Home » Spyware & Browser Hijacker Support Forum » Your system is infected - bitte hilfe » Themenansicht
Your system is infected - bitte hilfe |
||
|---|---|---|
| #0
| ||
|
18.11.2005, 23:21
Member
Beiträge: 13 |
||
 
|
|
|
|
19.11.2005, 16:11
Ehrenmitglied
 Beiträge: 29434 |
#2
Iceman_II
CCleaner http://virus-protect.org/temp.html lösche alle temp-Dateien kopiere bitte hier die 4 Textdateien http://virus-protect.org/datfindbat.html silentrunner http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.11.2005, 16:22
Member
Themenstarter Beiträge: 13 |
#3
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54F4-BD9B Verzeichnis von C:\WINDOWS\system32 19.11.2005 14:10 53.942 perfc009.dat 19.11.2005 14:10 383.588 perfh009.dat 19.11.2005 14:10 64.994 perfc007.dat 19.11.2005 14:10 395.074 perfh007.dat 19.11.2005 14:10 906.376 PerfStringBackup.INI 19.11.2005 13:29 5.632 dddd.exe 19.11.2005 11:53 1.158 wpa.dbl 18.11.2005 21:11 234.272 widap32.dll 18.11.2005 20:53 4.057 paytime.exe 17.11.2005 12:49 235.650 p4r40e9qeh.dll 10.11.2005 19:17 300.440 FNTCACHE.DAT 06.11.2005 10:53 5.560 jupdate-1.5.0_05-b05.log 05.11.2005 10:56 34.308 BASSMOD.dll 04.11.2005 16:27 534.280 LegitCheckControl.DLL 02.11.2005 06:34 2.377.568 MRT.exe 27.10.2005 16:41 492.544 WRLogonNtf.dll 20.10.2005 15:37 24.924 openports.dll 20.10.2005 15:37 40.960 SDelete.dll 14.10.2005 16:25 27 mcheck.mhf 09.10.2005 20:02 100 LuResult.txt 06.10.2005 04:18 280.064 gdi32.dll 06.10.2005 04:08 1.839.616 win32k.sys 04.10.2005 16:26 3.013.120 mshtml.dll 26.09.2005 19:13 8 success 23.09.2005 04:06 8.491.520 shell32.dll 22.09.2005 16:43 772 SmartGart.lnk 10.09.2005 02:54 2.067.968 cdosys.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 54F4-BD9B Verzeichnis von C:\DOKUME~1\M_STEN~1\LOKALE~1\Temp 19.11.2005 16:09 32.768 ~DFB715.tmp 19.11.2005 16:09 16.384 ~DF6C49.tmp 19.11.2005 15:01 49.152 ~DF6908.tmp 19.11.2005 14:07 59.964 Adobelm_Cleanup.0001 4 Datei(en) 158.268 Bytes 0 Verzeichnis(se), 44.537.827.328 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 54F4-BD9B Verzeichnis von C:\WINDOWS 19.11.2005 14:24 1.374.022 WindowsUpdate.log 19.11.2005 14:05 159 wiadebug.log 19.11.2005 14:05 50 wiaservc.log 19.11.2005 14:05 2.048 bootstat.dat 19.11.2005 14:03 32.042 SchedLgU.Txt 19.11.2005 10:31 0 timessquare1.dat 18.11.2005 21:14 38 drsmartload.dat 18.11.2005 20:53 3.101 secure32.html 18.11.2005 20:53 1.024 de.exe 18.11.2005 20:53 0 uniq 18.11.2005 14:14 0 Lic.xxx 17.11.2005 19:23 16 wininit.ini 16.11.2005 18:36 6.098 ModemLog_Bluetooth Fax Modem.txt 16.11.2005 18:36 6.104 ModemLog_Bluetooth DUN Modem.txt 16.11.2005 18:36 3.850 ModemLog_Agere Systems AC'97 Modem v2157D.txt 16.11.2005 13:41 896 win.ini 15.11.2005 10:50 5.496 ModemLog_Bluetooth LAP Modem #2.txt 10.11.2005 18:41 866 ODBC.INI 06.11.2005 10:38 99.970 UninstallFirefox.exe 06.11.2005 10:38 3.371 mozver.dat 30.10.2005 14:18 216.064 iun3405.exe 29.10.2005 11:03 658 AWSHKWV.INI 27.10.2005 16:41 468.480 WRUninstall.dll 21.10.2005 15:55 684.032 libeay32.dll 21.10.2005 15:55 155.648 ssleay32.dll 20.10.2005 14:30 41.080 ModemLog_HTC USB Modem #2.txt 15.10.2005 18:58 409 IMMDAT.INI 05.10.2005 13:04 8.021 bc100.ini 05.10.2005 13:04 194 BVerfGG.ini 01.10.2005 09:07 134 JUSBASIS.ini 01.10.2005 09:07 180 sa.ini 01.10.2005 09:06 134 ALTMIETR.ini 01.10.2005 09:06 103 ALTZPO.ini 01.10.2005 09:06 103 ALTSCHULDR.ini 01.10.2005 09:06 136 Schf.ini 29.09.2005 21:07 21 bc000.ini 29.09.2005 21:07 18 bc1100.ini 29.09.2005 21:07 37 BECK.INI 19.09.2005 16:16 737.280 iun6002.exe 18.09.2005 15:11 250 system.ini 08.08.2005 15:51 7.612 ModemLog_HTC USB Modem.txt 08.08.2005 14:47 37 vbaddin.ini 08.08.2005 14:05 131 TAPP.INI 08.08.2005 00:25 532.992 opuc.dll 06.08.2005 20:12 5.506 ModemLog_Bluetooth LAP Modem.txt 06.08.2005 14:44 5.148 ModemLog_Standard 19200 bps Modem #10.