Working Network Connections - = http://www.allwebseek.com/h/1213/ |
||
---|---|---|
#0
| ||
07.02.2005, 23:40
Member
Beiträge: 11 |
||
|
||
08.02.2005, 00:36
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@dirk6
Deaktivieren Wiederherstellung «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. Um die Diensteverwaltung explizit aufzurufen, geben Sie unter Start > Ausführen den Befehl services.msc ein. So wird der Dienst deaktiviert: Start-> Einstellungen-> Systemsteuerung-> Verwaltung-> Computerverwaltung und dann den Eintrag Dienste auswählen. Nun werden alle laufenden Dienste angezeigt. Hier den Punkt "Working Network Connections + Manageer Network Connections " aussuchen. Wenn unter Status "gestartet" steht, mit der rechten Maustaste anklicken und die Option "Eigenschaften" auswählen. Nicht "Den Dienst beenden" auswählen, denn dann wird der " Working Network Connections + Manageer Network Connections " beim nächsten Systemstart erneut ausgeführt. Als Starttyp "deaktiviert" auswählen und den Dienststatus mit "Beenden" schliessen. Jetzt noch "Übernehmen" anklicken. Der " " läuft nicht mehr im Hintergrund und wird auch nicht mehr bei einem Neustart ausgeführt. Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs kopiere rein. {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) das machst du auch mit: Working Network Connections ISTsvc Manageer Network Connections C:\WINDOWS\system32\hicom.exe #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allwebseek.com/h/1213/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allwebseek.com/h/1213/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.allwebseek.com/h/1213/ O2 - BHO: XBTB01232 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\LOOKSM~1\toolbar.dll O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\Programme\LookSmart Toolbar\toolbar.dll O4 - HKLM\..\Run: [afixmfg] C:\WINDOWS\wmton.exe O4 - HKLM\..\Run: [hiden.exe] hiden.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://Q:\content\include\XPPatchInstaller.CAB O23 - Service: Manageer Network Connections - Unknown - C:\WINDOWS\system32\telcmd.exe O23 - Service: Working Network Connections - Unknown - C:\WINDOWS\system32\hicom.exe-->Trojan-Proxy.Win32.Agent.cx: PC neustarten KillBox http://www.bleepingcomputer.com/files/killbox.php <Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\telcmd.exe C:\WINDOWS\system32\hicom.exe C:\Programme\ISTsvc\istsvc.exe C:\Programme\LookSmart Toolbar\toolbar.dll C:\WINDOWS\wmton.exe C:/WINDOWS/Downloaded Program Files/ISTactivex.dll C:\WINDOWS\system32\hiden.exe PC neustarten #Hoster-Tool : http://members.aol.com/toadbee/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. Loesche: C:\Programme\LookSmart Toolbar\ Adware.Istbar Removal Tool The tool can be found here: securityresponse.symantec.com/avcenter/FxIstbar.exe http://www.chip.de/forum/thread.html?bwthreadid=762276 #ClaerProg..lade die neuste Version <1.4.1 http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) Aktuelle Version der Shareware von F-PROT (DOS) Lade von dieser Seite: http://www.f-prot.com/products/corporate_users/dos/ #<Online-Scann (Panda) http://www.pandasoftware.com/activescan/com/activescan_principal.htm #Online-Scann <f-secure< http://support.f-secure.com/enu/home/ols.shtml #McAfee FreeScan (Online) www.mcafee.com/myapps/mfs/default.asp #BitDefender Scan www.bitdefender.com/scan/Msie/index.php #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann CWShredder 2.12 [2004-12-13] http://www.majorgeeks.com/download3019.html Log-->"make Report" + poste das neeu Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 08.02.2005 um 00:45 Uhr von Sabina editiert.
