Working Network Connections - = http://www.allwebseek.com/h/1213/

#0
07.02.2005, 23:40
Member

Beiträge: 11
#1 Bitte helft mir
Hier nun log Datei

Logfile of HijackThis v1.99.0
Scan saved at 23:31:42, on 07.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\telcmd.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hicom.exe
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Archive\archive.exe
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\wmton.exe
C:\WINDOWS\system32\hiden.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\ISTsvc\istsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\db\Desktop\Neuer Ordner (5)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allwebseek.com/h/1213/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allwebseek.com/h/1213/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.allwebseek.com/h/1213/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: XBTB01232 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\LOOKSM~1\toolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\Programme\LookSmart Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AnyDVD] c:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programme\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\db\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [Archive] C:\Programme\Archive\archive.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [afixmfg] C:\WINDOWS\wmton.exe
O4 - HKLM\..\Run: [hiden.exe] hiden.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Update Service] "C:\Programme\Gemeinsame Dateien\Teknum Systems\update.exe" /startup
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://Q:\content\include\XPPatchInstaller.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF838E9-5E42-40C4-A0ED-93F05A967047}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Manageer Network Connections - Unknown - C:\WINDOWS\system32\telcmd.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Working Network Connections - Unknown - C:\WINDOWS\system32\hicom.exe

Eins wollte ich noch sagen ich bekkome kein Update bei Microsoft mehr hin die Seite bleibt einfach leer.
Dieser Beitrag wurde am 08.02.2005 um 12:36 Uhr von Sabina editiert.
Seitenanfang Seitenende
08.02.2005, 00:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@dirk6

Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

Um die Diensteverwaltung explizit aufzurufen, geben Sie unter Start > Ausführen den Befehl services.msc ein.
So wird der Dienst deaktiviert:
Start-> Einstellungen-> Systemsteuerung-> Verwaltung-> Computerverwaltung und dann den Eintrag Dienste auswählen. Nun werden alle laufenden Dienste angezeigt. Hier den Punkt "Working Network Connections + Manageer Network Connections " aussuchen. Wenn unter Status "gestartet" steht, mit der rechten Maustaste anklicken und die Option "Eigenschaften" auswählen. Nicht "Den Dienst beenden" auswählen, denn dann wird der
" Working Network Connections + Manageer Network Connections " beim nächsten Systemstart erneut ausgeführt.

Als Starttyp "deaktiviert" auswählen und den Dienststatus mit "Beenden" schliessen. Jetzt noch "Übernehmen" anklicken. Der " " läuft nicht mehr im Hintergrund und wird auch nicht mehr bei einem Neustart ausgeführt.

Download Registry Search Tool :
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
Doppelklick:regsrch.vbs

kopiere rein.
{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}

Press 'OK'
warten, bis die Suche beendet ist. (Ergebnis bitte posten)

das machst du auch mit:

Working Network Connections
ISTsvc
Manageer Network Connections
C:\WINDOWS\system32\hicom.exe

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allwebseek.com/h/1213/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allwebseek.com/h/1213/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.allwebseek.com/h/1213/
O2 - BHO: XBTB01232 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\LOOKSM~1\toolbar.dll
O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\Programme\LookSmart Toolbar\toolbar.dll
O4 - HKLM\..\Run: [afixmfg] C:\WINDOWS\wmton.exe
O4 - HKLM\..\Run: [hiden.exe] hiden.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://Q:\content\include\XPPatchInstaller.CAB
O23 - Service: Manageer Network Connections - Unknown - C:\WINDOWS\system32\telcmd.exe
O23 - Service: Working Network Connections - Unknown - C:\WINDOWS\system32\hicom.exe-->Trojan-Proxy.Win32.Agent.cx:

PC neustarten

KillBox
http://www.bleepingcomputer.com/files/killbox.php
<Delete File on Reboot
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\System32\telcmd.exe
C:\WINDOWS\system32\hicom.exe
C:\Programme\ISTsvc\istsvc.exe
C:\Programme\LookSmart Toolbar\toolbar.dll
C:\WINDOWS\wmton.exe
C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
C:\WINDOWS\system32\hiden.exe

PC neustarten

#Hoster-Tool : http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.