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 54F4-BD9B Verzeichnis von C:\ 19.11.2005 16:22 0 sys.txt 19.11.2005 16:21 7.980 system.txt 19.11.2005 16:20 451 systemtemp.txt 19.11.2005 16:19 107.503 system32.txt 19.11.2005 14:04 1.072.549.888 hiberfil.sys 19.11.2005 14:04 1.610.612.736 pagefile.sys 18.11.2005 21:16 48 LSWMV.INI 30.09.2005 17:25 2.723.840 Foxit Reader.exe 10.07.2005 10:39 226 boot.ini 20.03.2005 04:12 0 CONFIG.SYS 20.03.2005 04:12 0 IO.SYS 20.03.2005 04:12 0 MSDOS.SYS 20.03.2005 04:12 0 AUTOEXEC.BAT 04.08.2004 13:00 4.952 bootfont.bin 04.08.2004 13:00 47.564 NTDETECT.COM 04.08.2004 13:00 251.184 ntldr 16 Datei(en) 2.686.306.372 Bytes 0 Verzeichnis(se), 44.538.085.376 Bytes frei hier noch das Log von silent runners! Hatte heute morgen auch schon selber ein bisschen rumprobiert, konnte auch einiges entfernen, hoffe, dass ich dadurch nicht alles verschlimmert habe. "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AWMON" = ""C:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"" ["Lavasoft Sweden"] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "CounterSpyCleaner" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe" ["Sunbelt Software"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "KTPWare" = "C:\Programme\Elantech\ktp3.exe" ["ELANTECH Devices Corp."] "PCMService" = ""C:\Programme\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "DAEMON Tools-1033" = ""C:\Programme\D-Tools\daemon.exe" -lang 1033 -lock" ["DAEMON'S HOME"] "Acrobat Assistant 7.0" = ""C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."] "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."] "SunServer" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "SpybotSnD" = (empty string) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b4 (beta test) Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b4 (beta test) DragDrop Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b4 (beta test) Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b4 (beta test) Property Sheet Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{306E4919-E14B-4523-99C5-A90C0048D854}" = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\widap32.dll" [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."] INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] CIB pdf brewer\(Default) = "{9CB3ED0A-1CFA-11D9-9A43-000476F770CC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\CIB software GmbH\CIB pdf brewer\CIBpdfBrContextMenu.dll" ["CIB software GmbH, München"] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\wallpaper_targa_1280x800.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "M_Stenzel" & "All Users" startup folders: ----------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Acrobat - Schnellstart" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe" [null data] "Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Enabled Scheduled Tasks: ------------------------ "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] "AA6775AA91ACF516" -> launches: "c:\dokume~1\m_sten~1\anwend~1\aboutf~1\SurfOwnsSecond.exe" [file not found] "ABDAB29991F92321" -> launches: "c:\dokume~1\m_sten~1\anwend~1\aboutf~1\SurfOwnsSecond.exe" [file not found] "Norton AntiVirus - Meinen Computer prüfen - M_Stenzel" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~4\Navw32.exe /task:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Norton SystemWorks One Button Checkup" -> launches: "C:\Programme\Norton SystemWorks\OBC.exe /CUSTOM /SCHEDULE /AUTO" ["Symantec Corporation"] "Symantec Drmc" -> launches: "C:\Programme\Gemeinsame Dateien\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 29 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\ = "Adobe PDF" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Mobilen Favoriten erstellen" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Mobilen Favoriten erstellen..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.targa.de Missing lines (compared with English-language version): [Strings]: 1 line HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe LM Service, Adobe LM Service, ""C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe"" ["Adobe Systems"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string] CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"] CyberLink Task Scheduler (CTS), CLSched, ""C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"" [empty string] ISSvc, ISSVC, ""C:\Programme\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"] Symantec Core LC, Symantec Core LC, "C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Network Proxy, ccProxy, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Symantec SPBBCSvc, SPBBCSvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Canon MP Language Monitor MP360\Driver = "CNMLMyd.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 36 seconds, including 18 seconds for message boxes) Danke für die Hilfe! Dieser Beitrag wurde am 19.11.2005 um 16:29 Uhr von Iceman_II editiert.