|
|
|
||
08.02.2005, 11:27
Member
Themenstarter Beiträge: 11 |
#3
REGEDIT4
; RegSrch.vbs © Bill James ; Registry search results for string "BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408" 08.02.2005 11:25:47 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTB01232\CLSID] @="{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTB01232.1\CLSID] @="{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}] [HKEY_USERS\S-1-5-21-265313921-3447709930-2363368791-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}] [HKEY_USERS\S-1-5-21-265313921-3447709930-2363368791-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\iexplore] REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "Working Network Connections" 08.02.2005 11:28:19 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TY164\0000] "DeviceDesc"="Working Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TY164] "DisplayName"="Working Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TY164\0000] "DeviceDesc"="Working Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TY164] "DisplayName"="Working Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TY164\0000] "DeviceDesc"="Working Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TY164] "DisplayName"="Working Network Connections" REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "ISTsvc" 08.02.2005 11:30:26 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc] "app_name"="istsvc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc] "popup_url"="http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php" [HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc] "update_url"="http://www.ysbweb.com/ist/scripts/istsvc_update.php" [HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc] "config_url"="http://www.ysbweb.com/ist/scripts/istsvc_config.php" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IST Service"="C:\\Programme\\ISTsvc\\istsvc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc] "DisplayName"="ISTsvc" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc] "UninstallString"="C:\\Programme\\ISTsvc\\istsvc.exe /remove" [HKEY_USERS\S-1-5-21-265313921-3447709930-2363368791-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Programme\\ISTsvc\\istsvc.exe"="istsvc" REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "Manageer Network Connections" 08.02.2005 11:32:12 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_KERN32\0000] "DeviceDesc"="Manageer Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kern32] "DisplayName"="Manageer Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_KERN32\0000] "DeviceDesc"="Manageer Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Kern32] "DisplayName"="Manageer Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KERN32\0000] "DeviceDesc"="Manageer Network Connections" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kern32] "DisplayName"="Manageer Network Connections" C:\WINDOWS\system32\hicom.exe Da hat das Programm nichts finden können. Danke schon mal für deine mühe habe schon öfter gesehen das du voll den durchblick hast und ich bin froh das du mir hilfst. Das habe ich bei HjackThis nicht finden können. O23 - Service: Manageer Network Connections - Unknown - C:\WINDOWS\system32\telcmd.exe O23 - Service: Working Network Connections - Unknown - C:\WINDOWS\system32\hicom.exe-->Trojan-Proxy.Win32.Agent.cx: Dieser Beitrag wurde am 08.02.2005 um 11:45 Uhr von dirk6 editiert.
|
|
|
||
08.02.2005, 12:24
Ehrenmitglied
Beiträge: 29434 |
#4
arbeite bitte alles weitere ab und dann sehen wir weiter
und berichte mir bitte, was die Onlinescanns ergeben haben . (am besten ein Scann-Log erstellen lassen) __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 08.02.2005 um 12:33 Uhr von Sabina editiert.
|
|
|
||
08.02.2005, 12:52
Member
Themenstarter Beiträge: 11 |
#5
mit dem Hoster das klappt nicht so wenn ich auf den Button gehe dann tut sich nichts oder muss ich die datei die darunter steht zum löschen da rein Kopieren.
|
|
|
||
08.02.2005, 12:55
Ehrenmitglied
Beiträge: 29434 |
#6
#öffne das HijackThis
"Do a system scan only"-->Config--> Misc Tools-->Open Hosts file Manager--> delet line(s) -->save Log poste , was da steht __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.02.2005, 13:00
Member
Themenstarter Beiträge: 11 |
#7
save log lässt sich nicht ausführen
|
|
|
||
08.02.2005, 13:04
Ehrenmitglied
Beiträge: 29434 |
#8
dann berichte, steht viel drin, oder nur eine Zeile ?
127.0.0.1 localhost #Orginal Host Datei __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.02.2005, 13:12
Member
Themenstarter Beiträge: 11 |
#9
unter zum Beispiel steht:
102.54.94.97 rhino.acme.com #Quellserver 38.25.63.10 x.acme.com #x-Clienthost 127.0.0.1 localhost |
|
|
||
08.02.2005, 13:15
Ehrenmitglied
Beiträge: 29434 |
||
|
||
08.02.2005, 14:20
Member
Themenstarter Beiträge: 11 |
#11
habe von Fprot das bekommen : F-Prot Antivirus OnDemand Scanner
ist das richtig es läuft gerade. |
|
|
||
08.02.2005, 14:36
Ehrenmitglied
Beiträge: 29434 |
||
|
||
08.02.2005, 15:10
Member
Themenstarter Beiträge: 11 |
#13
Bei Panda Active Scan komme ich nicht rein da steht dann immer Try Again
was soll ich tun? Der nächst Onlinescanner will auch nicht da steht immer was von Active X und jetzt? Eigentlich will bei mir keiner der Onlinscanner laufen. Dieser Beitrag wurde am 08.02.2005 um 15:42 Uhr von dirk6 editiert.
