Kein Internet und verdacht auf Virus

#1 Hallo,

das mein erster Post hier und ich brauch dringend Hilfe hab über die Suchfunktion nichts gefunden.

Also:

Folgendes hab da nen Rechner mit Windows XP Home Edition mit Internet über einen Wlan Router der auch gleichzeitig das Modem ist, der Rechner ist aber über ein Kabel an dem Router angeschlossen und der gewärt mir seit neuestem keinen Zugriff aufs Internet mehr ...

Habe nichts verstellt oder so ging von einem auf den anderen Moment los und da lag mir der verdacht auf einen Virus nahe ... also immer wenn ich aufs Internet zugreifen will geht der Browser nach ein paar Sekunden einfach aus, genau so bei ICQ, Outlook und jeglichen Anwendungen die aufs Intertnet zugreifen ... ebenfalls wenn ich den Router anpingen will geht das MS-DOS Fenster nach dem 2. Ping versuch aus ...


Also was kann das sein und was kann ich tun?

Danke schonmal

MfG
TheTrueSnake

(PS: Wenn der Snake der hier schon registriert ist das ließt, bitte nicht provoziert von meinem Namen fühlen plz, mir viel nichts besseres ein weil ich mich normalerweise auch Snake nennen )

#2 Hallo TheTrueSnake,

HijackThis 1.99.1
http://www.downloads.subratam.org/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Installiere das Programm in einem eigenen Ordner.
Starte das Programm mit der exe-Datei => Scan drücken => Save Log drücken => der Texteditor mit dem Log öffnet sich. Den gesamten Text abkopieren und hierher posten.

Gruß
Heron
__________
"Die Welt ist groß, weil der Kopf so klein"
Wilhelm Busch

#3 ok hier:

Logfile of HijackThis v1.99.1
Scan saved at 23:21:17, on 13.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\Programme\PERFECT SERIES\OPTICAL MOUSE\4.0\MOUSE32A.EXE
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Deamon Tool\daemon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Common\Bin\WinCinemaMgr.exe
C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe
C:\Programme\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\VLC\vlc.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=6170146
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=6170146
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgr-bielefeld.de/
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHG~1.50\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.50\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\PERFECT SERIES\OPTICAL MOUSE\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\Deamon Tool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [bcncubtgwt] C:\WINDOWS\System32\fumews.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mm_server] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [mmtask] C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Programme\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OfficeManager Terminerinnerung.lnk = ?
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\Flash Get 1.50\jc_all.htm
O8 - Extra context menu item: Ebates - file://C:\Programme\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\Flash Get 1.50\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.50\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.50\flashget.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programme\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101772197673
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73FB0C1-68E1-43E6-851C-8107752777A4}: NameServer = 192.168.2.1
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#4 Vorweg: Diese Datei (C:\WINDOWS\System32\fumews.exe) bitte zu allererst bei jotti -> http://virusscan.jotti.org/de/ prüfen und Ergebnis hier posten.

Zitat

TheTrueSnake postete
ok hier:
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Das SP2 fehlt!


C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe

Java ist veraltet (=erhebliche Sicherheitslücken!). Bitte updaten.

C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe

Das ist Spyware.

C:\Programme\Gemeinsame Dateien\GMT\GMT.exe

Ebenfalls.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=6170146
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=6170146

Der Browser wurde entführt. Diese Einträge löschen (IE schließen, Einträge in HijackThis markieren, "Fix checked" wählen).

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O4 - HKLM\..\Run: [bcncubtgwt] C:\WINDOWS\System32\fumews.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Programme\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O8 - Extra context menu item: Ebates - file://C:\Programme\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programme\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)

Das ebenfalls entfernen, eine Mischung aus verschiedenen Schädlingen.

#5 Ok das klingt schonmal alles sehr nützlich

nur ähm soll nu keine Kritik sein ich hör schon immer von allen möglichen Leuten man muss SP2 drauf machen, ich hab aber auch gehört das dann viele Programme nicht mehr funktionieren ...