|
|
|
|
|
|
|
19.11.2005, 17:05
Ehrenmitglied
Beiträge: 29434 |
#4
Start -> Ausfuehren --> schreib rein: notepad -- klicke OK.
oder , falls das kommando nicht stimmt, oeffne den Editor.... Dann kopiere folgenden Text rein: sc stop cmdService sc delete cmdService del delete.bat Auf dem Desktop abspeichern als "delete.bat". --> Doppeltklicken KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\paytime.exe C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\pplmon.dll C:\WINDOWS\system32\timessquare1.dat C:\WINDOWS\system32\drsmartload.dat C:\WINDOWS\system32\secure32.html C:\WINDOWS\system32\de.exe C:\WINDOWS\system32\uniq C:\WINDOWS\system32\Lic.xxx C:\WINDOWS\system32\dddd.exe C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\lvrhelp.dll C:\WINDOWS\system32\widap32.dll C:\WINDOWS\system32\p4r40e9qeh.dll c:\secure32.html C:\winstall.exe c:\ecsiin.stub.exe C:\WINDOWS\TV9TdGVuemVs\asappsrv.dll C:\WINDOWS\TV9TdGVuemVs C:\WINDOWS\system32\nfomon\nfomon.exe C:\WINDOWS\system32\nfomon C:\WINDOWS\system32\vidmon\vidmon.exe C:\WINDOWS\system32\vidmon C:\PROGRA~1\GEMEIN~1\kqum\kqumm.exe C:\PROGRA~1\GEMEIN~1\kqum C:\windows\adtech2005.exe C:\windows\timessquare.exe C:\WINDOWS\iun6002.exe C:\WINDOWS\tool2.exe PC neustarten öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU\..\Run: [kqum] C:\PROGRA~1\GEMEIN~1\kqum\kqumm.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TV9TdGVuemVs\command.exe PC neustarten falls du auch nicht weisst, wozu das dient ...deinstalliere es. C:\Programme\Elantech\ktp3.exe arbeite Option 1, 2 --> Neustart --> und 4 ab und poste dann das Log http://virus-protect.org/l2mfix.html Gehe in die Registry Start-->Ausfuehren--> regedit bearbeiten--> suchen--> CMDSERVICE Klicke auf Bearbeiten -- Berechtigung und klicke dann auf Vollzugriff -- [Übernehmen] und auf [OK]. Erneuter [Rechtsklick] auf den Schlüssel und versuche diesen zu löschen. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService PC neustarten Deaktivieren Wiederherstellung «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924 Scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html Info: http://virus-protect.org/artikel/spyware/command.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.11.2005, 17:22
Member
Themenstarter Beiträge: 13 |
#5
Wenn killbox! remove on reboot machen möchte reagiert killbox nicht, es passiert gar nichts!
Was mache ich falsch ?? |
|
|
|
|
|
|
19.11.2005, 17:24
Ehrenmitglied
Beiträge: 29434 |
#6
das macht nichts....kopiere dennoch alles rein und am Ende (beim letzten starte den PC neu)
lade die seite neu...ich habe veraendert ........... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.11.2005, 17:56
Member
Themenstarter Beiträge: 13 |
#7
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Warning (option /rga  ci)) - There is no ACE to remove!RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-CI) DENY --C------- VORDEFINIERT\Administratoren (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Panda online funktioniert bei mir nicht! Es kommt immer Fehler auf der Seite --> wenn ich auf scan my computer gehe habe jetzt nochmal counterspy drüberlaufen lassen, er findet immer noch spyware, zb. look2me Dieser Beitrag wurde am 19.11.2005 um 19:10 Uhr von Iceman_II editiert.