|
|
|
||
08.02.2005, 16:11
Ehrenmitglied
Beiträge: 29434 |
#14
gehe zur Systemsteuerung --> Internetoptionen
aktiviere im Internetexplorer: Active X Gehe dann in den abgesicherten Modus --> mache einen Fullscann mit dem esCan (mwav.exe) und poste, was als infiziert angezeigt wir) __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 08.02.2005 um 16:13 Uhr von Sabina editiert.
|
|
|
||
08.02.2005, 21:01
Member
Themenstarter Beiträge: 11 |
#15
Incident Status Location
Virus:mIRC/Simpsalapim.N Disinfected D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\bonus\irc script\arach13\AEVENTS.INI Virus:Keylogger Disinfected D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\bonus\key loggers\keytrap2\CONVERT.COM Virus:Backdoor Program Disinfected D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\bonus\security\NPS\NPS.exe Virus:Bck/Cain.2.0 Disinfected D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\pw-tools\Cain\Cain20.EXE Virus:Trj/PSW.Misos Renamed D:\Backup C\Fertiges\Programme\Hackertoolkit-vol9.[www.extreme-torrent.dl.am]\Hacker Toolkit\pw-tools\ShowPass\ShowPassV1_0.exe von Escan die log war so groß das sie nicht rein ging Ich danke dir schon mal das du mir bis jetzt so geholfen hast. Muss leider jetzt raus bin aber morgen um 20Uhr wieder da ich hoffe du hilfst mir dann auch noch. Tschüss und vielen dank. Mc Afee C:\...\backup-20050114-180616-546.dll StartPage-DU.dll C:\Programme\eMule\Incoming\MobiMB-128.zip New Win32 C:\Programme\Windows Media Player\wmplayer.exe.tmp Seeker.reg.dr C:\WINDOWS\system32\ibgf.dll StartPage-DU.dll C:\WINDOWS\test.hta VBS/Psyme C:\WINDOWS\testw.hta VBS/Psyme Ad Aware Ad-Aware SE Build 1.05 Logfile Created on:Mittwoch, 9. Februar 2005 18:36:15 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R27 05.02.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» istbar.dotcomToolbar(TAC index:5):1 total references MRU List(TAC index:0):31 total references Tracking Cookie(TAC index:3):8 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 09.02.2005 18:36:15 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\nvidia corporation\global\nview\windowmanagement Description : nvidia nview cached application window positions MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\office\10.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\ahead\nero wave editor\recent file list Description : list of recently used files in nero wave editor MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-265313921-3447709930-2363368791-1005\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\db\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 396 ThreadCreationTime : 09.02.2005 15:42:25 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 464 ThreadCreationTime : 09.02.2005 15:42:27 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 488 ThreadCreationTime : 09.02.2005 15:42:28 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 532 ThreadCreationTime : 09.02.2005 15:42:28 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 544 ThreadCreationTime : 09.02.2005 15:42:28 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 696 ThreadCreationTime : 09.02.2005 15:42:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 744 ThreadCreationTime : 09.02.2005 15:42:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 784 ThreadCreationTime : 09.02.2005 15:42:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 832 ThreadCreationTime : 09.02.2005 15:42:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 908 ThreadCreationTime : 09.02.2005 15:42:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1104 ThreadCreationTime : 09.02.2005 15:42:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1148 ThreadCreationTime : 09.02.2005 15:42:30 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:13 [cdac11ba.exe] FilePath : C:\WINDOWS\System32\drivers\ ProcessID : 1216 ThreadCreationTime : 09.02.2005 15:42:31 BasePriority : Normal FileVersion : 4.11.050 ProductVersion : 4.11.050 Windows NT 2001/07/12 ProductName : SafeCast Windows NT CompanyName : C-Dilla Ltd FileDescription : C-Dilla RTS Service InternalName : CDANTSRV LegalCopyright : Copyright (c) Macrovision 1993-2001 OriginalFilename : CDANTSRV.EXE Comments : StringFileInfo: U.S. English #:14 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1264 ThreadCreationTime : 09.02.2005 15:42:31 BasePriority : Normal FileVersion : 1.03.4 ProductVersion : 1.03.4 ProductName : Event Manager CompanyName : Symantec Corporation FileDescription : Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [ewidoctrl.exe] FilePath : C:\Programme\ewido\security suite\ ProcessID : 1308 ThreadCreationTime : 09.02.2005 15:42:31 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:16 [fpavupdm.exe] FilePath : C:\Programme\FSI\F-Prot\ ProcessID : 1492 ThreadCreationTime : 09.02.2005 15:42:33 BasePriority : Normal FileVersion : 1, 6, 8, 5 ProductVersion : 1, 6, 8, 5 ProductName : F-Prot Antivirus Update Monitor CompanyName : FRISK Software FileDescription : F-Prot Antivirus Update Monitor InternalName : fpavupdm LegalCopyright : Copyright (C) 2004 OriginalFilename : fpavupdm.exe #:17 [incdsrv.exe] FilePath : C:\Programme\Ahead\InCD\ ProcessID : 1512 ThreadCreationTime : 09.02.2005 15:42:33 BasePriority : Normal FileVersion : 4, 1, 0, 0 ProductVersion : 4, 1, 0, 0 ProductName : AHEAD Software incdsrv CompanyName : AHEAD Software FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright © 2003 OriginalFilename : incdsrv.exe #:18 [navapsvc.exe] FilePath : C:\Programme\Norton AntiVirus\ ProcessID : 1568 ThreadCreationTime : 09.02.2005 15:42:35 BasePriority : Normal FileVersion : 9.05.1015 ProductVersion : 9.05.1015 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:19 [nisum.exe] FilePath : C:\Programme\Norton Internet Security\ ProcessID : 1604 ThreadCreationTime : 09.02.2005 15:42:35 BasePriority : Normal FileVersion : 6.02.2003 ProductVersion : 6.02.2003 ProductName : Norton Internet Security CompanyName : Symantec Corporation FileDescription : Norton Internet Security NISUM InternalName : NISUM LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. OriginalFilename : NISUM.exe #:20 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1692 ThreadCreationTime : 09.02.2005 15:42:35 BasePriority : Normal FileVersion : 6.13.10.4104 ProductVersion : 6.13.10.4104 ProductName : NVIDIA Driver Helper Service, Version 41.04 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 41.04 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:21 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1780 ThreadCreationTime : 09.02.2005 15:42:35 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:22 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1832 ThreadCreationTime : 09.02.2005 15:42:35 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:23 [ccpxysvc.exe] FilePath : C:\Programme\Norton Internet Security\ ProcessID : 1884 ThreadCreationTime : 09.02.2005 15:42:36 BasePriority : Normal FileVersion : 6.02.2003 ProductVersion : 6.02.2003 ProductName : Norton Internet Security CompanyName : Symantec Corporation FileDescription : Norton Internet Security Proxy Service InternalName : ccPxySvc LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. OriginalFilename : ccPxySvc.exe #:24 [symwsc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\ ProcessID : 1916 ThreadCreationTime : 09.02.2005 15:42:36 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:25 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 452 ThreadCreationTime : 09.02.2005 15:42:42 BasePriority : Normal FileVersion : 5.0.07 ProductVersion : 5.0.07 ProductName : Avance Sound Manager CompanyName : Avance Logic, Inc. FileDescription : Avance Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001-2002 Avance Logic, Inc. OriginalFilename : ALSMTray.exe Comments : Avance AC97 Audio Sound Manager #:26 [em_exec.exe] FilePath : C:\PROGRA~1\MOUSEW~1\SYSTEM\ ProcessID : 548 ThreadCreationTime : 09.02.2005 15:42:42 BasePriority : Normal FileVersion : 9.43.75 ProductVersion : 9.43 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Control Center InternalName : EM_EXEC LegalCopyright : Copyright © Logitech Inc. 1987-2001. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : EM_EXEC.CPP Comments : Created by the MouseWare Team #:27 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 868 ThreadCreationTime : 09.02.2005 15:42:42 BasePriority : Normal FileVersion : 1.0.9.002 ProductVersion : 1.0.9.002 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client CC App InternalName : ccApp LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:28 [incd.exe] FilePath : C:\Programme\Ahead\InCD\ ProcessID : 1012 ThreadCreationTime : 09.02.2005 15:42:44 BasePriority : Normal FileVersion : 4, 1, 0, 0 ProductVersion : 4, 1, 0, 0 ProductName : InCD CompanyName : Ahead Software AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright (c) Ahead Software 1996-2003, Karlsbad, Germany LegalTrademarks : InCD TM OriginalFilename : InCD.exe #:29 [winampa.exe] FilePath : C:\Programme\Winamp\ ProcessID : 1324 ThreadCreationTime : 09.02.2005 15:42:44 BasePriority : Normal #:30 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1456 