Ist da was dran oder nicht?

Edit:
Bei dem Scan ganz oben kommt diese Meldung:

Zitat

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Also das geht nicht und an der Firewall kanns net liegen ...
Außerdem konnte ich die Datei nicht "erbrowsern" nur wenn ich sie direkt eingetragen habe gings

Edit2: Habe alles soweit fertig bis auf den Virenscan oben und das SP2 und habe nochmal Antivir drüber laufen lassen der meinte das ich folgende Viren habe:
TR/Dldr.Stubb:C
TR/Hijack.MultiPP
TR/Dldr.Krapper.3
Alle in *.cab Dateien, aber löschen oder reparieren bietet er mir nicht an

Was kann man damit wiederrum machen?

#6 Poste erst einmal ein aktuelles HJT Log, damit man sehen kann, was Du bisher erreicht hast.

Gruß
Heron
__________
"Die Welt ist groß, weil der Kopf so klein"
Wilhelm Busch

#7 Bitte schön

Logfile of HijackThis v1.99.1
Scan saved at 13:04:37, on 14.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
C:\Programme\PERFECT SERIES\OPTICAL MOUSE\4.0\MOUSE32A.EXE
C:\Programme\Antivir\AVWUPSRV.EXE
C:\Programme\HP\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Deamon Tool\daemon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programme\Antivir\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Common\Bin\WinCinemaMgr.exe
C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe
C:\Programme\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Programme\Antivir\AVGUARD.EXE
C:\Programme\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgr-bielefeld.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHG~1.50\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.50\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\PERFECT SERIES\OPTICAL MOUSE\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\Deamon Tool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mm_server] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [mmtask] C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\Antivir\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OfficeManager Terminerinnerung.lnk = ?
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\Flash Get 1.50\jc_all.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\Flash Get 1.50\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.50\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.50\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73FB0C1-68E1-43E6-851C-8107752777A4}: NameServer = 192.168.2.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\Antivir\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Antivir\AVWUPSRV.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#8 TheTrueSnake

•HOSTFILE:
öffne das HijackThis
"Do a system scan only"-->Config--> Misc Tools-->Open Hosts file Manager--> delet line(s)
lösche alles , lasse nur stehen:
127.0.0.1 localhost

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\Programme\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
C:\WINDOWS\System32\fumews.exe
C:\WINDOWS\multimpp.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil
C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe

NEUSTARTEN

C:\Programme\Ebates_MoeMoneyMaker\<--loeschen

Loeschen temporaere Dateien --> loesche die Dateien in den Ordnern, nicht die Temp-ordner selbst
C:\WINDOWS\Temp\
C:\Temp\
C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\
C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat)

CCleaner--> alle *temp-Datein loeschen
http://www.ccleaner.com/ccdownload.asp

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
__________
MfG Sabina

rund um die PC-Sicherheit

#9 C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat)

Das geht nicht wenn ich in den Temporary Internet Files Ordner will bricht der ab und macht das Fenster einfach zu.

Und wie lösche ich mit dem CCleaner die *.temp dateien?
Edit: Ok das mit den Temporären Dateien hab ich gefunden bei System das ne? Hab die gelöscht...

Nur das oben klappt halt nicht, was mach ich da?

#10 Hallo@TheTrueSnake

ich verstehe kein Wort-->

Zitat

das da oben klappt nicht ?????????????

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml

und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory

-->und "Scan " klicken.

•Gehe wieder in den Normalmodus:

•mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du "infected" ein



•jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten
__________
MfG Sabina

rund um die PC-Sicherheit

#11

Zitat

C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat)

Das hier geht nicht immer wenn ich in den Temporary Internet Files Ordner will geht das Fenster zu

#12 Hallo@TheTrueSnake

ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- index.dat



•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml

und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory

-->und "Scan " klicken.

•Gehe wieder in den Normalmodus:

•mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du "infected" ein

•jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.