|
|
|
|
|
|
|
19.11.2005, 19:14
Ehrenmitglied
Beiträge: 29434 |
#8
post mir mal bitte das Log
Option 1, http://virus-protect.org/l2mfix.html + das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.11.2005, 19:15
Member
Themenstarter Beiträge: 13 |
#9
L2MFIX find log 1.04a
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-CI) DENY --C------- VORDEFINIERT\Administratoren (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{B97B1AC4-5E33-FD8D-F440-E01620907F74}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Context Menu Shell Extension" "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) DragDrop Shell Extension" "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Context Menu Shell Extension" "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6b4 (beta test) Property Sheet Shell Extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{07E2F5E7-7290-49B0-B8CC-A80B8F467669}"="" "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{306E4919-E14B-4523-99C5-A90C0048D854}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{306E4919-E14B-4523-99C5-A90C0048D854}] @="" [HKEY_CLASSES_ROOT\CLSID\{306E4919-E14B-4523-99C5-A90C0048D854}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{306E4919-E14B-4523-99C5-A90C0048D854}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{306E4919-E14B-4523-99C5-A90C0048D854}\InprocServer32] @="C:\\WINDOWS\\system32\\widap32.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ bassmod.dll Sat 5 Nov 2005 10:56:24 A.... 34.308 33,50 K browseui.dll Sat 3 Sep 2005 0:53:20 A.... 1.019.904 996,00 K cdfview.dll Sat 3 Sep 2005 0:53:20 A.... 152.064 148,50 K cdosys.dll Sat 10 Sep 2005 2:54:28 A.... 2.067.968 1,97 M danim.dll Sat 3 Sep 2005 0:53:20 A.... 1.055.744 1,00 M dxtrans.dll Sat 3 Sep 2005 0:53:22 A.... 205.312 200,50 K extmgr.dll Sat 3 Sep 2005 0:53:22 A.... 55.808 54,50 K gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280.064 273,50 K iepeers.dll Sat 3 Sep 2005 0:53:22 A.... 251.392 245,50 K inseng.dll Sat 3 Sep 2005 0:53:22 A.... 96.768 94,50 K legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534.280 521,76 K linkinfo.dll Thu 1 Sep 2005 2:44:42 A.... 19.968 19,50 K mshtml.dll Tue 4 Oct 2005 16:26:02 A.... 3.013.120 2,87 M mshtmled.dll Sat 3 Sep 2005 0:53:22 A.... 448.512 438,00 K msrating.dll Sat 3 Sep 2005 0:53:22 A.... 146.432 143,00 K mstime.dll Sat 3 Sep 2005 0:53:22 A.... 530.432 518,00 K netman.dll Mon 22 Aug 2005 19:31:48 A.... 197.632 193,00 K openpo~1.dll Thu 20 Oct 2005 15:37:00 A.... 24.924 24,34 K ormdspif.dll Sat 19 Nov 2005 18:09:22 ..S.R 234.272 228,78 K pngfilt.dll Sat 3 Sep 2005 0:53:22 A.... 39.424 38,50 K quartz.dll Tue 30 Aug 2005 4:55:36 A.... 1.292.800 1,23 M sdelete.dll Thu 20 Oct 2005 15:37:00 A.... 40.960 40,00 K shdocvw.dll Sat 3 Sep 2005 0:53:22 A.... 1.484.288 1,41 M shell32.dll Fri 23 Sep 2005 4:06:22 A.... 8.491.520 8,10 M shlwapi.dll Sat 3 Sep 2005 0:53:22 A.... 474.112 463,00 K umpnpmgr.dll Tue 23 Aug 2005 4:39:58 A.... 124.416 121,50 K urlmon.dll Sat 3 Sep 2005 0:53:22 A.... 605.696 591,50 K widap32.dll Fri 18 Nov 2005 21:11:12 ..S.R 234.272 228,78 K wininet.dll Sat 3 Sep 2005 0:53:22 A.... 664.064 648,50 K winsrv.dll Thu 1 Sep 2005 2:44:44 A.... 292.352 285,50 K wrlogo~1.dll Thu 27 Oct 2005 16:41:02 A.... 492.544 481,00 K wrssl.dll Sat 19 Nov 2005 17:03:30 ..S.R 234.272 228,78 K 32 items found: 32 files (3 H/S), 0 directories. Total of file sizes: 24.839.624 bytes 23,69 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 54F4-BD9B Verzeichnis von C:\WINDOWS\System32 19.11.2005 18:09 234.272 Ormdspif.dll 19.11.2005 17:03 234.272 wRssl.dll 19.11.2005 13:29 <DIR> dllcache 18.11.2005 21:11 234.272 widap32.dll 20.03.2005 04:15 <DIR> Microsoft 30.09.1999 18:21 166.672 mstext35.dll 28.09.1999 20:42 1.050.896 msjet35.dll 09.09.1999 21:06 252.688 msexcl35.dll 09.09.1999 21:06 168.720 msltus35.dll 25.08.1999 13:57 415.504 msrepl35.dll 10.06.1999 08:34 123.664 msjint35.dll 10.06.1999 08:34 24.848 msjter35.dll 07.06.1999 17:59 250.128 mspdox35.dll 25.04.1999 16:00 368.912 Vbar332.dll 25.04.1999 16:00 252.176 Msrd2x35.dll 25.04.1999 16:00 287.504 Msxbse35.dll 14 Datei(en) 4.064.528 Bytes 2 Verzeichnis(se), 51.561.029.632 Bytes frei Logfile of HijackThis v1.99.1 Scan saved at 19:17:14, on 19.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Elantech\ktp3.exe C:\Programme\CyberLink\PowerCinema\PCMService.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\D-Tools\daemon.