W32/Rbot-PJ / Spyware-Wurm?? |
||
|---|---|---|
| #0
| ||
|
01.01.2007, 16:43
Moderator
Beiträge: 5694 |
||
 
|
|
|
|
01.01.2007, 22:16
Ehrenmitglied
 Beiträge: 29434 |
#2
Tonstudio
ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.01.2007, 22:41
Moderator
Themenstarter Beiträge: 5694 |
#3
Danke Dir..
Ich komme bis zur Bestätigung der Version, danach kommt folgende Meldung: Cannot run from ZIP You need to extract de skript from the ZIP File before running it. Aber ich habe diese doch bereits entpackt?!? Zuvor hab ich noch die Skriptblockierung aufgehoben, war das der richtige Weg? |
|
|
|
|
|
|
01.01.2007, 22:47
Moderator
Themenstarter Beiträge: 5694 |
#4
Ist doch noch gegangen. Hier mein Resultat:
The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Professional Version: 5.1.2600 Service Pack 2 Jan 1, 2007 22:47:21 ===> Begin Service Listing <=== Unknown Service #1 Service Name: aspnet_state Display Name: ASP.NET-Zustandsdienst Start Mode: Manual Start Name: NT AUTHORITY\NetworkService Description: Stellt die Unterstützung für nicht aktive Sitzungszustände von ASP.NET bereit. Wenn der Dienst ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 2 Service Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Start Mode: Manual Start Name: LocalSystem Description: Microsoft .NET Framework ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 3 Service Name: FirebirdServerMAGIXInstance Display Name: Firebird Server - MAGIX Instance Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\magix\common\database\bin\fbserver.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 4 Service Name: PAVFNSVR Display Name: Panda Function Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\panda software\panda internet security 2007\pavfnsvr.exe" State: Running Process ID: 1880 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 5 Service Name: PavPrSrv Display Name: Panda Process Protection Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\panda software\pavshld\pavprsrv.exe" State: Running Process ID: 1900 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 6 Service Name: PAVSRV Display Name: Panda anti-virus service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\panda software\panda internet security 2007\pavsrv51.exe" State: Running Process ID: 1072 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 7 Service Name: pmshellsrv Display Name: Panda Antispam Engine Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\panda software\panda internet security 2007\antispam\pskmssvc.exe State: Running Process ID: 1924 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 8 Service Name: PNMSRV Display Name: Panda Network Manager Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\panda software\panda internet security 2007\firewall\pnmsrv.exe" State: Running Process ID: 1592 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 9 Service Name: PSIMSVC Display Name: Panda IManager Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\panda software\panda internet security 2007\psimsvc.exe" State: Running Process ID: 2012 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #10 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{65ac2283-abcd-4d9b-ad0b-f5d5483ad67f} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 11 Service Name: TPSrv Display Name: Panda TPSrv Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\panda software\panda internet security 2007\tpsrv.exe" State: Running Process ID: 1296 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 12 Service Name: usnsvc Display Name: Messenger Sharing USN Journal Reader-Service Start Mode: Manual Start Name: LocalSystem Description: Ein von Messenger installierter Service, der Freigabeszenarien ... Service Type: Own Process Path: "c:\programme\msn messenger\usnsvc.dll" State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 13 Service Name: WinDefend Display Name: Windows Defender Start Mode: Auto Start Name: LocalSystem Description: Helps protect users from malicious software, spyware, and other potentially unwanted ... Service Type: Own Process Path: "c:\programme\windows defender\msmpeng.exe" State: Running Process ID: 2320 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 14 Service Name: WMPNetworkSvc Display Name: Windows Media Player-Netzwerkfreigabedienst Start Mode: Manual Start Name: NT AUTHORITY\NetworkService Description: Gibt Windows Media Player-Bibliotheken mithilfe des universellen Plug & Play für andere Players ... Service Type: Own Process Path: "c:\programme\windows media player\wmpnetwk.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 15 Service Name: WudfSvc Display Name: Windows Driver Foundation - User-mode Driver Framework Start Mode: Manual Start Name: LocalSystem Description: Manages user-mode driver host ... Service Type: Share Process Path: c:\windows\system32\svchost.exe -k wudfservicegroup State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch ---> End Service Listing <--- There are 95 Win32 services on this machine. 15 were unrecognized. Script Execution Time: 1.265625 seconds. |
|
|
|
|
|
|
01.01.2007, 23:01
Moderator
Themenstarter Beiträge: 5694 |
#5
Zudem fand ich in der Eregnissanzeige folgenden Fehler welcher sich wiederholt seit einiger Zeit:
Der Dienst "Messenger Sharing USN Journal Reader-Service" wurde aufgrund folgenden Fehlers nicht gestartet: Messenger Sharing USN Journal Reader-Service ist keine zulässige Win32-Anwendung. Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp. |
|
|
|
|
|
|
02.01.2007, 01:58
Ehrenmitglied
Beiträge: 29434 |
#6
Zitat Unknown Service # 12Description of usnsvc.dll This is a component of Microsoft Windows Live Messenger. Windows Live Messenger Beta, from Microsoft, is an Instant Messenger that allows users to chat with and send files to other users. hast du den Microsoft Windows Live Messenger installiert ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.01.2007, 02:20
Moderator
Themenstarter Beiträge: 5694 |
#7
Ja den hab ich installiert?! Ist das also nichts schädliches??
