Lop.com - Verseuchung

Warnungen vor Sicherheitslücken und Hilfe beim Enfernen von Viren, Würmern und Trojanern.
Thema gesperrt

Beitragvon HYP82 am 31.12.2004, 13:37

Hallöchen. Ich hab ein Problem :wink: .
Und zwar, funktioniert mein Browser, den ich neben IE benutze nich, aber der IE funktioniert eben, macht aber komische Sachen! Wenn ich offline bin poppt manchmal nen Fenster auf, wo drin steht, irgendnen Programm brauch ne Internetverbindung und dann hab ich die Optionen, Offline Arbeiten oder Verbinden. egal was ich klickt, es geht dann weg und nix passiert!
Was mich aber mehr stört ist, dass sich die Startseite nich einstellen lässt, denn die ändert der IE immer wenn ich ihn neu starte auf irgendwelche zeichen und Hyroglyphen um. Und er stellt so komische Ikons auf meinen Desktop, wie Website Hosting, Casino Online, Bingo, Printer Cartridges usw. aber wenn ich da draufklicke, verlinkt der sich wieder zu Seiten die solch eine Addresse haben http://www.rxckfnrjewj.com/txLJIFLVSBBb ... 4k118.html (<-- Link der Startseite als Beispiel).

Ich hab leider keine Ahnung was das soll. Ich hab schon Spybot S&D und auch Adaware6.0 mehrmals laufen lassen, aber die finden nichts. und wenn dann lösch ich das alles, aber die Probs kommen bald wieder.
Jetzt hab ich mir das Hijackthis geholt und hoffe ihr könnt mir da helfen.
Hier mein log file:

Logfile of HijackThis v1.99.0
Scan saved at 11:58:40, on 31.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\McAfee\McAfee Firewall\CPD.EXE
C:\Programme\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\Winamp\Winampa.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Messenger Plus! 3\MsgPlus.exe
C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\DOKUME~1\Patrick\LOKALE~1\Temp\bundle.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Games\Sonstiges\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bohutcbqrfx.com/txLJIFLVSBB7 ... 45u8i.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rxckfnrjewj.com/txLJIFLVSBBb ... 4k118.html
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programme\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOKUME~1\Patrick\LOKALE~1\Temp\bundle.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [qrot] C:\WINDOWS\qrot.exe
O4 - HKLM\..\Run: [Creative curb mess book] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\Junktick.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Trust64] C:\DOKUME~1\Patrick\ANWEND~1\DELETE~1\Copy up live.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b28578.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... ge-c14.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/chipdetect/S ... tectNT.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD1ADB74-5B03-4B2E-9D03-86C16361E18F}: NameServer = 217.237.149.225 217.237.151.97
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Programme\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

Ich hoffe auf schnelle Hilfe!
Danke schonmal.
HYP82
 
Beiträge: 9
Registriert: 31.12.2004, 13:27
Nach oben

Beitragvon Nikita am 31.12.2004, 18:26

Hallo@HYP82

der [MessengerPlus3] ist Schuld an der Lop.com -Verseuchung (man muss also wahnsinnig + dumm zugleich sein, sowas zu laden)

#eScan-Erkennungstool
http://www.rokop-security.de/board/inde ... topic=3867
mwav.exe runterladen, die Datei in den Ordner c:\bases (wichtig!) entpacken und danach kavupd.exe (Update- in DOS) ausführen

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bohutcbqrfx.com/txLJIFLVSBB7 ... 45u8i.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rxckfnrjewj.com/txLJIFLVSBBb ... 4k118.html
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de\msntb.dll
O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programme\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOKUME~1\Patrick\LOKALE~1\Temp\bundle.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [qrot] C:\WINDOWS\qrot.exe
O4 - HKLM\..\Run: [Creative curb mess book] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\Junktick.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Trust64] C:\DOKUME~1\Patrick\ANWEND~1\DELETE~1\Copy up live.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b28578.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Click ... ge-c14.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/chipdetect/S ... tectNT.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab

PC neustarten
gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/vi ... mode.shtml

#Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"

#C:\Windows\Downloaded Programm Files\ -->löschen

Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software"
<C:\Programme\AceGain\
<C:\Program Files\Admilli Service\
<[MessengerPlus3]

Suche und loesche:
C:\PROGRA~1\SEARCH~1\ <---- den kompletten Ordner loeschen
C:\Programme\MSN Apps\ <---- den kompletten Ordner loeschen
C:\Programme\Messenger Plus! 3\ <---- den kompletten Ordner loeschen
C:\Programme\AceGain\ <---- den kompletten Ordner loeschen
c:\temp\salm.exe
C:\WINDOWS\qrot.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\Junktick.exe
C:\DOKUME~1\Patrick\ANWEND~1\DELETE~1\Copy up live.exe
C:\DOKUME~1\Patrick\LOKALE~1\Temp\bundle.exe

loeschen temporaere Dateien
C:\WINDOWS\Temp\
C:\Temp\
C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Temp\

Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k

und den Scanner mit der "mwav.exe"[oder:MWAVSCAN.COM] starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->und "Scan " klicken.

Gehe wieder in den Normalmodus

mache bitte folgendes: (loesche die angegebenen infizierten Dateien manuell oder mit der killbox --->wie es erklart wird) +
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein

Bild

jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
und ganz unten steht die zusammenfassung, diese auch hier posten :)

#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs
- Autovervollständigen-Einträge in Web-Formularen des IE (bisher
nur Win9x/ME)
- Download-Listen des Netscape/Opera

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben

Beitragvon HYP82 am 01.01.2005, 14:33

Frohes Neues Jahr euch allen von mir aus, danke an dich nikita und hier das mwav-Log!

Sat Jan 01 11:49:53 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\Bait Bias.bk! infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:49:53 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\File Eq.bk! infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:49:53 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\frag settings.bk! infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:49:53 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\gpl support.bk! infected by "Trojan.Win32.Krepper.ab" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:49:54 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\greystore.bk! infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:49:54 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\Heart part.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:49:54 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\LOAD PING.bk! infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:49:55 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\SECT 64.bk! infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:49:55 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb\STOPBYTE.bk! infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:26 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\aelbbsbv.exe infected by "Trojan-Downloader.Win32.Swizzor.cm" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:26 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\aeqwannn.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:27 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\clykfghi.exe infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:27 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\Dumbdoesplayboob.exe infected by "Trojan-Downloader.Win32.Swizzor.cc" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:27 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\enpslrnz.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:27 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\hautyywo.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:28 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\oabsatsm.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:28 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\oeicmkpn.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:28 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\pjajreri.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:28 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\scr extra pure.exe infected by "TrojanDownloader.Win32.Swizzor.cb" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:29 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\xowjynya.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:29 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\zjmbduon.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:52:29 2005 => File C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\zjwpuljc.exe infected by "TrojanDownloader.Win32.Swizzor.bz" Virus. Action Taken: No Action Taken.

C:\Games\Sonstiges\hijackthis\backups\backup-20050101-112017-456.dll infected by "not-a-virus:AdWare.Relevance.b" Virus. Action Taken: No Action Taken.

Sat Jan 01 11:59:38 2005 => File C:\Games\Sonstiges\hijackthis\backups\backup-20050101-112017-589.dll infected by "not-a-virus:AdWare.WinAD.j" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:02:27 2005 => File C:\Programme\C2Media\Setup.exe infected by "Trojan-Downloader.Win32.Swizzor.cg" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:09:25 2005 => File C:\Programme\Norton SystemWorks\Norton Antivirus\Quarantine\74A80398.php infected by "TrojanDownloader.JS.Small.d" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:09:25 2005 => File C:\Programme\Norton SystemWorks\Norton Antivirus\Quarantine\74DC235E.class infected by "Trojan.Java.ClassLoader.d" Virus. Action Taken: No Action Taken.