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe C:\DOKUME~1\M_STEN~1\LOKALE~1\Temp\Adobelm_Cleanup.0001 C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe C:\Dokumente und Einstellungen\M_Stenzel\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.targa.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.targa.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [KTPWare] C:\Programme\Elantech\ktp3.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 -lock O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll O14 - IERESET.INF: START_PAGE_URL=http://www.targa.de O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111292356781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131628082296 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Martin_Stenzel O17 - HKLM\Software\..\Telephony: DomainName = Martin_Stenzel O17 - HKLM\System\CCS\Services\Tcpip\..\{199C1F89-C535-47FD-9F7E-55107C6F28F6}: NameServer = 192.168.135.1,194.25.2.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{BEF6B079-45F8-45AA-9760-3FE53B02AE47}: NameServer = 217.237.149.225 194.25.2.129 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Martin_Stenzel O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = internet.t-d1.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = internet.t-d1.de O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: CompiCleanNT5 Server (CCNTSVR) - Unknown owner - C:\Programme\CompiCleanNT5\CCNTSVR.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
|
|
|
|
|
|
19.11.2005, 19:22
Ehrenmitglied
Beiträge: 29434 |
#10
loesche mit der Killbox:
C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\Ormdspif.dll C:\WINDOWS\system32\wRssl.dll C:\WINDOWS\system32\widap32.dll neustarten VX2Finder XP/2000 http://www.downloads.subratam.org/VX2Finder.exe Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. spysweeper trial http://virus-protect.org/spysweeper.html wenn das fertig ist: scanne mit Kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.11.2005, 22:11
Member
Themenstarter Beiträge: 13 |
#11
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT Saturday, November 19, 2005 22:11:13 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 19/11/2005 Kaspersky Anti-Virus database records: 150910 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 88581 Number of viruses found: 13 Number of infected objects: 29 Number of suspicious objects: 0 Duration of the scan process: 6692 sec Infected Object Name - Virus Name C:\!KillBox\paytime.exe Infected: Trojan.Win32.StartPage.afs C:\Dokumente und Einstellungen\M_Stenzel\Anwendungsdaten\AboutFindIso\10490.del Infected: Trojan-Downloader.Win32.Swizzor.co C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\041E094A.exe Infected: Trojan-Downloader.Win32.Swizzor.du C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3F053BBA.exe Infected: Trojan-Downloader.Win32.IstBar.jm C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\60D13438.exe Infected: Trojan-Downloader.Win32.Swizzor.co C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\60D45E34.exe Infected: Trojan-Downloader.Win32.Swizzor.cb C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\619C0DDB.exe Infected: Trojan-Downloader.Win32.Swizzor.co C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\794A6D53.exe Infected: Trojan-Downloader.Win32.Adload.a C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\794D1750.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\794D1750.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\79546B48.dll Infected: Trojan-Downloader.Win32.IstBar.ms C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\7AB5556B.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\37CC100F.exe Infected: Trojan-Downloader.Win32.Adload.j C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\476D418B.exe Infected: Trojan-Downloader.Win32.Swizzor.co C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\47706B87.exe Infected: Trojan-Downloader.Win32.VB.ri C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\47731583.exe Infected: Trojan-Downloader.Win32.VB.ri C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\477D1379.exe Infected: Trojan-Downloader.Win32.Swizzor.cb C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E3536EB.exe Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E3536EB.txt Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E3960E8.exe Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E3960E8.txt Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E3C0AE4.exe Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E3C0AE4.txt Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E3F34E1.exe Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E3F34E1.txt Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E425EDD.exe Infected: Trojan-Downloader.Win32.Agent.yu C:\Programme\Norton SystemWorks\Norton AntiVirus\Quarantine\4E425EDD.txt Infected: Trojan-Downloader.Win32.Agent.yu C:\WINDOWS\Downloaded Program Files\drsmartload185a.exe Infected: Trojan-Downloader.Win32.Adload.j C:\WINDOWS\secure32.html Infected: not-virus:Hoax.Win32.Renos.y Scan process completed. |