Mon Apr 18 20:30:20 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => System found infected with Gator Spyware/Adware ({21FFB6C0-0DA1-11D5-A9D5-00500413153C})! Action taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => File System Found infected by "Gator Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => System found infected with 180Solutions Spyware/Adware! Action taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => File System Found infected by "180Solutions Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => System found infected with gator.com Spyware/Adware! Action taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => File System Found infected by "gator.com Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => System found infected with vendor Spyware/Adware! Action taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => System found infected with msbb Spyware/Adware! Action taken: No Action Taken.

Mon Apr 18 20:30:21 2005 => File System Found infected by "msbb Spyware/Adware" Virus. Action Taken: No Action Taken.

Mon Apr 18 21:44:52 2005 => Scanning Folder: C:\Programme\AntiVir\INFECTED\*.*

Mon Apr 18 21:48:04 2005 => File C:\Programme\Flash Get 1.50\fgf150.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.

C:\Programme\Hijackthis\backups\backup-20050414-021923-873.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:26:03 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP69\A0104470.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:26:35 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP70\A0104985.exe infected by "not-a-virusorn-Dialer.Win32.Star" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:17 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106401.dll infected by "not-a-virus:AdWare.Gator.5115" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:17 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106411.exe infected by "not-a-virus:AdWare.Gator.6034" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:18 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106414.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:18 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106415.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:18 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106416.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:18 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106417.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:18 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106418.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:18 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106419.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:18 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106420.dll infected by "not-a-virus:AdWare.Gator.6051" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:21 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106438.dll infected by "not-a-virus:AdWare.Gator.5017" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:21 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106439.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:21 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106440.exe infected by "not-a-virus:AdWare.Gator.5112" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:25 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106499.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:26 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106502.dll infected by "not-a-virus:AdWare.BiSpy.n" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:26 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106503.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:26 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106504.exe infected by "not-a-virus:AdWare.BiSpy.o" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:26 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106505.dll infected by "not-a-virus:AdWare.ToolBar.FWN.a" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:27 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106506.exe infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:27 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106507.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:27 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106508.dll infected by "not-a-virus:AdWare.EZula.ac" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:27 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106509.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:27 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106510.exe infected by "Trojan-Downloader.Win32.Esepor.q" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:27 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106511.exe infected by "not-a-virus:AdWare.ToolBar.VB.f" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:27 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106512.exe infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:27 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106513.dll infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:28 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106518.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:27:28 2005 => File C:\System Volume Information\_restore{58BE883D-80D6-475C-9890-D5C0D8FB3D8F}\RP71\A0106519.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.

Mon Apr 18 23:46:24 2005 => ***** Scanning complete. *****

Mon Apr 18 23:46:24 2005 => Total Objects Scanned: 120172
Mon Apr 18 23:46:24 2005 => Total Virus(es) Found: 66
Mon Apr 18 23:46:24 2005 => Total Disinfected Files: 0
Mon Apr 18 23:46:24 2005 => Total Files Renamed: 0
Mon Apr 18 23:46:24 2005 => Total Deleted Objects: 0
Mon Apr 18 23:46:24 2005 => Total Errors: 286
Mon Apr 18 23:46:24 2005 => Time Elapsed: 03:18:32
Mon Apr 18 23:46:24 2005 => Virus Database Date: 2005/04/16
Mon Apr 18 23:46:24 2005 => Virus Database Count: 126266

Mon Apr 18 23:46:24 2005 => Scan Completed.