C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc430.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken.

C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc431.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken.

C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc434.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:24 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc579.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:29 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc627.exe infected by "Trojan-Downloader.Win32.Swizzor.cd" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:35 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc722.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:38 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc754.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:39 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc758.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:39 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc764.exe infected by "not-a-virus:AdWare.Sahat.h" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:39 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc768.exe infected by "not-a-virus:AdWare.ToolBar.IeSearchBar" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:42 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc799.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:43 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc804.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:43 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc806.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:43 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc807.exe infected by "TrojanDownloader.Win32.Swizzor.bx" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:43 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc808.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:12:44 2005 => File C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc815.exe infected by "TrojanDownloader.Win32.Swizzor.ca" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:13:09 2005 => File C:\System Volume Information\_restore{1ACA6D6A-FEFC-48A4-B635-AEB678FD5AEC}\RP20\A0006250.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:13:17 2005 => File C:\System Volume Information\_restore{1ACA6D6A-FEFC-48A4-B635-AEB678FD5AEC}\RP21\A0006392.dll infected by "not-a-virus:AdWare.Relevance.b" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:13:18 2005 => File C:\System Volume Information\_restore{1ACA6D6A-FEFC-48A4-B635-AEB678FD5AEC}\RP21\A0006407.dll infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:13:18 2005 => File C:\System Volume Information\_restore{1ACA6D6A-FEFC-48A4-B635-AEB678FD5AEC}\RP21\A0006408.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:13:18 2005 => File C:\System Volume Information\_restore{1ACA6D6A-FEFC-48A4-B635-AEB678FD5AEC}\RP21\A0006409.exe infected by "not-a-virus:AdWare.WinAD.k" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:13:19 2005 => File C:\System Volume Information\_restore{1ACA6D6A-FEFC-48A4-B635-AEB678FD5AEC}\RP21\A0006410.exe infected by "Trojan-Downloader.Win32.Swizzor.cn" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:13:19 2005 => File C:\System Volume Information\_restore{1ACA6D6A-FEFC-48A4-B635-AEB678FD5AEC}\RP21\A0006411.exe infected by "not-a-virus:AdWare.Lop.e" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:18:13 2005 => File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.

Sat Jan 01 12:35:50 2005 => File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe infected by "not-a-virus:AdWare.ShopAtHome.b" Virus. Action Taken: No Action Taken.


Sat Jan 01 12:48:22 2005 => ***** Scanning complete. *****

Sat Jan 01 12:48:22 2005 => Total Files Scanned: 69261
Sat Jan 01 12:48:22 2005 => Total Virus(es) Found: 72
Sat Jan 01 12:48:22 2005 => Total Disinfected Files: 0
Sat Jan 01 12:48:23 2005 => Total Files Renamed: 0
Sat Jan 01 12:48:23 2005 => Total Deleted Files: 0
Sat Jan 01 12:48:23 2005 => Total Errors: 291
Sat Jan 01 12:48:23 2005 => Time Elapsed: 01:04:16
Sat Jan 01 12:48:23 2005 => Virus Database Date: 2005/01/01
Sat Jan 01 12:48:23 2005 => Virus Database Count: 114529

Sat Jan 01 12:48:23 2005 => Scan Completed.