|
|
|
|
|
|
19.11.2005, 22:50
Ehrenmitglied
Beiträge: 29434 |
#12
loeschen:
C:\!KillBox\paytime.exe C:\Dokumente und Einstellungen\M_Stenzel\Anwendungsdaten\AboutFindIso\10490.del C:\WINDOWS\Downloaded Program Files\drsmartload185a.exe C:\WINDOWS\secure32.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.11.2005, 22:58
Member
Themenstarter Beiträge: 13 |
#13
C:\WINDOWS\Downloaded Program Files\drsmartload185a.exe --> diese Datei wurde nicht gefunden
C:\Dokumente und Einstellungen\M_Stenzel\Anwendungsdaten\AboutFindIso\10490.del --> kann nicht gelöscht werden ... |
|
|
|
|
|
|
19.11.2005, 23:03
Ehrenmitglied
Beiträge: 29434 |
#14
dann boote in den abgesicherten modus und erledige es dort
C:\Dokumente und Einstellungen\M_Stenzel\Anwendungsdaten\AboutFindIso danach: Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: Zitat dir %Windir%\tasks /a h > files.txt- Speichern als: findjobs.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate findjobs.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich -- poste den Text __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.11.2005, 23:21
Member
Themenstarter Beiträge: 13 |
#15
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54F4-BD9B Verzeichnis von C:\WINDOWS\tasks 19.11.2005 22:42 <DIR> . 19.11.2005 22:42 <DIR> .. 18.11.2005 19:11 404 1-Klick-Wartung.job 19.11.2005 23:00 278 AA6775AA91ACF516.job 19.11.2005 23:00 278 ABDAB29991F92321.job 04.08.2004 13:00 65 desktop.ini 19.11.2005 23:18 6 SA.DAT 5 Datei(en) 1.031 Bytes Verzeichnis von C:\Dokumente und Einstellungen\M_Stenzel\Desktop |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
habe mir scheinbar irgendeinen sch*** eingefangen. Habe eine Datei entpackt, Norton gibt alarm, aber konnte scheinbar nix mehr machen.
Es hat sich in der Taskleitse ein (bzw. 3) roter runder Kreis mit weißen kreuz hinzugefügt.
Habe schon alles gängige probiert, bekomme den mist aber nicht mehr los ...
Konnte auch schon was mit ad-aware entfernen, aber nicht alles
Logfile of HijackThis v1.99.1
Scan saved at 10:39:38, on 19.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Elantech\ktp3.exe
C:\Programme\CyberLink\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\tool2.exe
C:\windows\adtech2005.exe
C:\WINDOWS\system32\nfomon\nfomon.exe
C:\WINDOWS\system32\vidmon\vidmon.exe
C:\winstall.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\tool2.exe
C:\PROGRA~1\GEMEIN~1\kqum\kqumm.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\DOKUME~1\M_STEN~1\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\Dokumente und Einstellungen\M_Stenzel\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [KTPWare] C:\Programme\Elantech\ktp3.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [ecsiin] c:\ecsiin.stub.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [kqum] C:\PROGRA~1\GEMEIN~1\kqum\kqumm.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.targa.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111292356781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131628082296
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Martin_Stenzel
O17 - HKLM\Software\..\Telephony: DomainName = Martin_Stenzel
O17 - HKLM\System\CCS\Services\Tcpip\..\{199C1F89-C535-47FD-9F7E-55107C6F28F6}: NameServer = 192.168.135.1,194.25.2.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEF6B079-45F8-45AA-9760-3FE53B02AE47}: NameServer = 217.237.149.225 194.25.2.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Martin_Stenzel
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = internet.t-d1.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = internet.t-d1.de
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: CompiCleanNT5 Server (CCNTSVR) - Unknown owner - C:\Programme\CompiCleanNT5\CCNTSVR.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TV9TdGVuemVs\command.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Jetzt habe ich auch noch einen ständigen popup --> conversion (irgendwasI
Auch zeigt mein iexplorer ständig einen bluescreen
Kann denn keiner helfen ??