|
|
|
|
|
|
|
02.01.2007, 11:47
Ehrenmitglied
Beiträge: 29434 |
#8
eigenartig ist, dass der pfad oben im hijackthis, nicht mit dem anderen uebereinstimmt
 «« Registry Search Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Messenger Sharing USN Journal Reader-Service in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) MSN.exe in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) usnsvc in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. ________________________________________________________ «« Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.01.2007, 13:46
Moderator
Themenstarter Beiträge: 5694 |
#9
Hi, danke für die Antwort, hier die Logs:
Messenger Sharing USN Journal Reader-Service: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 02.01.2007 13:44:15 for strings: ; 'messenger sharing usn journal reader-service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USNSVC\0000] "DeviceDesc"="Messenger Sharing USN Journal Reader-Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc] "DisplayName"="Messenger Sharing USN Journal Reader-Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USNSVC\0000] "DeviceDesc"="Messenger Sharing USN Journal Reader-Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usnsvc] "DisplayName"="Messenger Sharing USN Journal Reader-Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USNSVC\0000] "DeviceDesc"="Messenger Sharing USN Journal Reader-Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc] "DisplayName"="Messenger Sharing USN Journal Reader-Service" ; End Of The Log... MSN.exe: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 02.01.2007 13:53:51 for strings: ; 'msn.exe' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"=dword:00000001 ; End Of The Log... 'usnsvc': Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 02.01.2007 13:58:56 for strings: ; 'usnsvc' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\usnsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F07EFF1B-88F7-4076-ADAC-185F393785E9}] "LocalService"="usnsvc" @="usnsvc" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{736F8997-C651-4C45-BC43-8AF8369890F1}] @="MSN USNSVC" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{736F8997-C651-4C45-BC43-8AF8369890F1}\LocalServer32] @="C:\\PROGRA~1\\MSNMES~1\\usnsvc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{736F8997-C651-4C45-BC43-8AF8369890F1}\ProgID] @="Microsoft.MSN.MCC.USNSVC.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A48025A-1E84-4132-B068-D222912F5094}\InProcServer32] @="C:\\Programme\\MSN Messenger\\usnsvcps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.MSN.MCC.USNSVC.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.MSN.MCC.USNSVC.1] @="MSN USNSVC" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.MSN.MCC.USNSVC.1\CLSID] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1175CA230BCB5154CAEA6695BEDA5F4F] "1B4DBCD803DDA9A4DA7FAF13265B694C"="C:\\Programme\\MSN Messenger\\usnsvcps.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BF9BC30C149E56469F230993E70E174] "1B4DBCD803DDA9A4DA7FAF13265B694C"="C:\\Programme\\MSN Messenger\\usnsvc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] ; Contents of value: ; usnsvc ; "Usnsvc"=hex(7):75,00,73,00,6e,00,73,00,76,00,63,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSN\USNSVC] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSN\USNSVC\UsnSvcTraceProvider] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USNSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USNSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USNSVC\0000] "Service"="usnsvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application] ; Contents of value: ; WSH ; WMIAdapter ; WmdmPmSN ; WinMgmt ; Winlogon ; Windows Product Activation ; Windows 3.1 Migration ; WinDefendRtp ; WebClient ; VSS ; VBRuntime ; usnsvc ; Userinit ; Userenv ; UploadM ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Restriction Policies ; Software Installation ; Sentinel ; SecurityCenter ; SclgNtfy ; SceSrv ; SceCli ; safrslv ; SAFrdms ; Remote Assistance ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; ntbackup ; NeroCheck ; MSSQLSERVER/MSDE ; MsiInstaller ; MSDTC Client ; MSDTC ; MSDMine ; MPSampleSubmission ; mnmsrvc ; Microsoft Office 10 ; Microsoft H.323 Telephony Service Provider ; Microsoft (R) Visual C# 2005 Compiler ; LoadPerf ; Java VM ; HelpSvc ; fsbwsys ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; EAPOL ; DrWatson ; DiskQuota ; crypt32 ; COM+ ; COM ; Ci ; Chkdsk ; BackWeb Plug-in - 9038346 ; AutoEnrollment ; Autochk ; ATI Smart ; ASP.NET 2.0.50727.0 ; ASP.NET 1.1.4322.0 ; Application Management ; Application Hang ; Application Error ; apphelp ; .NET Runtime Optimization Service ; .NET Runtime 2.0 Error Reporting ; .NET Runtime ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\ 70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\ 00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\ 6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\ 00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\ 69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\ 00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\ 74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,\ 00,64,00,52,00,74,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,\ 6e,00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,\ 00,69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,73,00,76,00,63,00,00,00,55,00,\ 73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,65,\ 00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,00,4d,00,00,00,54,00,\ 6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,\ 00,4c,00,6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,\ 74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,\ 00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,\ 50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,\ 