ThreadCreationTime : 09.02.2005 15:42:47 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:31 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 1708 ThreadCreationTime : 09.02.2005 15:42:48 BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:32 [archive.exe] FilePath : C:\Programme\Archive\ ProcessID : 2476 ThreadCreationTime : 09.02.2005 15:42:56 BasePriority : Normal #:33 [dslmon.exe] FilePath : C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\ ProcessID : 2684 ThreadCreationTime : 09.02.2005 15:43:05 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DSLMON Application FileDescription : ADIMON MFC Application InternalName : DSLMON LegalCopyright : Copyright (C) 2000 OriginalFilename : ADIMON.EXE #:34 [iexplore.exe] FilePath : C:\Programme\Internet Explorer\ ProcessID : 1280 ThreadCreationTime : 09.02.2005 17:33:55 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : IEXPLORE.EXE #:35 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1640 ThreadCreationTime : 09.02.2005 17:35:01 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 31 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : db@doubleclick[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:db@doubleclick.net/ Expires : 08.02.2008 15:19:58 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : db@counter13.sextracker[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:db@counter13.sextracker.com/ Expires : 09.02.2005 13:39:24 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : db@xxxcounter[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:db@xxxcounter.com/ Expires : 09.02.2005 21:13:34 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : db@sextracker[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:db@sextracker.com/ Expires : 09.02.2005 21:42:20 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : db@counter9.sextracker[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:db@counter9.sextracker.com/ Expires : 09.02.2005 13:41:56 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : db@cs.sexcounter[2].txt Category : Data Miner Comment : Hits:4 Value : Cookie:db@cs.sexcounter.com/ Expires : 12.05.2024 19:07:28 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : db@paycounter[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:db@paycounter.com/ Expires : 31.12.2030 02:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : db@counter5.sextracker[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:db@counter5.sextracker.com/ Expires : 09.02.2005 13:42:20 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 39 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» istbar.dotcomToolbar Object Recognized! Type : File Data : fkFDddF.exe Category : Data Miner Comment : Object : C:\Dokumente und Einstellungen\db\Lokale Einstellungen\Temp\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 40 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 40 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 40 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 40 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 40 18:45:47 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:09:32.141 Objects scanned:158475 Objects identified:9 Objects ignored:0 New critical objects:9 CW Shreder **** Run Keys **** RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup RUN: [nwiz] nwiz.exe /installquiet RUN: [SoundMan] SOUNDMAN.EXE RUN: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE RUN: [2kadiras] 2kadiras.exe RUN: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" RUN: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" RUN: [AnyDVD] c:\Programme\SlySoft\AnyDVD\AnyDVD.exe RUN: [InCD] C:\Programme\Ahead\InCD\InCD.exe RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k RUN: [WildTangent CDA] RUNDLL32.exe "C:\Programme\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain RUN: [WinampAgent] C:\Programme\Winamp\winampa.exe RUN: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg RUN: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime RUN: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE RUN: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" RUN: [mwavscan] "C:\DOKUME~1\db\LOKALE~1\Temp\mwavscan.com" /s RUN: [Archive] C:\Programme\Archive\archive.exe RUN: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s RUN: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP RUN: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE RUN: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background RUN: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE **** Browser Helper