Ad-Aware SE Build 1.06r1
Logfile Created on:Samstag, 19. November 2005 11:34:38
Using definitions file:SE1R75 15.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CmdServices(TAC index:4):29 total references
CoolWebSearch(TAC index:10):9 total references
MRU List(TAC index:0):7 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
19.11.2005 11:34:38 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\M_Stenzel\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2018426614-1317822565-1648381789-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2018426614-1317822565-1648381789-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2018426614-1317822565-1648381789-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1728
ThreadCreationTime : 19.11.2005 09:29:40
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1912
ThreadCreationTime : 19.11.2005 09:29:46
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1956
ThreadCreationTime : 19.11.2005 09:29:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1968
ThreadCreationTime : 19.11.2005 09:29:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 300
ThreadCreationTime : 19.11.2005 09:29:50
BasePriority : Normal
FileVersion : 6.14.10.4111
ProductVersion : 6.14.10.4111.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 320
ThreadCreationTime : 19.11.2005 09:29:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 416
ThreadCreationTime : 19.11.2005 09:29:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [ccproxy.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 980
ThreadCreationTime : 19.11.2005 09:29:54
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe
#:9 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 19.11.2005 09:29:54
BasePriority : Normal
FileVersion : 6.14.10.4111
ProductVersion : 6.14.10.4111.02
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
"C:\WINDOWS\system32\Ati2evxx.exe"Process terminated successfully
#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1160
ThreadCreationTime : 19.11.2005 09:29:54
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
#:11 [ccsetmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1200
ThreadCreationTime : 19.11.2005 09:29:55
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [issvc.exe]
FilePath : C:\Programme\Norton Internet Security\
ProcessID : 1356
ThreadCreationTime : 19.11.2005 09:29:56
BasePriority : Normal
FileVersion : 8.0.5.14
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : ISSVC.exe
#:13 [sndsrvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1392
ThreadCreationTime : 19.11.2005 09:29:56
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:14 [spbbcsvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\
ProcessID : 1412
ThreadCreationTime : 19.11.2005 09:29:56
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:15 [ccevtmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1436
ThreadCreationTime : 19.11.2005 09:29:57
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1788
ThreadCreationTime : 19.11.2005 09:29:59
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:17 [btntservice.exe]
FilePath : C:\Programme\IVT Corporation\BlueSoleil\
ProcessID : 580
ThreadCreationTime : 19.11.2005 09:30:05
BasePriority : High
#:18 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 19.11.2005 09:30:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
#:19 [clcapsvc.exe]
FilePath : C:\Programme\CyberLink\PowerCinema\Kernel\TV\
ProcessID : 640
ThreadCreationTime : 19.11.2005 09:30:06
BasePriority : Normal
FileVersion : 4.00.1606
ProductVersion : 4.00.1606
ProductName : CLCapSvc Module
FileDescription : CLCapSvc Module
InternalName : CLCapSvc
LegalCopyright : Copyright 2004
OriginalFilename : CLCapSvc.EXE
#:20 [clmlserver.exe]
FilePath : C:\Programme\CyberLink\Shared Files\CLML_NTService\
ProcessID : 676
ThreadCreationTime : 19.11.2005 09:30:06
BasePriority : Normal
FileVersion : 1, 1, 0, 1516
ProductVersion : 1, 1, 0, 1516
ProductName : Cyberlink Media Library Server
CompanyName : Cyberlink
FileDescription : NT CLMLServer
InternalName : NT CLMLServer
LegalCopyright : Copyright c 2004
OriginalFilename : CLMLServer.exe
#:21 [clmlservice.exe]
FilePath : C:\Programme\CyberLink\Shared Files\CLML_NTService\
ProcessID : 692
ThreadCreationTime : 19.11.2005 09:30:06
BasePriority : Normal
FileVersion : 1, 1, 0, 1516
ProductVersion : 1, 1, 0, 1516
ProductName : Cyberlink MediaLibrary NT Service
CompanyName : Cyberlink
FileDescription : Cyberlink MediaLibrary NT Service
InternalName : CLMLService
LegalCopyright : Copyright c 2004
OriginalFilename : CLMLService.exe
#:22 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\
ProcessID : 708
ThreadCreationTime : 19.11.2005 09:30:06
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:23 [navapsvc.exe]
FilePath : C:\Programme\Norton SystemWorks\Norton AntiVirus\
ProcessID : 888
ThreadCreationTime : 19.11.2005 09:30:07
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:24 [npfmntor.exe]
FilePath : C:\Programme\Norton SystemWorks\Norton AntiVirus\IWP\
ProcessID : 192
ThreadCreationTime : 19.11.2005 09:30:10
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE
#:25 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 336
ThreadCreationTime : 19.11.2005 09:30:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:26 [symlcsvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\
ProcessID : 488
ThreadCreationTime : 19.11.2005 09:30:10
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe
#:27 [clsched.exe]
FilePath : C:\Programme\CyberLink\PowerCinema\Kernel\TV\
ProcessID : 796
ThreadCreationTime : 19.11.2005 09:30:11
BasePriority : Normal
FileVersion : 4.00.1606
ProductVersion : 4.00.1606
ProductName : CLSched Module
FileDescription : CLSched Module
InternalName : CLSched
LegalCopyright : Copyright 2004
OriginalFilename : CLSched.EXE
#:28 [ktp3.exe]
FilePath : C:\Programme\Elantech\
ProcessID : 1072
ThreadCreationTime : 19.11.2005 09:30:29
BasePriority : Normal
FileVersion : 3, 0, 2, 1
ProductVersion : 3, 0, 2, 1
ProductName : Elantech TouchPad
CompanyName : ELANTECH Devices Corp.