Loesche:
C:\Programme\LookSmart Toolbar\

Adware.Istbar Removal Tool
The tool can be found here:
securityresponse.symantec.com/avcenter/FxIstbar.exe
http://www.chip.de/forum/thread.html?bwthreadid=762276

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

Aktuelle Version der Shareware von F-PROT (DOS)
Lade von dieser Seite:
http://www.f-prot.com/products/corporate_users/dos/

#<Online-Scann (Panda)
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

#Online-Scann <f-secure<
http://support.f-secure.com/enu/home/ols.shtml

#McAfee FreeScan (Online)
www.mcafee.com/myapps/mfs/default.asp

#BitDefender Scan
www.bitdefender.com/scan/Msie/index.php
#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann

CWShredder 2.12 [2004-12-13]
http://www.majorgeeks.com/download3019.html
Log-->"make Report"

+ poste das neeu Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 08.02.2005 um 00:45 Uhr von Sabina editiert.
Seitenanfang Seitenende
08.02.2005, 11:27
Member

Themenstarter

Beiträge: 11
#3 REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408" 08.02.2005 11:25:47

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTB01232\CLSID]
@="{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTB01232.1\CLSID]
@="{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}]

[HKEY_USERS\S-1-5-21-265313921-3447709930-2363368791-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}]

[HKEY_USERS\S-1-5-21-265313921-3447709930-2363368791-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\iexplore]



REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Working Network Connections" 08.02.2005 11:28:19

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TY164\0000]
"DeviceDesc"="Working Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TY164]
"DisplayName"="Working Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TY164\0000]
"DeviceDesc"="Working Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TY164]
"DisplayName"="Working Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TY164\0000]
"DeviceDesc"="Working Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TY164]
"DisplayName"="Working Network Connections"




REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "ISTsvc" 08.02.2005 11:30:26

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc]
"app_name"="istsvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc]
"popup_url"="http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php"

[HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc]
"update_url"="http://www.ysbweb.com/ist/scripts/istsvc_update.php"

[HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc]
"config_url"="http://www.ysbweb.com/ist/scripts/istsvc_config.php"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IST Service"="C:\\Programme\\ISTsvc\\istsvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc]
"DisplayName"="ISTsvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc]
"UninstallString"="C:\\Programme\\ISTsvc\\istsvc.exe /remove"

[HKEY_USERS\S-1-5-21-265313921-3447709930-2363368791-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\ISTsvc\\istsvc.exe"="istsvc"




REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Manageer Network Connections" 08.02.2005 11:32:12

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_KERN32\0000]
"DeviceDesc"="Manageer Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kern32]
"DisplayName"="Manageer Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KERN32\0000]
"DeviceDesc"="Manageer Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Kern32]
"DisplayName"="Manageer Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KERN32\0000]
"DeviceDesc"="Manageer Network Connections"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kern32]
"DisplayName"="Manageer Network Connections"





C:\WINDOWS\system32\hicom.exe
Da hat das Programm nichts finden können.

Danke schon mal für deine mühe habe schon öfter gesehen das du voll den durchblick hast und ich bin froh das du mir hilfst.

Das habe ich bei HjackThis nicht finden können.
O23 - Service: Manageer Network Connections - Unknown - C:\WINDOWS\system32\telcmd.exe
O23 - Service: Working Network Connections - Unknown - C:\WINDOWS\system32\hicom.exe-->Trojan-Proxy.Win32.Agent.cx:
Dieser Beitrag wurde am 08.02.2005 um 11:45 Uhr von dirk6 editiert.
Seitenanfang Seitenende
08.02.2005, 12:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 arbeite bitte alles weitere ab und dann sehen wir weiter ;)
und berichte mir bitte, was die Onlinescanns ergeben haben .
(am besten ein Scann-Log erstellen lassen)
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 08.02.2005 um 12:33 Uhr von Sabina editiert.
Seitenanfang Seitenende
08.02.2005, 12:52
Member