Objects **** BHO: [AcroIEHlprObj Class] C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx BHO: [Google Toolbar Helper] c:\programme\google\googletoolbar1.dll BHO: [CNavExtBho Class] C:\Programme\Norton AntiVirus\NavShExt.dll **** IE Toolbars **** TOOLBAR: [Norton AntiVirus] C:\Programme\Norton AntiVirus\NavShExt.dll TOOLBAR: [&Google] c:\programme\google\googletoolbar1.dll **** IE Extensions **** **** Hosts File Entries **** HOSTS: 127.0.0.1 localhost HOSTS: 127.0.0.1 localhost **** IE Settings **** Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Local Page: http://allwebseek.com Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch **** IE Context Menu (Right click) **** IEContext: [Nach Microsoft &Excel exportieren] res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 **** Layered Service Providers **** LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [UDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{495600CF-C884-4B1E-A813-7E96E5D1A694}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{495600CF-C884-4B1E-A813-7E96E5D1A694}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A790820-692F-4AA8-98D8-414D60C4AC2C}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2A790820-692F-4AA8-98D8-414D60C4AC2C}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{65471B6E-A6C3-43ED-8C1E-810CBF9571E3}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{65471B6E-A6C3-43ED-8C1E-810CBF9571E3}] DATAGRAM 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A8A7CCE6-FBB8-4C8F-AA56-9DD75E3313D2}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A8A7CCE6-FBB8-4C8F-AA56-9DD75E3313D2}] DATAGRAM 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EF838E9-5E42-40C4-A0ED-93F05A967047}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EF838E9-5E42-40C4-A0ED-93F05A967047}] DATAGRAM 4 **** Blocked Control Panel Items **** BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No **** Downloaded Program Files **** DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab] Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab] {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} [http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092081342265] C:\WINDOWS\System32\mssecadv.dll {80DD2229-B8E4-4C77-B72F-F22972D723EA} [http://www.bitdefender.com/scan/Msie/bitdefender.cab] C:\WINDOWS\system32\xgate.dll C:\WINDOWS\system32\xcommsvr.dll C:\WINDOWS\system32\xcomm.dll C:\WINDOWS\Downloaded Program Files\fxfileop.dll C:\WINDOWS\Downloaded Program Files\bitdefender.ocx {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} [http://support.f-secure.com/ols/fscax.cab] {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [http://www.pandasoftware.com/activescan/as5/asinst.cab] {9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38168.2486342593] {D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab] {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4426/mcfscan.cab] **** Windows Services **** [Alerter] %SystemRoot%\System32\svchost.exe -k LocalService [ALG] %SystemRoot%\System32\alg.exe [AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs [aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [BITS] %SystemRoot%\System32\svchost.exe -k netsvcs [Browser] %SystemRoot%\System32\svchost.exe -k netsvcs [C-DillaCdaC11BA] C:\WINDOWS\System32\drivers\CDAC11BA.EXE [ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe" [ccPwdSvc] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe" [ccPxySvc] "C:\Programme\Norton Internet Security\ccPxySvc.exe" [CiSvc] %SystemRoot%\system32\cisvc.exe [ClipSrv] %SystemRoot%\system32\clipsrv.exe [COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch [Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs [dmadmin] %SystemRoot%\System32\dmadmin.exe /com [dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs [Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService [ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs [Eventlog] %SystemRoot%\system32\services.exe [EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs [ewido security suite control] C:\Programme\ewido\security suite\ewidoctrl.exe [ewido security suite guard] C:\Programme\ewido\security suite\ewidoguard.exe [F-Prot Antivirus Update Monitor] "C:\Programme\FSI\F-Prot\fpavupdm.exe" [FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs [helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs [HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter [ImapiService] C:\WINDOWS\System32\imapi.exe [InCDsrv] C:\Programme\Ahead\InCD\InCDsrv.exe [lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs [lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs [LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService [Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs [mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe [MSDTC] C:\WINDOWS\System32\msdtc.exe [MSIServer] C:\WINDOWS\System32\msiexec.exe /V [navapsvc] "C:\Programme\Norton AntiVirus\navapsvc.exe" [NetDDE] %SystemRoot%\system32\netdde.exe [NetDDEdsdm] %SystemRoot%\system32\netdde.exe [Netlogon] %SystemRoot%\System32\lsass.exe [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs [NISUM] "C:\Programme\Norton Internet Security\NISUM.EXE" [Nla] %SystemRoot%\System32\svchost.exe -k netsvcs [NtLmSsp] %SystemRoot%\System32\lsass.exe [NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [NVSvc] %SystemRoot%\System32\nvsvc32.exe [ose] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" [PlugPlay] %SystemRoot%\system32\services.exe [PolicyAgent] %SystemRoot%\System32\lsass.exe [ProtectedStorage] %SystemRoot%\system32\lsass.exe [RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs [RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs [RDSessMgr] C:\WINDOWS\system32\sessmgr.exe [RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [rpcapd] "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [RpcLocator] %SystemRoot%\System32\locator.exe [RpcSs] %SystemRoot%\system32\svchost -k rpcss [RSVP] %SystemRoot%\System32\rsvp.exe [SamSs] %SystemRoot%\system32\lsass.exe [SBService] C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe [SCardSvr] %SystemRoot%\System32\SCardSvr.exe [Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs [seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs [SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs [SLService] slserv.exe [SNDSrvc] C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [Spooler] %SystemRoot%\system32\spoolsv.exe [srservice] %SystemRoot%\System32\svchost.exe -k netsvcs [SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService [stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc [SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{98C2724C-CAD0-4FFE-A9E2-A3EE92C4E7B5} [SymWSC] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe" [SysmonLog] %SystemRoot%\system32\smlogsvc.exe [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [TermService] %SystemRoot%\System32\svchost -k DComLaunch [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs [TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs [UMWdf] C:\WINDOWS\system32\wdfmgr.exe [upnphost] %SystemRoot%\System32\svchost.exe -k LocalService [UPS] %SystemRoot%\System32\ups.exe [VSS] %SystemRoot%\System32\vssvc.exe [W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs [WebClient] %SystemRoot%\System32\svchost.exe -k LocalService [winmgmt] %systemroot%\system32\svchost.exe -k netsvcs [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs [WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe [wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [wuauserv] %systemroot%\system32\svchost.exe -k netsvcs [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs [xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs **** Custom IE Search Items **** SEARCH: [SearchAssistant_bak] about:blank SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm **** Complete IE Options **** IEOPT: [NoUpdateCheck] IEOPT: [NoJITSetup] IEOPT: [Disable Script Debugger] yes IEOPT: [Show_ChannelBand] No IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Local Page] http://allwebseek.com IEOPT: [Save_Session_History_On_Exit] no IEOPT: [Show_FullURL] no IEOPT: [Show_StatusBar] yes IEOPT: [Show_ToolBar] yes IEOPT: [Show_URLinStatusBar] yes IEOPT: [Show_URLToolBar] yes IEOPT: [Start Page] about:blank IEOPT: [Use_DlgBox_Colors] yes IEOPT: [FullScreen] no IEOPT: [Window_Placement] , IEOPT: [Use FormSuggest] yes IEOPT: [NotifyDownloadComplete] no IEOPT: [FavoritesExportFile] D:\USB\bookmark.htm IEOPT: [FavoritesImportFolder] C:\Dokumente und Einstellungen\db\Favoriten IEOPT: [Toolbars_Placement] b‰çAêL~·aw_æÿw©yN“Jlungen\db\Favoriten IEOPT: [Use Search Asst] no IEOPT: [Error Dlg Displayed On Every Error] no IEOPT: [Error Dlg Details Pane Open] no IEOPT: [AddToFavoritesExpanded] IEOPT: [Force Offscreen Composition] IEOPT: [ShowGoButton] yes IEOPT: [NoWebJITSetup] IEOPT: [Friendly http errors] yes IEOPT: [FavIntelliMenus] no IEOPT: [NscSingleExpand] IEOPT: [SmoothScroll] IEOPT: [Page_Transitions] IEOPT: [AllowWindowReuse] IEOPT: [UseThemes] IEOPT: [Print_Background] no IEOPT: [Expand Alt Text] no IEOPT: [Move System Caret] no IEOPT: [Play_Animations] yes IEOPT: [Enable AutoImageResize] yes IEOPT: [Enable_MyPics_Hoverbar] yes IEOPT: [Show image placeholders] IEOPT: [Play_Background_Sounds] yes IEOPT: [Display Inline Videos] yes IEOPT: [StatusBarWeb] IEOPT: [Use Custom Search URL] IEOPT: [Check_Associations] yes IEOPT: [conc] IEOPT: [Search Bar_bak] res://C:\DOKUME~1\db\LOKALE~1\Temp\sp.dll/sp.html IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IEOPT: [Enable_Disk_Cache] yes IEOPT: [Cache_Percent_of_Disk] IEOPT: [Delete_Temp_Files_On_Exit] yes IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm IEOPT: [Anchor_Visitation_Horizon] IEOPT: [Use_Async_DNS] yes IEOPT: [Placeholder_Width] IEOPT: [Placeholder_Height] IEOPT: [Start Page] about:blank IEOPT: [CompanyName] Microsoft Corporation IEOPT: [Custom_Key] MICROSO IEOPT: [Wizard_Version] 6.0.2600.0000 IEOPT: [FullScreen] no IEOPT: [Check_Associations] yes IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HiJack Logfile of HijackThis v1.99.0 Scan saved at 19:50:45, on 09.02.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\FSI\F-Prot\fpavupdm.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\NISUM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Norton Internet Security\ccPxySvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\Winamp\winampa.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Archive\archive.exe C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe C:\Programme\Internet Explorer\iexplore.exe C:\totalcmd\TOTALCMD.EXE C:\Dokumente und Einstellungen\db\Desktop\Neuer Ordner (5)\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://allwebseek.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [AnyDVD] c:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programme\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\db\LOKALE~1\Temp\mwavscan.com" /s O4 - HKLM\..\Run: [Archive] C:\Programme\Archive\archive.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - Global Startup: DSLMON.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4426/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF838E9-5E42-40C4-A0ED-93F05A967047}: NameServer = 217.237.151.225 217.237.150.225 O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Internet Security\ccPxySvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\FSI\F-Prot\fpavupdm.exe O23 - Service: InCD Helper - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe Dieser Beitrag wurde am 09.02.2005 um 19:51 Uhr von dirk6 editiert.
|
|
|
||
Hier nun log Datei
Logfile of HijackThis v1.99.0
Scan saved at 23:31:42, on 07.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\telcmd.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hicom.exe
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Archive\archive.exe
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\wmton.exe
C:\WINDOWS\system32\hiden.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\ISTsvc\istsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\db\Desktop\Neuer Ordner (5)\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allwebseek.com/h/1213/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allwebseek.com/h/1213/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.allwebseek.com/h/1213/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: XBTB01232 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\LOOKSM~1\toolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: LookSmart Toolbar - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\Programme\LookSmart Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AnyDVD] c:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Programme\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\db\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [Archive] C:\Programme\Archive\archive.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [afixmfg] C:\WINDOWS\wmton.exe
O4 - HKLM\..\Run: [hiden.exe] hiden.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Update Service] "C:\Programme\Gemeinsame Dateien\Teknum Systems\update.exe" /startup
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://Q:\content\include\XPPatchInstaller.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF838E9-5E42-40C4-A0ED-93F05A967047}: NameServer = 217.237.151.225 217.237.150.225
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Manageer Network Connections - Unknown - C:\WINDOWS\system32\telcmd.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Working Network Connections - Unknown - C:\WINDOWS\system32\hicom.exe
Eins wollte ich noch sagen ich bekkome kein Update bei Microsoft mehr hin die Seite bleibt einfach leer.