FileDescription : KTP Ware TSR Enhancements
InternalName : ktp
LegalCopyright : Elantech Device Corp. Copyright(C) 2003-2004
OriginalFilename : ktp3.exe
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
"C:\Programme\Elantech\ktp3.exe"Process terminated successfully
#:29 [ccapp.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 2052
ThreadCreationTime : 19.11.2005 09:30:29
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:30 [daemon.exe]
FilePath : C:\Programme\D-Tools\
ProcessID : 2068
ThreadCreationTime : 19.11.2005 09:30:29
BasePriority : Normal
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
"C:\Programme\D-Tools\daemon.exe"Process terminated successfully
#:31 [acrotray.exe]
FilePath : C:\Programme\Adobe\Acrobat 7.0\Distillr\
ProcessID : 2096
ThreadCreationTime : 19.11.2005 09:30:30
BasePriority : Normal
FileVersion : 6.0.1.2004121400
ProductVersion : 6.0.1.2004121400
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
"C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"Process terminated successfully
#:32 [atiptaxx.exe]
FilePath : C:\Programme\ATI Technologies\ATI Control Panel\
ProcessID : 2116
ThreadCreationTime : 19.11.2005 09:30:30
BasePriority : Normal
FileVersion : 6.14.10.5137
ProductVersion : 6.14.10.5137
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
"C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"Process terminated successfully
#:33 [acrodist.exe]
FilePath : C:\Programme\Adobe\Acrobat 7.0\Distillr\
ProcessID : 2444
ThreadCreationTime : 19.11.2005 09:30:35
BasePriority : Normal
FileVersion : 7.0.0.2004121400
ProductVersion : 7.0.0.2004121400
ProductName : Acrobat Distiller for Windows
CompanyName : Adobe Systems Incorporated.
FileDescription : Acrobat Distiller
InternalName : Acrobat Distiller
LegalCopyright : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : acrodist.exe
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
"C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe"Process terminated successfully
#:34 [adobelmsvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\
ProcessID : 3136
ThreadCreationTime : 19.11.2005 09:30:49
BasePriority : Normal
FileVersion : 2.65.010
ProductName : Adobe LM Service
CompanyName : Adobe Systems
FileDescription : System Level Service Utility
#:35 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2172
ThreadCreationTime : 19.11.2005 09:37:21
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:36 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3488
ThreadCreationTime : 19.11.2005 10:17:26
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
CoolWebSearch Object Recognized!
Type : Process
Data : guard.tmp
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
"C:\WINDOWS\system32\rundll32.exe"Process terminated successfully
#:37 [msiexec.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3948
ThreadCreationTime : 19.11.2005 10:25:43
BasePriority : Normal
#:38 [ad-watch.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Professional\
ProcessID : 180
ThreadCreationTime : 19.11.2005 10:32:08
BasePriority : High
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
#:39 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3072
ThreadCreationTime : 19.11.2005 10:33:13
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-2018426614-1317822565-1648381789-1006\Software\Microsoft\Internet Explorer\MainSearch Bar.findthewebsiteyouneed.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchbar.findthewebsiteyouneed.com"
TAC Rating : 4
Category : Adware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-2018426614-1317822565-1648381789-1006\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchbar.findthewebsiteyouneed.com"
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 19
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CmdServices Object Recognized!
Type : File
Data : A0095707.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{453FD51D-6F72-4C77-8F0C-22EA313AC103}\RP189\
CmdServices Object Recognized!
Type : File
Data : A0095708.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{453FD51D-6F72-4C77-8F0C-22EA313AC103}\RP189\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
CmdServices Object Recognized!
Type : File
Data : A0095709.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{453FD51D-6F72-4C77-8F0C-22EA313AC103}\RP189\
CoolWebSearch Object Recognized!
Type : File
Data : A0096739.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{453FD51D-6F72-4C77-8F0C-22EA313AC103}\RP190\
CmdServices Object Recognized!
Type : File
Data : atmtd.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\system32\
CmdServices Object Recognized!
Type : File
Data : atmtd.dll._
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : guard.tmp
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : lvrhelp.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : pplmon.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CmdServices Object Recognized!
Type : File
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0
CmdServices Object Recognized!
Type : File
Data : command.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\TV9TdGVuemVs\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
43 entries scanned.
New critical objects:0
Objects found so far: 30
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : Start
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ErrorControl
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ImagePath
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : DisplayName
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ObjectName
CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : Start
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : ErrorControl
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : ImagePath
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : DisplayName
CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : ObjectName
CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant
CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\wbem\logs\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 46
11:53:29 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:51.141
Objects scanned:186452
Objects identified:28
Objects ignored:0
New critical objects:28