Themenstarter

Beiträge: 11
#5 mit dem Hoster das klappt nicht so wenn ich auf den Button gehe dann tut sich nichts oder muss ich die datei die darunter steht zum löschen da rein Kopieren.
Seitenanfang Seitenende
08.02.2005, 12:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 #öffne das HijackThis

"Do a system scan only"-->Config--> Misc Tools-->Open Hosts file Manager--> delet line(s) -->save Log

poste , was da steht
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.02.2005, 13:00
Member

Themenstarter

Beiträge: 11
#7 save log lässt sich nicht ausführen
Seitenanfang Seitenende
08.02.2005, 13:04
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 dann berichte, steht viel drin, oder nur eine Zeile ?

127.0.0.1 localhost
#Orginal Host Datei
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.02.2005, 13:12
Member

Themenstarter

Beiträge: 11
#9 unter zum Beispiel steht:

102.54.94.97 rhino.acme.com #Quellserver
38.25.63.10 x.acme.com #x-Clienthost

127.0.0.1 localhost
Seitenanfang Seitenende
08.02.2005, 13:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 das ist o.k.

arbeite weiter alles andere ab ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.02.2005, 14:20
Member

Themenstarter

Beiträge: 11
#11 habe von Fprot das bekommen : F-Prot Antivirus OnDemand Scanner
ist das richtig es läuft gerade.
Seitenanfang Seitenende
08.02.2005, 14:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 ja, das ist o.k., wenn diese Meldung kommt ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.02.2005, 15:10
Member

Themenstarter

Beiträge: 11
#13 Bei Panda Active Scan komme ich nicht rein da steht dann immer Try Again
was soll ich tun?

Der nächst Onlinescanner will auch nicht da steht immer was von Active X
und jetzt?

Eigentlich will bei mir keiner der Onlinscanner laufen.
Dieser Beitrag wurde am 08.02.2005 um 15:42 Uhr von dirk6 editiert.
Seitenanfang Seitenende
08.02.2005, 16:11
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 gehe zur Systemsteuerung --> Internetoptionen
aktiviere im Internetexplorer: Active X

Gehe dann in den abgesicherten Modus --> mache einen Fullscann mit dem esCan (mwav.exe) und poste, was als infiziert angezeigt wir)
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 08.02.2005 um 16:13 Uhr von Sabina editiert.
Seitenanfang Seitenende
08.02.2005, 21:01
Member

Themenstarter

Beiträge: 11
#15 Incident Status Location

Virus:mIRC/Simpsalapim.N Disinfected D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\bonus\irc script\arach13\AEVENTS.INI
Virus:Keylogger Disinfected D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\bonus\key loggers\keytrap2\CONVERT.COM
Virus:Backdoor Program Disinfected D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\bonus\security\NPS\NPS.exe
Virus:Bck/Cain.2.0 Disinfected D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\pw-tools\Cain\Cain20.EXE
Virus:Trj/PSW.Misos Renamed D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\pw-tools\ShowPass\ShowPassV1_0.exe


von Escan die log war so groß das sie nicht rein ging

Ich danke dir schon mal das du mir bis jetzt so geholfen hast.
Muss leider jetzt raus bin aber morgen um 20Uhr wieder da ich hoffe du hilfst mir dann auch noch.

Tschüss und vielen dank.



Mc Afee

C:\...\backup-20050114-180616-546.dll StartPage-DU.dll
C:\Programme\eMule\Incoming\MobiMB-128.zip New Win32
C:\Programme\Windows Media Player\wmplayer.exe.tmp Seeker.reg.dr
C:\WINDOWS\system32\ibgf.dll StartPage-DU.dll
C:\WINDOWS\test.hta VBS/Psyme
C:\WINDOWS\testw.hta VBS/Psyme