Wusste gar nicht was man sich im Internet alles einfangen kann

#14 Hallo@@TheTrueSnake

Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

starte den PC neu, dann aktiviere sie wieder

Download the beta* of our new anti-spyware software today
http://www.microsoft.com/athome/security/spyware/software/default.mspx

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Ad-Aware SE Build 1.05
Logfile Created onienstag, 19. April 2005 20:42:48
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):30 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


19.04.2005 20:42:48 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Udo\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\frontpage\editor\recent templates
Description : list of recently used templates in microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\smartftp\connection data
Description : list of recently accessed servers using smartftp


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\musicmatch
Description : download location of the musicmatch installer


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\frontpage
Description : default save location in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
Description : list of recently created servers in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-3006880278-1819221912-3917891486-1007\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 612
ThreadCreationTime : 19.04.2005 18:41:27
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 19.04.2005 18:41:33
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 19.04.2005 18:41:35
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 19.04.2005 18:41:35
BasePriority : Normal
FileVersion : 5.1.2600.1224 (xpsp2.030516-0318)
ProductVersion : 5.1.2600.1224
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 19.04.2005 18:41:35
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 892
ThreadCreationTime : 19.04.2005 18:41:36
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 19.04.2005 18:41:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1024
ThreadCreationTime : 19.04.2005 18:41:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1188
ThreadCreationTime : 19.04.2005 18:41:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1220
ThreadCreationTime : 19.04.2005 18:41:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1268
ThreadCreationTime : 19.04.2005 18:41:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avguard.exe]
FilePath : C:\Programme\Antivir\
ProcessID : 1380
ThreadCreationTime : 19.04.2005 18:41:43
BasePriority : Normal


#:13 [avwupsrv.exe]
FilePath : C:\Programme\Antivir\
ProcessID : 1392
ThreadCreationTime : 19.04.2005 18:41:43
BasePriority : Normal


#:14 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\
ProcessID : 1424
ThreadCreationTime : 19.04.2005 18:41:43
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:15 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1452
ThreadCreationTime : 19.04.2005 18:41:43
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1484
ThreadCreationTime : 19.04.2005 18:41:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 336
ThreadCreationTime : 19.04.2005 18:42:08
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:18 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 512
ThreadCreationTime : 19.04.2005 18:42:11
BasePriority : Normal
FileVersion : 6.14.10.5079
ProductVersion : 6.14.10.5079
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:19 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0_02\bin\
ProcessID : 520
ThreadCreationTime : 19.04.2005 18:42:11
BasePriority : Normal


#:20 [hotkey.exe]
FilePath : C:\WINDOWS\Twain_32\SlimU2\
ProcessID : 536
ThreadCreationTime : 19.04.2005 18:42:11
BasePriority : Normal
FileVersion : 1,1,3,5
ProductVersion : 1,1,3,5
ProductName : OneTouchHotKey Application
CompanyName : Pmx. Electronics Ltd.
FileDescription : OneTouchHotKey MFC Application
InternalName : OneTouchHotKey
LegalCopyright : Copyright (C) 2002
OriginalFilename : HotKey.EXE

#:21 [mouse32a.exe]
FilePath : C:\Programme\PERFECT SERIES\OPTICAL MOUSE\4.0\
ProcessID : 544
ThreadCreationTime : 19.04.2005 18:42:12
BasePriority : Normal
FileVersion : 3.0.1.0
ProductVersion : 3.0.0.0
LegalCopyright : Copyright 2001 by LEE,WEI-BIN.

#:22 [hpwuschd.exe]
FilePath : C:\Programme\HP\HP Software Update\
ProcessID : 560
ThreadCreationTime : 19.04.2005 18:42:12
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:23 [hpcmpmgr.exe]
FilePath : C:\Programme\HP\hpcoretech\
ProcessID : 576
ThreadCreationTime : 19.04.2005 18:42:12
BasePriority : Normal
FileVersion : 1.76.0
ProductVersion : 1.76.0
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright (C) Hewlett-Packard. 2002-2003
OriginalFilename : HPCmpMgr.exe

#:24 [daemon.exe]
FilePath : C:\Programme\Deamon Tool\
ProcessID : 396
ThreadCreationTime : 19.04.2005 18:42:12
BasePriority : Normal


#:25 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 604
ThreadCreationTime : 19.04.2005 18:42:12
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:26 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 632
ThreadCreationTime : 19.04.2005 18:42:12
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:27 [mm_server.exe]
FilePath : C:\Programme\Musicmatch\Musicmatch Jukebox\
ProcessID : 636
ThreadCreationTime : 19.04.2005 18:42:12
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : Musicmatch Music Server
InternalName : MusicServer.exe
LegalCopyright : (c) Musicmatch Inc.. All rights reserved.
OriginalFilename : MusicServer.exe