Sat Jan 01 12:50:33 2005 => Virus Database Date: 2005/01/01
Sat Jan 01 12:50:33 2005 => Virus Database Count: 114529
Sat Jan 01 12:50:40 2005 => AV Library Unloaded (3)...
HYP82
 
Beiträge: 9
Registriert: 31.12.2004, 13:27
Nach oben

Beitragvon Nikita am 01.01.2005, 14:50

Hallo@HYP82

#Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"

Deaktivieren Wiederherstellung
«XP
http://service1.symantec.com/SUPPORT/IN ... 7105707924

lade die KillBox
http://www.bleepingcomputer.com/files/killbox.php
http://download.broadbandmedic.com/

gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/vi ... mode.shtml

Loesche:
<C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\idlemovecreativecurb
<---- den kompletten Ordner loeschen

<C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Delete Dash Heck\
<---- den kompletten Ordner loeschen

<C:\Programme\C2Media\

oeffne die Killbox:
<Delete File on Reboot
und klick auf das rote Kreuz,
wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc430.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc431.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc434.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc579.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc627.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc722.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc754.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc758.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc764.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc768.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc799.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc804.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc806.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc807.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc808.exe
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004\Dc815.exe

PC neustarten

(wenn es mit der killbox nicht klappt, musst du die
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004
manuell im abgesicherten Modus loeschen)


#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs
- Autovervollständigen-Einträge in Web-Formularen des IE (bisher
nur Win9x/ME)
- Download-Listen des Netscape/Opera

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

und postest das neue Log vom HijackThis

--------------------------------------------------------------------------------------------------------
#Alternativbrowser zum IE
Firefox
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/ ... ndex1.html

dann defragmentierst du die Festplatten , dann laeuft Windows dreimal so schnell
Defragmentierungs-Option
arbeitsplatz--> lokaler datenträger--> rechtsklick--> eigenschaften--> extras--> jetzt defragmentieren

#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben

Beitragvon HYP82 am 01.01.2005, 19:36

Hi nikita.
Hier also das neue Log-File!
Gleich vornweg.

C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004

Dieses Ding kann ich weder mit de Killbox löschen, noch manuel. Trotz das ich im abgesicherten Modus bin sagt der mir, dass er nich löschen kann, weil es im moment von einem Programm benutzt wird!
Vielleicht als Info noch. Diese Datei sieht aus wie der Papierkorb und wenn ich rechtsklicke darauf bringt er mir auch das auswahlmenü des Papierkorbs wie ich es jetzt hab mit der Symantec Systemworks 2004!

Log-File:

Logfile of HijackThis v1.99.0
Scan saved at 18:33:12, on 01.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\Winamp\Winampa.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\McAfee\McAfee Firewall\CPD.EXE
C:\Programme\McAfee\McAfee Firewall\CPD.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Works\MSWorks.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Games\Sonstiges\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lzdswwlwzepvatkpt.com/txLJIF ... 345u8i.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Programme\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Programme\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Programme\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
HYP82
 
Beiträge: 9
Registriert: 31.12.2004, 13:27
Nach oben

Beitragvon Nikita am 01.01.2005, 19:45

Hallo@

Lade:
#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/

Boote in den abgesicherten Modus

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lzdswwlwzepvatkpt.com/txLJIF ... 345u8i.htm

(nicht neustarten !)

TuneUp:
<Cleanup repair -->TuneUp Diskcleaner
<Cleanup repair -->Registry Cleaner
<es gibt auch einen Shredder:
Mit dem versuche im abgesicherten Modus
C:\RECYCLER\S-1-5-21-484763869-1383384898-1801674531-1004
zu loeschen.

<dann scanne noch mal mit eSCan und poste, was noch als infiziert angezeigt wird.

<Gehe wieder in den Normalmodus.

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1

Ad-Aware SE Settings
===========================
Festlegen : Nach unbedeutenden Risikoeinträgen suchen
Festlegen : Sicherer Modus (stets Bestätigung abfragen)
Festlegen : Aktive Prozesse scannen
Festlegen : Registrierung scannen
Festlegen : Registrierung gründlich scannen
Festlegen : IE-Favoriten nach gesperrten URLs durchsuchen
Festlegen : Hosts-Datei scannen