Ad Aware

Ad-Aware SE Build 1.05
Logfile Created on:Mittwoch, 9. Februar 2005 18:36:15
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R27 05.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
istbar.dotcomToolbar(TAC index:5):1 total references
MRU List(TAC index:0):31 total references
Tracking Cookie(TAC index:3):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09.02.2005 18:36:15 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\db\recent
Description : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 396
ThreadCreationTime : 09.02.2005 15:42:25
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 09.02.2005 15:42:27
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 09.02.2005 15:42:28
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 09.02.2005 15:42:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 09.02.2005 15:42:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 09.02.2005 15:42:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 09.02.2005 15:42:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 784
ThreadCreationTime : 09.02.2005 15:42:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 832
ThreadCreationTime : 09.02.2005 15:42:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 908
ThreadCreationTime : 09.02.2005 15:42:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 09.02.2005 15:42:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1148
ThreadCreationTime : 09.02.2005 15:42:30
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:13 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ProcessID : 1216
ThreadCreationTime : 09.02.2005 15:42:31
BasePriority : Normal
FileVersion : 4.11.050
ProductVersion : 4.11.050 Windows NT 2001/07/12
ProductName : SafeCast Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:14 [ccevtmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1264
ThreadCreationTime : 09.02.2005 15:42:31
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:15 [ewidoctrl.exe]
FilePath : C:\Programme\ewido\security suite\
ProcessID : 1308
ThreadCreationTime : 09.02.2005 15:42:31
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:16 [fpavupdm.exe]
FilePath : C:\Programme\FSI\F-Prot\
ProcessID : 1492
ThreadCreationTime : 09.02.2005 15:42:33
BasePriority : Normal
FileVersion : 1, 6, 8, 5
ProductVersion : 1, 6, 8, 5
ProductName : F-Prot Antivirus Update Monitor
CompanyName : FRISK Software
FileDescription : F-Prot Antivirus Update Monitor
InternalName : fpavupdm
LegalCopyright : Copyright (C) 2004
OriginalFilename : fpavupdm.exe

#:17 [incdsrv.exe]
FilePath : C:\Programme\Ahead\InCD\
ProcessID : 1512
ThreadCreationTime : 09.02.2005 15:42:33
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : AHEAD Software incdsrv
CompanyName : AHEAD Software
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright © 2003
OriginalFilename : incdsrv.exe

#:18 [navapsvc.exe]
FilePath : C:\Programme\Norton AntiVirus\
ProcessID : 1568
ThreadCreationTime : 09.02.2005 15:42:35
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:19 [nisum.exe]
FilePath : C:\Programme\Norton Internet Security\
ProcessID : 1604
ThreadCreationTime : 09.02.2005 15:42:35
BasePriority : Normal
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe

#:20 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1692
ThreadCreationTime : 09.02.2005 15:42:35
BasePriority : Normal
FileVersion : 6.13.10.4104
ProductVersion : 6.13.10.4104
ProductName : NVIDIA Driver Helper Service, Version 41.04
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 41.04
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1780
ThreadCreationTime : 09.02.2005 15:42:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1832
ThreadCreationTime : 09.02.2005 15:42:35
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:23 [ccpxysvc.exe]
FilePath : C:\Programme\Norton Internet Security\
ProcessID : 1884
ThreadCreationTime : 09.02.2005 15:42:36
BasePriority : Normal
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe

#:24 [symwsc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\
ProcessID : 1916
ThreadCreationTime : 09.02.2005 15:42:36
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:25 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 452
ThreadCreationTime : 09.02.2005 15:42:42
BasePriority : Normal
FileVersion : 5.0.07
ProductVersion : 5.0.07
ProductName : Avance Sound Manager
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2002 Avance Logic, Inc.
OriginalFilename : ALSMTray.exe
Comments : Avance AC97 Audio Sound Manager

#:26 [em_exec.exe]
FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\
ProcessID : 548
ThreadCreationTime : 09.02.2005 15:42:42
BasePriority : Normal
FileVersion : 9.43.75
ProductVersion : 9.43
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2001.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:27 [ccapp.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 868
ThreadCreationTime : 09.02.2005 15:42:42
BasePriority : Normal
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:28 [incd.exe]
FilePath : C:\Programme\Ahead\InCD\
ProcessID : 1012
ThreadCreationTime : 09.02.2005 15:42:44
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright (c) Ahead Software 1996-2003, Karlsbad, Germany
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe

#:29 [winampa.exe]
FilePath : C:\Programme\Winamp\
ProcessID : 1324
ThreadCreationTime : 09.02.2005 15:42:44
BasePriority : Normal


#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1456
ThreadCreationTime : 09.02.2005 15:42:47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 1708
ThreadCreationTime : 09.02.2005 15:42:48
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:32 [archive.exe]
FilePath : C:\Programme\Archive\
ProcessID : 2476
ThreadCreationTime : 09.02.2005 15:42:56
BasePriority : Normal


#:33 [dslmon.exe]
FilePath : C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\
ProcessID : 2684
ThreadCreationTime : 09.02.2005 15:43:05
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright (C) 2000
OriginalFilename : ADIMON.EXE

#:34 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 1280
ThreadCreationTime : 09.02.2005 17:33:55
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:35 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1640
ThreadCreationTime : 09.02.2005 17:35:01
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : db@doubleclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:db@doubleclick.net/
Expires : 08.02.2008 15:19:58
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : db@counter13.sextracker[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:db@counter13.sextracker.com/
Expires : 09.02.2005 13:39:24
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : db@xxxcounter[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:db@xxxcounter.com/
Expires : 09.02.2005 21:13:34
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : db@sextracker[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:db@sextracker.com/
Expires : 09.02.2005 21:42:20
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : db@counter9.sextracker[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:db@counter9.sextracker.com/
Expires : 09.02.2005 13:41:56
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : db@cs.sexcounter[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:db@cs.sexcounter.com/
Expires : 12.05.2024 19:07:28
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : db@paycounter[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:db@paycounter.com/
Expires : 31.12.2030 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : db@counter5.sextracker[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:db@counter5.sextracker.com/
Expires : 09.02.2005 13:42:20
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 39



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar.dotcomToolbar Object Recognized!
Type : File
Data : fkFDddF.exe
Category : Data Miner
Comment :
Object : C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Temp\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Deep scanning and examining files (D;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Deep scanning and examining files (E;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 40




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

18:45:47 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:32.141
Objects scanned:158475
Objects identified:9
Objects ignored:0
New critical objects:9



CW Shreder

**** Run Keys ****

RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [nwiz] nwiz.exe /installquiet
RUN: [SoundMan] SOUNDMAN.EXE
RUN: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
RUN: [2kadiras] 2kadiras.exe
RUN: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
RUN: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
RUN: [AnyDVD] c:\Programme\SlySoft\AnyDVD\AnyDVD.exe
RUN: [InCD] C:\Programme\Ahead\InCD\InCD.exe
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
RUN: [WildTangent CDA] RUNDLL32.exe "C:\Programme\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
RUN: [WinampAgent] C:\Programme\Winamp\winampa.exe
RUN: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
RUN: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
RUN: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
RUN: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
RUN: [mwavscan] "C:\DOKUME~1\db\LOKALE~1\Temp\mwavscan.com" /s
RUN: [Archive] C:\Programme\Archive\archive.exe
RUN: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
RUN: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
RUN: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
RUN: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
RUN: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
BHO: [Google Toolbar Helper] c:\programme\google\googletoolbar1.dll
BHO: [CNavExtBho Class] C:\Programme\Norton AntiVirus\NavShExt.dll


**** IE Toolbars ****

TOOLBAR: [Norton AntiVirus] C:\Programme\Norton AntiVirus\NavShExt.dll
TOOLBAR: [&Google] c:\programme\google\googletoolbar1.dll


**** IE Extensions ****



**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: http://allwebseek.com
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


**** IE Context Menu (Right click) ****

IEContext: [Nach Microsoft &Excel exportieren] res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{495600CF-C884-4B1E-A813-7E96E5D1A694}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{495600CF-C884-4B1E-A813-7E96E5D1A694}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A790820-692F-4AA8-98D8-414D60C4AC2C}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A790820-692F-4AA8-98D8-414D60C4AC2C}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{65471B6E-A6C3-43ED-8C1E-810CBF9571E3}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{65471B6E-A6C3-43ED-8C1E-810CBF9571E3}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A8A7CCE6-FBB8-4C8F-AA56-9DD75E3313D2}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A8A7CCE6-FBB8-4C8F-AA56-9DD75E3313D2}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EF838E9-5E42-40C4-A0ED-93F05A967047}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EF838E9-5E42-40C4-A0ED-93F05A967047}] DATAGRAM 4