#:28 [mmtask.exe]
FilePath : C:\Programme\Musicmatch\Musicmatch Jukebox\
ProcessID : 656
ThreadCreationTime : 19.04.2005 18:42:13
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : (c) Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:29 [pdvdserv.exe]
FilePath : C:\Programme\CyberLink\PowerDVD\
ProcessID : 652
ThreadCreationTime : 19.04.2005 18:42:13
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright (c) CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:30 [avgnt.exe]
FilePath : C:\Programme\Antivir\
ProcessID : 664
ThreadCreationTime : 19.04.2005 18:42:13
BasePriority : Normal


#:31 [em_exec.exe]
FilePath : C:\Programme\Logitech\MouseWare\system\
ProcessID : 812
ThreadCreationTime : 19.04.2005 18:42:13
BasePriority : Normal
FileVersion : 9.76.046
ProductVersion : 9.76.046
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : (C) 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:32 [gcasserv.exe]
FilePath : C:\Programme\Microsoft AntiSpyware\
ProcessID : 780
ThreadCreationTime : 19.04.2005 18:42:14
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 952
ThreadCreationTime : 19.04.2005 18:42:14
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:34 [mmdiag.exe]
FilePath : C:\Programme\Musicmatch\Musicmatch Jukebox\
ProcessID : 984
ThreadCreationTime : 19.04.2005 18:42:15
BasePriority : Normal
FileVersion : 9.00.0171
ProductVersion : 9.00.0171
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:35 [hpqtra08.exe]
FilePath : C:\Programme\HP\Digital Imaging\bin\
ProcessID : 1068
ThreadCreationTime : 19.04.2005 18:42:16
BasePriority : Normal
FileVersion : 5.31.0.147
ProductVersion : 005.031.000.147
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:36 [wincinemamgr.exe]
FilePath : C:\Programme\Common\Bin\
ProcessID : 1112
ThreadCreationTime : 19.04.2005 18:42:16
BasePriority : Normal
FileVersion : 1.8.1
ProductVersion : 1, 8, 1, 0
ProductName : WinCinema Manager for InterVideo WinCinema products
CompanyName : InterVideo Inc.
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright 1999-2003 InterVideo, Inc. All rights reserved.
OriginalFilename : WinCinemaMgr.EXE

#:37 [omalarm.exe]
FilePath : C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\
ProcessID : 1196
ThreadCreationTime : 19.04.2005 18:42:17
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Anwendung OMAlarm
FileDescription : MFC-Anwendung OMAlarm
InternalName : OMAlarm
LegalCopyright : Copyright (C) 1999
OriginalFilename : OMAlarm.EXE

#:38 [calcheck.exe]
FilePath : C:\Programme\Ulead Photo Express 4.0 SE\
ProcessID : 1236
ThreadCreationTime : 19.04.2005 18:42:17
BasePriority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : Calendar Checker Application
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
LegalCopyright : Copyright (C) 1992-1999.Ulead Systems, Inc.
LegalTrademarks : Ulead Systems, MediaStudio, PhotoImpact and Photo Express are registered trademarks of Ulead Systems, Inc.
OriginalFilename : CalCheck.EXE

#:39 [gcasdtserv.exe]
FilePath : C:\Programme\Microsoft AntiSpyware\
ProcessID : 1612
ThreadCreationTime : 19.04.2005 18:42:29
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:40 [ad-aware.exe]
FilePath : C:\Programme\Ad-Aware\Ad-Aware SE Personal\
ProcessID : 4028
ThreadCreationTime : 19.04.2005 18:42:39
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Deep scanning and examining files (G
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 30




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30

21:04:10 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:21.242
Objects scanned:184912
Objects identified:0
Objects ignored:0
New critical objects:0

Hier