00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\ 61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,65,00,6e,00,74,00,69,00,6e,00,65,\ 00,6c,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\ 6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\ 00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\ 6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,\ 00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,\ 20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,\ 00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,\ 4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,\ 00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,\ 62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,\ 00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,\ 6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,\ 00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,\ 4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,\ 00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,\ 45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,\ 00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,\ 6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,44,00,4d,\ 00,69,00,6e,00,65,00,00,00,4d,00,50,00,53,00,61,00,6d,00,70,00,6c,00,65,00,\ 53,00,75,00,62,00,6d,00,69,00,73,00,73,00,69,00,6f,00,6e,00,00,00,6d,00,6e,\ 00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\ 6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,30,\ 00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\ 2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\ 00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\ 6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\ 00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\ 61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\ 00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\ 65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,20,00,56,00,4d,00,00,00,48,\ 00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,66,00,73,00,62,00,77,00,73,00,\ 79,00,73,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,\ 00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,\ 65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,\ 45,00,53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,\ 00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,\ 51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,\ 00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,\ 00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,42,00,61,00,63,00,6b,00,57,\ 00,65,00,62,00,20,00,50,00,6c,00,75,00,67,00,2d,00,69,00,6e,00,20,00,2d,00,\ 20,00,39,00,30,00,33,00,38,00,33,00,34,00,36,00,00,00,41,00,75,00,74,00,6f,\ 00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,\ 75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,54,00,49,00,20,00,53,00,6d,\ 00,61,00,72,00,74,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,\ 32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,00,30,00,00,00,41,\ 00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\ 33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\ 00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\ 65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\ 69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\ 00,00,00,61,00,70,00,70,00,68,00,65,00,6c,00,70,00,00,00,2e,00,4e,00,45,00,\ 54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,\ 00,69,00,6d,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,\ 72,00,76,00,69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,\ 00,6e,00,74,00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,\ 72,00,6f,00,72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,\ 00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,\ 65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\ 00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\usnsvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc\Enum] "0"="Root\\LEGACY_USNSVC\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USNSVC] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USNSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USNSVC\0000] "Service"="usnsvc" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application] ; Contents of value: ; WSH ; WMIAdapter ; WmdmPmSN ; WinMgmt ; Winlogon ; Windows Product Activation ; Windows 3.1 Migration ; WinDefendRtp ; WebClient ; VSS ; VBRuntime ; usnsvc ; Userinit ; Userenv ; UploadM ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Restriction Policies ; Software Installation ; Sentinel ; SecurityCenter ; SclgNtfy ; SceSrv ; SceCli ; safrslv ; SAFrdms ; Remote Assistance ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; ntbackup ; NeroCheck ; MSSQLSERVER/MSDE ; MsiInstaller ; MSDTC Client ; MSDTC ; MSDMine ; MPSampleSubmission ; mnmsrvc ; Microsoft Office 10 ; Microsoft H.323 Telephony Service Provider ; Microsoft (R) Visual C# 2005 Compiler ; LoadPerf ; Java VM ; HelpSvc ; fsbwsys ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; EAPOL ; DrWatson ; DiskQuota ; crypt32 ; COM+ ; COM ; Ci ; Chkdsk ; BackWeb Plug-in - 9038346 ; AutoEnrollment ; Autochk ; ATI Smart ; ASP.NET 2.0.50727.0 ; ASP.NET 1.1.4322.0 ; Application Management ; Application Hang ; Application Error ; apphelp ; .NET Runtime Optimization Service ; .NET Runtime 2.0 Error Reporting ; .NET Runtime ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\ 70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\ 00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\ 6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\ 00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\ 69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\ 00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\ 74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,\ 00,64,00,52,00,74,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,\ 