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} [http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092081342265] C:\WINDOWS\System32\mssecadv.dll
{80DD2229-B8E4-4C77-B72F-F22972D723EA} [http://www.bitdefender.com/scan/Msie/bitdefender.cab] C:\WINDOWS\system32\xgate.dll C:\WINDOWS\system32\xcommsvr.dll C:\WINDOWS\system32\xcomm.dll C:\WINDOWS\Downloaded Program Files\fxfileop.dll C:\WINDOWS\Downloaded Program Files\bitdefender.ocx
{8EB3FF4E-86A1-4717-884D-7BA2D38272CB} [http://support.f-secure.com/ols/fscax.cab]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [http://www.pandasoftware.com/activescan/as5/asinst.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38168.2486342593]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4426/mcfscan.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[C-DillaCdaC11BA] C:\WINDOWS\System32\drivers\CDAC11BA.EXE
[ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
[ccPwdSvc] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe"
[ccPxySvc] "C:\Programme\Norton Internet Security\ccPxySvc.exe"
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[ewido security suite control] C:\Programme\ewido\security suite\ewidoctrl.exe
[ewido security suite guard] C:\Programme\ewido\security suite\ewidoguard.exe
[F-Prot Antivirus Update Monitor] "C:\Programme\FSI\F-Prot\fpavupdm.exe"
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[InCDsrv] C:\Programme\Ahead\InCD\InCDsrv.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[navapsvc] "C:\Programme\Norton AntiVirus\navapsvc.exe"
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NISUM] "C:\Programme\Norton Internet Security\NISUM.EXE"
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[ose] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE"
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[rpcapd] "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SBService] C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SLService] slserv.exe
[SNDSrvc] C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{98C2724C-CAD0-4FFE-A9E2-A3EE92C4E7B5}
[SymWSC] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe"
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant_bak] about:blank
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] http://allwebseek.com
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [NotifyDownloadComplete] no
IEOPT: [FavoritesExportFile] D:\USB\bookmark.htm
IEOPT: [FavoritesImportFolder] C:\Dokumente und Einstellungen\db\Favoriten
IEOPT: [Toolbars_Placement] b‰çAêL~·aw_æÿw©yN“Jlungen\db\Favoriten
IEOPT: [Use Search Asst] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Force Offscreen Composition]
IEOPT: [ShowGoButton] yes
IEOPT: [NoWebJITSetup]
IEOPT: [Friendly http errors] yes
IEOPT: [FavIntelliMenus] no
IEOPT: [NscSingleExpand]
IEOPT: [SmoothScroll]
IEOPT: [Page_Transitions]
IEOPT: [AllowWindowReuse]
IEOPT: [UseThemes]
IEOPT: [Print_Background] no
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [Play_Animations] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Show image placeholders]
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [StatusBarWeb]
IEOPT: [Use Custom Search URL]
IEOPT: [Check_Associations] yes
IEOPT: [conc]
IEOPT: [Search Bar_bak] res://C:\DOKUME~1\db\LOKALE~1\Temp\sp.dll/sp.html
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch




HiJack

Logfile of HijackThis v1.99.0
Scan saved at 19:50:45, on 09.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Archive\archive.exe
C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
C:\Dokumente und Einstellungen\db\Desktop\Neuer Ordner (5)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://allwebseek.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AnyDVD] c:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programme\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\db\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [Archive] C:\Programme\Archive\archive.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4426/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF838E9-5E42-40C4-A0ED-93F05A967047}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\FSI\F-Prot\fpavupdm.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Dieser Beitrag wurde am 09.02.2005 um 19:51 Uhr von dirk6 editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: