copyright (C) 2000-2003 Acronis LegalTrademarks : Acronis OriginalFilename : schedhlp.exe Comments : Acronis Scheduler Helper #:29 [toadimon.exe] FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ ProcessID : 256 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 2.16.10 ProductVersion : 2.00 ProductName : Marmiko IT-Solutions GmbH DialAssistent Component CompanyName : Marmiko IT-Solutions GmbH FileDescription : T-Online Verbindungsassistent InternalName : ToADiMon LegalCopyright : Copyright © Marmiko IT-Solutions GmbH 2000-2004, Copyright © T-Online International AG 2001-2004 OriginalFilename : ToADiMon.EXE #:30 [hpztsb10.exe] FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\ ProcessID : 272 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 2.323.0.0 ProductVersion : 2.323.0.0 ProductName : HP DeskJet CompanyName : HP LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2004 #:31 [hpcmpmgr.exe] FilePath : C:\Programme\HP\hpcoretech\ ProcessID : 280 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 2.1.1.0 ProductVersion : 2.1.4 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003 OriginalFilename : HpCmpMgr.exe #:32 [hpwuschd2.exe] FilePath : C:\Programme\Hewlett-Packard\HP Software Update\ ProcessID : 316 ThreadCreationTime : 02.01.2005 21:01:01 BasePriority : Normal FileVersion : 5, 0, 0, 0 ProductVersion : 5, 0, 0, 0 ProductName : HP Software Update Application CompanyName : Hewlett-Packard Company FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright © 2003 OriginalFilename : hpwuSchd.exe #:33 [avgnt.exe] FilePath : H:\AVPersonal\ ProcessID : 336 ThreadCreationTime : 02.01.2005 21:01:02 BasePriority : Normal #:34 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 340 ThreadCreationTime : 02.01.2005 21:01:02 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:35 [bttray.exe] FilePath : C:\Programme\WIDCOMM\Bluetooth Software\ ProcessID : 568 ThreadCreationTime : 02.01.2005 21:01:03 BasePriority : Normal FileVersion : 1.3.2.7 ProductVersion : 1.3.2.7 ProductName : Bluetooth Software 1.3.2.7 FileDescription : Bluetooth Tray Application InternalName : BTTray LegalCopyright : Copyright 2000-2002. OriginalFilename : BTTray.exe #:36 [btstackserver.exe] FilePath : C:\Programme\WIDCOMM\Bluetooth Software\ ProcessID : 692 ThreadCreationTime : 02.01.2005 21:01:03 BasePriority : Normal FileVersion : 1.3.2.7 ProductVersion : 1.3.2.7 ProductName : Bluetooth Software 1.3.2.7 FileDescription : Bluetooth Stack COM Server InternalName : BTStackServer LegalCopyright : Copyright 2000-2002. OriginalFilename : BTStackServer.exe #:37 [schedul2.exe] FilePath : C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\ ProcessID : 2924 ThreadCreationTime : 02.01.2005 21:02:06 BasePriority : Normal FileVersion : 1,0,0,35 ProductVersion : 1,0,0,35 ProductName : Acronis Scheduler 2 CompanyName : Acronis FileDescription : Acronis Scheduler 2 InternalName : Scheduler2 LegalCopyright : Copyright (C) 2000-2003 Acronis LegalTrademarks : Acronis OriginalFilename : schedul2.exe Comments : Acronis Scheduler 2 #:38 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2944 ThreadCreationTime : 02.01.2005 21:02:06 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:39 [avguard.exe] FilePath : H:\AVPersonal\ ProcessID : 2964 ThreadCreationTime : 02.01.2005 21:02:06 BasePriority : Normal #:40 [avwupsrv.exe] FilePath : H:\AVPersonal\ ProcessID : 3012 ThreadCreationTime : 02.01.2005 21:02:07 BasePriority : Normal #:41 [ewidoctrl.exe] FilePath : J:\Programme\ewido\security suite\ ProcessID : 3056 ThreadCreationTime : 02.01.2005 21:02:07 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:42 [gearsec.exe] FilePath : C:\WINDOWS\SYSTEM32\ ProcessID : 3164 ThreadCreationTime : 02.01.2005 21:02:09 BasePriority : Normal FileVersion : 1, 0, 0, 6 ProductVersion : 1, 0, 0, 6 ProductName : gearsec CompanyName : GEAR Software FileDescription : gearsec InternalName : gearsec LegalCopyright : Copyright © 2001-2003 GEAR Software OriginalFilename : gearsec.exe #:43 [logwatnt.exe] FilePath : C:\Programme\CA\SharedComponents\CA_LIC\ ProcessID : 3184 ThreadCreationTime : 02.01.2005 21:02:09 BasePriority : Normal FileVersion : 1.52 ProductVersion : 1, 0, 0, 1 ProductName : Computer Associates LogWatNT CompanyName : Computer Associates FileDescription : LogWatNT InternalName : LogWatNT LegalCopyright : Copyright © 2002 OriginalFilename : LogWatNT.exe #:44 [mdm.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\ ProcessID : 3200 ThreadCreationTime : 02.01.2005 21:02:09 BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:45 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3232 ThreadCreationTime : 02.01.2005 21:02:09 BasePriority : Normal FileVersion : 6.14.10.4487 ProductVersion : 6.14.10.4487 ProductName : NVIDIA Driver Helper Service, Version 44.87 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 44.87 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:46 [hotfixq0306270.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3344 ThreadCreationTime : 02.01.2005 21:02:12 BasePriority : Normal #:47 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3388 ThreadCreationTime : 02.01.2005 21:02:13 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:48 [kernel.exe] FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\ ProcessID : 1188 ThreadCreationTime : 02.01.2005 21:02:41 BasePriority : Normal FileVersion : 1.38.0.1 ProductVersion : xx.xx.xx.xxxx ProductName : T-Online Basissoftware CompanyName : T-Online FileDescription : T-Online StartCenter 5.0 InternalName : T-Online Software LegalCopyright : Copyright 2001 OriginalFilename : kernel.exe #:49 [sc_watch.exe] FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\ ProcessID : 1260 ThreadCreationTime : 02.01.2005 21:02:43 BasePriority : Normal #:50 [profil~1.exe] FilePath : C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\ ProcessID : 2216 ThreadCreationTime : 02.01.2005 21:02:50 BasePriority : Normal FileVersion : 1.34.00.0002 ProductVersion : 5.00.00.0000 ProductName : T-Online Basissoftware CompanyName : T-Online FileDescription : T-Online Profilverwaltung InternalName : Profilemgr LegalCopyright : Copyright 2001 OriginalFilename : profilemgr.exe #:51 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3300 ThreadCreationTime : 02.01.2005 21:03:17 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:52 [ewidoguard.exe] FilePath : J:\Programme\ewido\security suite\ ProcessID : 3860 ThreadCreationTime : 02.01.2005 21:05:35 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : guard CompanyName : ewido networks FileDescription : guard InternalName : guard LegalCopyright : Copyright © 2004 OriginalFilename : guard.exe #:53 [ad-aware.exe] FilePath : D:\PROGRA~1\Lavasoft\AD-AWA~2\ ProcessID : 3672 ThreadCreationTime : 02.01.2005 21:08:14 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:54 [avwin.exe] FilePath : H:\AVPersonal\ ProcessID : 3044 ThreadCreationTime : 02.01.2005 21:35:03 BasePriority : Normal FileVersion : 6.29.00.03 ProductVersion : 6.29.00.03 ProductName : AVWIN CompanyName : H+BEDV Datentechnik GmbH FileDescription : AVWIN.EXE InternalName : AVWIN.EXE LegalCopyright : Copyright © 1996-2004 by H+BEDV Datentechnik GmbH, Germany LegalTrademarks : AntiVir® is a registered trademark of H+BEDV Datentechnik GmbH, Germany OriginalFilename : AVWIN.EXE #:55 [taskmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1148 ThreadCreationTime : 02.01.2005 21:52:22 BasePriority : High FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Task-Manager InternalName : taskmgr LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : taskmgr.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2236685999-2259171284-2586937267-1008\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\cdolphin\recent Description : list of recently opened documents Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : cdolphin@mediaplex[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:cdolphin@mediaplex.com/ Expires : 22.06.2009 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 5 Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 3 entries scanned. New critical objects:0 Objects found so far: 5 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 23:36:43 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:31:43.563 Objects scanned:161614 Objects identified:1 Objects ignored:0 New critical objects:1 |
|
|
||
03.01.2005, 13:19
Ehrenmitglied
Beiträge: 29434 |
#9
Hallo@cdolphin
loesche: C:\RECYCLER\S-1-5-21-2236685999-2259171284-2586937267-1008\Dc5.exe C:\Dokumente und Einstellungen\cdolphin\Favoriten\Cra*hier nicht!*\ C:\WINDOWS\Temp\Altnet C:\WINDOWS\Key2.txt Data : barlinks.ini C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\ Data : links.ini Object : C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\ in der Registry: HKEY_LOCAL_MACHINE Object : software\180solutions HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sbsoft ------------------------------------------------------------------------------------------ #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs - Autovervollständigen-Einträge in Web-Formularen des IE (bisher nur Win9x/ME) - Download-Listen des Netscape/Opera MRU-Clear XP 1.2 Windows merkt sich von jedem Benutzer die zuletzt benutzten Dateien und ausgeführten Funktionen. Diese Einstellungen werden nicht in einer extra Datei, sondern in der Registrierdatenbank abgelegt. Auf diese MRU-Einträge der einzelnen USER kann aber auch ein anderer Benutzer über die Registry zugreifen und so feststellen, was der Anwender denn so als letztes auf seinem Rechner gemacht hat. Diese MRU-Listen können Sie mit MRU-Clear XP anzeigen und löschen. http://www.ok-s.de/download/download.html __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 03.01.2005 um 13:20 Uhr von Sabina editiert.
|
|
|
||
03.01.2005, 21:42
...neu hier
Themenstarter Beiträge: 7 |
#10
gelöscht:C:\RECYCLER\S-1-5-21-2236685999-2259171284-2586937267-1008\Dc5.exe
nicht gefunden oder vorhanden: C:\Dokumente und Einstellungen\cdolphin\Favoriten\Cra*hier nicht!*\ C:\WINDOWS\Key2.txt C:\WINDOWS\Temp\Altnet dafür gibt es einen Ordner: C.\programm files\altnet muß der weg? auch nicht in der Registry vorhanden: Object : software\microsoft\windows\currentversion\uninstall\sbsoft Object : software\180solutions weder im angegebenen Pfad,noch bei Eingabe unter "suchen" hab ich die gefunden,kann aber nochmal mit jv16 power tools suchen gleich nicht richtig verstanden hab ich: Data : barlinks.ini C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\ Data : links.ini Object : C:\Dokumente und Einstellungen\cdolphin\Anwendungsdaten\SBSoft\ was bedeutetata : barlinks.ini und Data : links.ini ? Habe nun ganzen Ordner SbSSoft gelöscht,war das falsch? Die beiden Proggis hab ich gezogen und möcht sie gleich ausführen Bin dir echt dankbar für deine Hilfe |
|
|
||
Logfile of HijackThis v1.99.0
Scan saved at 21:04:07, on 01.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\DirectCD.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\WINDOWS\PL15Co2K.exe
D:\Acronis True Image\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HotFixQ0306270.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
C:\WINDOWS\System32\wuauclt.exe
H:\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [OSD] C:\Programme\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Programme\Roxio\WinOnCD 6 DVD\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AcronisTrueImage Monitor] "D:\Acronis True Image\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [uirgaxbe] C:\WINDOWS\System32\utdszzet.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [THGuard] "H:\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Mountit.lnk = D:\Programme\Roxio\WinOnCD 6 DVD\MountIt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {A4E622F2-E8B8-4D8A-85BF-BEF80767C7C4} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {103DFAE7-50CC-41FC-9D57-1A4BCA0DFD87} (Upload Control) - https://img.web.de/v/mail/mms/activex/mms_upload_1104.cab
O16 - DPF: {10954C80-4F0F-11D3-B17C-00C0DFE39736} - http://hot.thebugs.ws/fav.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d4c187b953bfb46fe45546
26d075fefdb4aaa4e292b973e4688460fa418acc5432fa0e3daa24c11a9993cee59d
390a11011233779686216654b511e5af9ef1:ef6809508de57060f0dd3f5553147fe9
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.01.0004/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/13b7a2b432ae828a6506/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093210330906
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8E93275-D2DC-48C2-82C1-702A0977B65E}: NameServer = 217.237.151.225 217.237.150.225
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prolific HotFix Q0306270 - Unknown - C:\WINDOWS\System32\HotFixQ0306270.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - D:\Programme\Sygate\SPF\smc.exe
O23 - Service: Speed Disk service - Acronis - (no file)