6e,00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,\ 00,69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,73,00,76,00,63,00,00,00,55,00,\ 73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,65,\ 00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,00,4d,00,00,00,54,00,\ 6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,\ 00,4c,00,6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,\ 74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,\ 00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,\ 50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,\ 00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\ 61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,65,00,6e,00,74,00,69,00,6e,00,65,\ 00,6c,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\ 6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\ 00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\ 6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,\ 00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,\ 20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,\ 00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,\ 4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,\ 00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,\ 62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,\ 00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,\ 6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,\ 00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,\ 4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,\ 00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,\ 45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,\ 00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,\ 6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,44,00,4d,\ 00,69,00,6e,00,65,00,00,00,4d,00,50,00,53,00,61,00,6d,00,70,00,6c,00,65,00,\ 53,00,75,00,62,00,6d,00,69,00,73,00,73,00,69,00,6f,00,6e,00,00,00,6d,00,6e,\ 00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\ 6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,30,\ 00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\ 2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\ 00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\ 6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\ 00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\ 61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\ 00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\ 65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,20,00,56,00,4d,00,00,00,48,\ 00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,66,00,73,00,62,00,77,00,73,00,\ 79,00,73,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,\ 00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,\ 65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,\ 45,00,53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,\ 00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,\ 51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,\ 00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,\ 00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,42,00,61,00,63,00,6b,00,57,\ 00,65,00,62,00,20,00,50,00,6c,00,75,00,67,00,2d,00,69,00,6e,00,20,00,2d,00,\ 20,00,39,00,30,00,33,00,38,00,33,00,34,00,36,00,00,00,41,00,75,00,74,00,6f,\ 00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,\ 75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,54,00,49,00,20,00,53,00,6d,\ 00,61,00,72,00,74,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,\ 32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,00,30,00,00,00,41,\ 00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\ 33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\ 00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\ 65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\ 69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\ 00,00,00,61,00,70,00,70,00,68,00,65,00,6c,00,70,00,00,00,2e,00,4e,00,45,00,\ 54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,\ 00,69,00,6d,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,\ 72,00,76,00,69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,\ 00,6e,00,74,00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,\ 72,00,6f,00,72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,\ 00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,\ 65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\ 00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\usnsvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usnsvc] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usnsvc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USNSVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USNSVC\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USNSVC\0000] "Service"="usnsvc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] ; Contents of value: ; WSH ; WMIAdapter ; WmdmPmSN ; WinMgmt ; Winlogon ; Windows Product Activation ; Windows 3.1 Migration ; WinDefendRtp ; WebClient ; VSS ; VBRuntime ; usnsvc ; Userinit ; Userenv ; UploadM ; Tlntsvr ; SysmonLog ; SpoolerCtrs ; Software Restriction Policies ; Software Installation ; Sentinel ; SecurityCenter ; SclgNtfy ; SceSrv ; SceCli ; safrslv ; SAFrdms ; Remote Assistance ; PerfProc ; PerfOS ; PerfNet ; Perfmon ; Perflib ; PerfDisk ; Perfctrs ; Offline Files ; Oakley ; ntbackup ; NeroCheck ; MSSQLSERVER/MSDE ; MsiInstaller ; MSDTC Client ; MSDTC ; MSDMine ; MPSampleSubmission ; mnmsrvc ; Microsoft Office 10 ; Microsoft H.323 Telephony Service Provider ; Microsoft (R) Visual C# 2005 Compiler ; LoadPerf ; Java VM ; HelpSvc ; fsbwsys ; Folder Redirection ; File Deployment ; EventSystem ; ESENT ; EAPOL ; DrWatson ; DiskQuota ; crypt32 ; COM+ ; COM ; Ci ; Chkdsk ; BackWeb Plug-in - 9038346 ; AutoEnrollment ; Autochk ; ATI Smart ; ASP.NET 2.0.50727.0 ; ASP.NET 1.1.4322.0 ; Application Management ; Application Hang ; Application Error ; apphelp ; .NET Runtime Optimization Service ; .NET Runtime 2.0 Error Reporting ; .NET Runtime ; Application ; "Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\ 70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\ 00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\ 6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\ 00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\ 69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\ 00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\ 74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,\ 00,64,00,52,00,74,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,\ 6e,00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,\ 00,69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,73,00,76,00,63,00,00,00,55,00,\ 73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,65,\ 00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,00,4d,00,00,00,54,00,\ 6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,\ 00,4c,00,6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,\ 74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,\ 00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,\ 50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,\ 00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\ 61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,65,00,6e,00,74,00,69,00,6e,00,65,\ 00,6c,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\ 6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\ 00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\ 6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,\ 00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,\ 20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,\ 00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,\ 4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,\ 00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,\ 62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,\ 00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,\ 6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,\ 00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,\ 4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,\ 00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,\ 45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,\ 00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,\ 6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,44,00,4d,\ 00,69,00,6e,00,65,00,00,00,4d,00,50,00,53,00,61,00,6d,00,70,00,6c,00,65,00,\ 53,00,75,00,62,00,6d,00,69,00,73,00,73,00,69,00,6f,00,6e,00,00,00,6d,00,6e,\ 00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\ 6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,30,\ 00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\ 2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\ 00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\ 6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\ 00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\ 61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\ 00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\ 65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,20,00,56,00,4d,00,00,00,48,\ 00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,66,00,73,00,62,00,77,00,73,00,\ 79,00,73,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,\ 00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,\ 65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,\ 00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,\ 45,00,53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,\ 00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,\ 51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,\ 00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,\ 00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,42,00,61,00,63,00,6b,00,57,\ 00,65,00,62,00,20,00,50,00,6c,00,75,00,67,00,2d,00,69,00,6e,00,20,00,2d,00,\ 20,00,39,00,30,00,33,00,38,00,33,00,34,00,36,00,00,00,41,00,75,00,74,00,6f,\ 00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,\ 75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,54,00,49,00,20,00,53,00,6d,\ 00,61,00,72,00,74,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,\ 32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,00,30,00,00,00,41,\ 00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\ 33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\ 00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\ 65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\ 00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\ 69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\ 00,00,00,61,00,70,00,70,00,68,00,65,00,6c,00,70,00,00,00,2e,00,4e,00,45,00,\ 54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,\ 00,69,00,6d,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,\ 72,00,76,00,69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,\ 00,6e,00,74,00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,\ 72,00,6f,00,72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,\ 00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,\ 65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\ 00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\usnsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc\Enum] "0"="Root\\LEGACY_USNSVC\\0000" ; End Of The Log... Listen.bat: Datentr„ger in Laufwerk C: ist SYSTEM_XP Volumeseriennummer: 4809-4B1D Verzeichnis von C:\Programme 30.12.2006 17:43 <DIR> . 30.12.2006 17:43 <DIR> .. 12.08.2006 15:51 <DIR> Acronis 12.08.2006 06:12 <DIR> Adobe 12.08.2006 14:36 <DIR> Ahead 12.08.2006 06:11 <DIR> ASUS 02.12.2006 19:01 <DIR> ATI Technologies 15.08.2006 19:45 <DIR> BroadJump 01.10.2006 23:35 <DIR> cablecom 01.10.2006 23:30 <DIR> Cablecom Assistant 18.08.2006 14:05 <DIR> Canon 10.12.2006 15:52 <DIR> CleanUp! 15.08.2006 19:56 <DIR> Common Files 12.08.2006 05:52 <DIR> ComPlus Applications 12.08.2006 09:37 <DIR> CyberLink 16.08.2006 18:56 <DIR> EA Games 13.12.2006 20:41 <DIR> FreePDF_XP 11.10.2006 13:44 <DIR> Gemeinsame Dateien 12.08.2006 10:08 <DIR> Google 12.08.2006 06:12 <DIR> gs 12.08.2006 16:49 <DIR> HP 01.01.2007 14:40 <DIR> Internet Explorer 21.10.2006 13:48 <DIR> IrfanView 03.12.2006 15:15 <DIR> Java 06.12.2006 02:56 <DIR> Lavalys 11.10.2006 14:01 <DIR> Macromedia 17.08.2006 22:33 <DIR> MAGIX 17.08.2006 22:29 <DIR> MAGIX Online Druck Service 04.11.2006 15:31 <DIR> Messenger 12.08.2006 05:56 <DIR> microsoft frontpage 12.08.2006 14:09 <DIR> Microsoft Office 01.10.2006 23:30 <DIR> Motive 12.08.2006 09:46 <DIR> Movie Maker 12.08.2006 05:52 <DIR> MSN 12.08.2006 05:52 <DIR> MSN Gaming Zone 29.12.2006 20:12 <DIR> MSN Messenger 14.10.2006 16:06 <DIR> MSXML 4.0 12.08.2006 09:45 <DIR> NetMeeting 12.08.2006 05:52 <DIR> Online Services 12.08.2006 05:55 <DIR> Online-Dienste 25.12.2006 14:56 <DIR> Outlook Express 02.11.2006 23:22 <DIR> Panda Software 01.01.2007 14:41 <DIR> QuickTime 06.12.2006 02:48 <DIR> RAM Defrag 21.08.2006 19:47 <DIR> Realtek 30.12.2006 17:33 <DIR> Spiele 10.12.2006 18:48 <DIR> Spybot - Search & Destroy 12.08.2006 10:08 <DIR> TV-Browser 02.01.2007 13:39 <DIR> Virenprogramme 01.01.2007 14:41 <DIR> Windows Defender 06.12.2006 03:11 <DIR> Windows Media Connect 2 06.12.2006 03:11 <DIR> Windows Media Player 12.08.2006 09:45 <DIR> Windows NT 31.12.2006 17:33 <DIR> WinZip 12.08.2006 05:56 <DIR> xerox 16.12.2006 16:45 <DIR> xp-AntiSpy 0 Datei(en) 0 Bytes 56 Verzeichnis(se), 5'589'499'904 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM_XP Volumeseriennummer: 4809-4B1D Verzeichnis von C:\Programme 30.12.2006 17:43 <DIR> . 30.12.2006 17:43 <DIR> .. 12.08.2006 15:51 <DIR> Acronis 12.08.2006 06:12 <DIR> Adobe 12.08.2006 14:36 <DIR> Ahead 12.08.2006 06:11 <DIR> ASUS 02.12.2006 19:01 <DIR> ATI Technologies 15.08.2006 19:45 <DIR> BroadJump 01.10.2006 23:35 <DIR> cablecom 01.10.2006 23:30 <DIR> Cablecom Assistant 18.08.2006 14:05 <DIR> Canon 10.12.2006 15:52 <DIR> CleanUp! 15.08.2006 19:56 <DIR> Common Files 12.08.2006 05:52 <DIR> ComPlus Applications 12.08.2006 09:37 <DIR> CyberLink 16.08.2006 18:56 <DIR> EA Games 13.12.2006 20:41 <DIR> FreePDF_XP 11.10.2006 13:44 <DIR> Gemeinsame Dateien 12.08.2006 10:08 <DIR> Google 12.08.2006 06:12 <DIR> gs 12.08.2006 16:49 <DIR> HP 01.01.2007 14:40 <DIR> Internet Explorer 21.10.2006 13:48 <DIR> IrfanView 03.12.2006 15:15 <DIR> Java 06.12.2006 02:56 <DIR> Lavalys 11.10.2006 14:01 <DIR> Macromedia 17.08.2006 22:33 <DIR> MAGIX 17.08.2006 22:29 <DIR> MAGIX Online Druck Service 04.11.2006 15:31 <DIR> Messenger 12.08.2006 05:56 <DIR> microsoft frontpage 12.08.2006 14:09 <DIR> Microsoft Office 01.10.2006 23:30 <DIR> Motive 12.08.2006 09:46 <DIR> Movie Maker 12.08.2006 05:52 <DIR> MSN 12.08.2006 05:52 <DIR> MSN Gaming Zone 29.12.2006 20:12 <DIR> MSN Messenger 14.10.2006 16:06 <DIR> MSXML 4.0 12.08.2006 09:45 <DIR> NetMeeting 12.08.2006 05:52 <DIR> Online Services 12.08.2006 05:55 <DIR> Online-Dienste 25.12.2006 14:56 <DIR> Outlook Express 02.11.2006 23:22 <DIR> Panda Software 01.01.2007 14:41 <DIR> QuickTime 06.12.2006 02:48 <DIR> RAM Defrag 21.08.2006 19:47 <DIR> Realtek 30.12.2006 17:33 <DIR> Spiele 10.12.2006 18:48 <DIR> Spybot - Search & Destroy 12.08.2006 10:08 <DIR> TV-Browser 02.01.2007 13:39 <DIR> Virenprogramme 01.01.2007 14:41 <DIR> Windows Defender 06.12.2006 03:11 <DIR> Windows Media Connect 2 06.12.2006 03:11 <DIR> Windows Media Player 12.08.2006 09:45 <DIR> Windows NT 31.12.2006 17:33 <DIR> WinZip 12.08.2006 05:56 <DIR> xerox 16.12.2006 16:45 <DIR> xp-AntiSpy 0 Datei(en) 0 Bytes 56 Verzeichnis(se), 5'589'483'520 Bytes frei Dieser Beitrag wurde am 02.01.2007 um 14:05 Uhr von Tonstudio editiert.
|
|
|
|
|
|
|
02.01.2007, 13:50
Ehrenmitglied
Beiträge: 29434 |
#10
in: "Enter search strings" (reinschreiben oder reinkopieren)
MSN.exe in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) usnsvc in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. -------------------------------------------- Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.01.2007, 14:15
Ehrenmitglied
Beiträge: 29434 |
#11
gib mal ein:
C:\Programme\MSN.exe und poste, was erscheint __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.01.2007, 14:20
Moderator
Themenstarter Beiträge: 5694 |
#12
Wo eingeben?? Eingabeaufforderung?
|
|
|
|
|
|
|
02.01.2007, 14:24
Ehrenmitglied
Beiträge: 29434 |
#13
in: "Enter search strings" (reinschreiben oder reinkopieren)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.01.2007, 14:32
Moderator
Themenstarter Beiträge: 5694 |
#14
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 02.01.2007 14:31:03 for strings: ; 'c:\programme\msn.exe' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... |
|
|
|
|
|
|
02.01.2007, 14:37
Ehrenmitglied
Beiträge: 29434 |
#15
c:\programme\msn.exe - war definitiv nicht koscher - ist allerdings geloescht.
was die Eintraege in der Registry betrifft, so gibt es da einige , die auch nicht koscher sind, allerdings mag ich nicht dran rumstellen - und im net findet man leider auch nichts weiter zum Thema. - wenn dann der Messi nicht mehr funktioniert, wird es dir nicht gefallen. - was denkst du ?? raus mit den Werten, die eventuell "boese" sein koennten ??? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Nun zu meinem Problem:
Kann mir jemand etwas über diesen Eintrag des Hijack-logfiles sagen?
O23 - Service: Messenger Sharing USN Journal Reader-Service (usnsvc) - Unknown owner - C:\Programme\MSN.exe (file missing)
Auf einem anderen Forum wurde mir gesagt dass es sich dabei um diesen Wurm handelt:
http://www.sophos.de/security/analyses/w32rbotpj.html
Da wurde mir eine Neuinstallation geraten. --> http://www.trojaner-board.de/34849-langsamer-pc-wurm.html#post246299
Kann man diesen Eintrag nicht einfach fixen?
Hier noch das ganze LOGFILE:
Logfile of HijackThis v1.99.1
Scan saved at 16:38:53, on 01.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Cablecom Assistant\bin\cablecom_assistant.exe
C:\Programme\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programme\panda software\panda internet security 2007\WebProxy.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azonline.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Workflow] F:\Installs\Workflow.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155363507890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155731611468
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} (PhotocolorUploader Control) - http://web1.photocolor.net/webupload/ActiveX/PhotocolorUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Messenger Sharing USN Journal Reader-Service (usnsvc) - Unknown owner - C:\Programme\MSN.exe (file missing)
Und das Adaware-Logfile
Ad-Aware SE Build 1.06r1
Logfile Created on:Montag, 1. Januar 2007 17:14:45
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R141 27.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
01.01.2007 17:14:45 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 560
ThreadCreationTime : 01.01.2007 14:03:40
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 01.01.2007 14:03:44
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 640
ThreadCreationTime : 01.01.2007 14:03:47
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 01.01.2007 14:03:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 01.01.2007 14:03:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 01.01.2007 14:03:52
BasePriority : Normal
FileVersion : 6.14.10.4149
ProductVersion : 6.14.10.4149
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 01.01.2007 14:03:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 01.01.2007 14:03:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [pavsrv51.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1072
ThreadCreationTime : 01.01.2007 14:03:54
BasePriority : High
FileVersion : 2, 0, 1840, 32
ProductVersion : 2, 0, 1840, 32
ProductName : Panda residents
CompanyName : Panda Software International
FileDescription : On-Access Antivirus Scanner Service.
LegalCopyright : © Panda Software 2006
#:10 [avengine.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1108
ThreadCreationTime : 01.01.2007 14:03:54
BasePriority : Normal
FileVersion : 2, 0, 1840, 33
ProductVersion : 2, 0, 1840, 33
ProductName : Panda Antimalware File Protection
CompanyName : Panda Software International
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine
LegalCopyright : © Panda Software 2006
OriginalFilename : avengine.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1256
ThreadCreationTime : 01.01.2007 14:03:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [tpsrv.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1296
ThreadCreationTime : 01.01.2007 14:04:00
BasePriority : Normal
FileVersion : 7, 0, 2, 0
ProductVersion : 7, 0, 2, 0
ProductName : TPSrv Application
CompanyName : Panda Software
FileDescription : TPSrv Application
InternalName : TPSrv
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : TPSrv.exe
#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1416
ThreadCreationTime : 01.01.2007 14:04:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1508
ThreadCreationTime : 01.01.2007 14:04:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:15 [pnmsrv.exe]
FilePath : c:\programme\panda software\panda internet security 2007\firewall\
ProcessID : 1592
ThreadCreationTime : 01.01.2007 14:04:04
BasePriority : Normal
FileVersion : 3, 0, 0,21
ProductVersion : 3, 0, 0, 0
ProductName : Panda residents
CompanyName : Panda Software International
FileDescription : Panda Network Manager Service
InternalName : PNMSRV
LegalCopyright : © Panda Software 2006
OriginalFilename : PNMSRV.EXE
#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1736
ThreadCreationTime : 01.01.2007 14:04:06
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:17 [pavfnsvr.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1880
ThreadCreationTime : 01.01.2007 14:04:11
BasePriority : Normal
FileVersion : 7.06.03.00
ProductVersion : 7.06.03.00
ProductName : Panda Residents
CompanyName : Panda Software International
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2006
OriginalFilename : PAVFNSVR.EXE
#:18 [pavprsrv.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\
ProcessID : 1900
ThreadCreationTime : 01.01.2007 14:04:12
BasePriority : Normal
FileVersion : 1.3.0.0
ProductVersion : 1.3.0.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2004, Panda Software
OriginalFilename : PavPrSrv.exe
#:19 [pskmssvc.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\
ProcessID : 1924
ThreadCreationTime : 01.01.2007 14:04:12
BasePriority : Normal
FileVersion : 1, 3, 1, 0
ProductVersion : 1, 3, 1, 0
ProductName : Panda Anti-malware
CompanyName : Panda Software International
FileDescription : Anti-Malware protection service library
InternalName : pskmssvc.exe
LegalCopyright : © Panda Software 2006
#:20 [psimsvc.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 2012
ThreadCreationTime : 01.01.2007 14:04:15
BasePriority : Normal
FileVersion : 2, 6, 36, 0
ProductVersion : 2, 6, 36, 0
ProductName : Panda Antivirus
CompanyName : Panda Software
FileDescription : Panda Interface Manager Service
InternalName : PsImSvc
LegalCopyright : © Panda Software 2006.
OriginalFilename : PsImSvc.exe
#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 124
ThreadCreationTime : 01.01.2007 14:04:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1688
ThreadCreationTime : 01.01.2007 14:04:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:23 [msmpeng.exe]
FilePath : C:\Programme\Windows Defender\
ProcessID : 2320
ThreadCreationTime : 01.01.2007 14:22:56
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe
#:24 [ati2evxx.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ProcessID : 440
ThreadCreationTime : 01.01.2007 15:09:56
BasePriority : Normal
FileVersion : 6.14.10.4149
ProductVersion : 6.14.10.4149
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 784
ThreadCreationTime : 01.01.2007 15:10:22
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
#:26 [rthdcpl.exe]
FilePath : C:\WINDOWS\
ProcessID : 2916
ThreadCreationTime : 01.01.2007 15:10:26
BasePriority : Normal
FileVersion : 1.1.1.7
ProductVersion : 1.1.1.7
ProductName : Realtek HD Audio Sound Effect Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek HD Audio Control Panel
LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
OriginalFilename : RTHDCPL.EXE
#:27 [apvxdwin.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1504
ThreadCreationTime : 01.01.2007 15:10:26
BasePriority : Normal
FileVersion : 7.10.06.02
ProductVersion : 11.00.02.00
ProductName : Panda Internet Security 2007
CompanyName : Panda Software International
FileDescription : Protección permanente Platinum
InternalName : APVXDWIN
LegalCopyright : © Panda Software 2006
OriginalFilename : APVXDWIN.EXE
#:28 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 2000
ThreadCreationTime : 01.01.2007 15:10:26
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:29 [msascui.exe]
FilePath : C:\Programme\Windows Defender\
ProcessID : 476
ThreadCreationTime : 01.01.2007 15:10:27
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3176
ThreadCreationTime : 01.01.2007 15:10:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:31 [cablecom_assistant.exe]
FilePath : C:\Programme\Cablecom Assistant\bin\
ProcessID : 1064
ThreadCreationTime : 01.01.2007 15:10:30
BasePriority : Normal
FileVersion : 5.08.01
ProductVersion : 5.8.12.asst_classic.asst_mad
ProductName : cablecom assistant
CompanyName : Motive Communications, Inc.
FileDescription : cablecom assistant
InternalName : mad
LegalCopyright : Copyright 1998-2003
OriginalFilename : mad
#:32 [srvload.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 3204
ThreadCreationTime : 01.01.2007 15:10:33
BasePriority : Normal
FileVersion : 6.01.01.00
ProductVersion : 6.01.01.00
ProductName : Panda AntiSpam Trainer
CompanyName : Panda Software International
FileDescription : Panda AntiSpam Trainer
InternalName : SRVLOAD
LegalCopyright : © Panda Software International 2006
OriginalFilename : SRVLOAD.EXE
#:33 [webproxy.exe]
FilePath : c:\programme\panda software\panda internet security 2007\
ProcessID : 2264
ThreadCreationTime : 01.01.2007 15:10:33
BasePriority : Normal
FileVersion : 6, 2, 22, 533
ProductVersion : 6, 2, 16, 0
ProductName : Panda residents
CompanyName : Panda Software International
FileDescription : Internet resident proxy
InternalName : WebProxy.exe
LegalCopyright : © Panda Software 2006
#:34 [mpbtn.exe]
FilePath : C:\Programme\Cablecom Assistant\bin\
ProcessID : 3244
ThreadCreationTime : 01.01.2007 15:10:38
BasePriority : Normal
#:35 [motive~1.exe]
FilePath : C:\PROGRA~1\Motive\ASSTCO~1\
ProcessID : 2972
ThreadCreationTime : 01.01.2007 15:10:39
BasePriority : Normal
FileVersion : 5.01.00
ProductVersion : 5.8.7.asst_classic.asst_motivedirectory
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive Directory
InternalName : motivedirectory
LegalCopyright : Copyright 1998-2003
OriginalFilename : motivedirectory
#:36 [outlook.exe]
FilePath : C:\Programme\Microsoft Office\Office10\
ProcessID : 1272
ThreadCreationTime : 01.01.2007 15:28:18
BasePriority : Normal
#:37 [winword.exe]
FilePath : C:\Programme\Microsoft Office\Office10\
ProcessID : 2968
ThreadCreationTime : 01.01.2007 15:28:23
BasePriority : Normal
#:38 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 2040
ThreadCreationTime : 01.01.2007 15:28:53
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:39 [agentsvr.exe]
FilePath : C:\WINDOWS\msagent\
ProcessID : 1060
ThreadCreationTime : 01.01.2007 15:28:55
BasePriority : Normal
FileVersion : 2.00.0.3424
ProductVersion : 2.00.0.3424
ProductName : Microsoft Agent Server
CompanyName : Microsoft Corporation
FileDescription : Microsoft Agent Server
InternalName : AgentServer
LegalCopyright : Copyright (C) Microsoft Corp. 1997-98
OriginalFilename : AgentSvr.exe
#:40 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3864
ThreadCreationTime : 01.01.2007 15:34:28
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:41 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 3640
ThreadCreationTime : 01.01.2007 15:55:48
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:42 [ad-aware.exe]
FilePath : C:\PROGRA~1\VIRENP~1\ADAWAR~1\AD-AWA~1\
ProcessID : 2260
ThreadCreationTime : 01.01.2007 16:14:32
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adtech[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@adtech.de/
Expires : 29.12.2016 17:04:06
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@revsci[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@revsci.net/
Expires : 27.12.2026 17:12:50
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adopt.euroclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:user@adopt.euroclick.com/
Expires : 29.12.2016 17:04:28
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3
Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Deep scanning and examining files (E
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
17:23:10 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:25.203
Objects scanned:166804
Objects identified:3
Objects ignored:0
New critical objects:3