Extended Ad-Aware SE Settings
===========================
Festlegen : Ident. Proz./Mod. beim Scanning aus Speicher entf.
Festlegen : Reg. f. für alle Benutzer (nicht nur f. akt. Ben.) scannen
Festlegen : Vor dem Löschen stets versuchen, Module aus dem Speicher zu entfernen
Festlegen : Explorer/IE b. Löschen ggf. beenden und aus Speicher entf.
Festlegen : Geöffnete Dateien beim nächsten Neustart von Windows löschen lassen
Festlegen : Nach der Wiederherstellung Objekte unter Quarantäne löschen
Festlegen : Grundlegende Ad-Aware-Einstellungen protokollieren
Festlegen : Erweiterte Ad-Aware-Einstellungen protokollieren
Festlegen : Referenz-Zusammenfassung protokollieren
Festlegen : Details zu alternativen Datenströmen protokollieren
Festlegen : Wenn kritische Objekte identifiziert wurden, Scanlauf durch akustisches Signal abschließen

FINDnFIX her:
http://downloads.subratam.org/FINDnFIX.exe
-->!LOG!.bat
-->Log.txt

poste ebenfalls das Scanlog vom AdAware+ FINDFix + eScan +das neue Log vom HijackThis
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben

Beitragvon HYP82 am 02.01.2005, 02:25

Hier also die Log-Files!

Adaware:
Ad-Aware SE Build 1.05
Logfile Created on:Sonntag, 2. Januar 2005 01:04:31
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):25 total references
Alexa(TAC index:5):11 total references
MRU List(TAC index:0):34 total references
SahAgent(TAC index:9):5 total references
Tracking Cookie(TAC index:3):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Dump details about unhandled exceptions to disk
Set : Play sound at scan completion if scan locates critical objects


02.01.2005 01:04:31 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Patrick\recent
Description : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 668
ThreadCreationTime : 01.01.2005 23:37:38
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 01.01.2005 23:37:39
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 01.01.2005 23:37:40
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 01.01.2005 23:37:40
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 01.01.2005 23:37:40
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1100
ThreadCreationTime : 01.01.2005 23:37:41
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1212
ThreadCreationTime : 01.01.2005 23:37:41
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [stylexpservice.exe]
FilePath : C:\Programme\TGTSoft\StyleXP\
ProcessID : 1236
ThreadCreationTime : 01.01.2005 23:37:41
BasePriority : Normal
FileVersion : 0, 20, 0, 3000
ProductVersion : 0, 20, 0, 3000
ProductName : StyleXPService Module
FileDescription : StyleXPService Module
InternalName : StyleXPService
LegalCopyright : Copyright 2001
OriginalFilename : StyleXPService.EXE

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1404
ThreadCreationTime : 01.01.2005 23:37:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1460
ThreadCreationTime : 01.01.2005 23:37:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1608
ThreadCreationTime : 01.01.2005 23:37:43
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:12 [ccsetmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1648
ThreadCreationTime : 01.01.2005 23:37:43
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1696
ThreadCreationTime : 01.01.2005 23:37:43
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1864
ThreadCreationTime : 01.01.2005 23:37:43
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1892
ThreadCreationTime : 01.01.2005 23:37:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:16 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1940
ThreadCreationTime : 01.01.2005 23:37:43
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:17 [cthelper.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 224
ThreadCreationTime : 01.01.2005 23:37:46
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright (C) 2002
OriginalFilename : CtHelper.EXE

#:18 [winampa.exe]
FilePath : C:\Programme\Winamp\
ProcessID : 236
ThreadCreationTime : 01.01.2005 23:37:46
BasePriority : Normal


#:19 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_05\bin\
ProcessID : 252
ThreadCreationTime : 01.01.2005 23:37:46
BasePriority : Normal


#:20 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 268
ThreadCreationTime : 01.01.2005 23:37:46
BasePriority : Normal
FileVersion : 5.0.05
ProductVersion : 5.0.05
ProductName : Avance Sound Manager
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2002 Avance Logic, Inc.
OriginalFilename : ALSMTray.exe
Comments : Avance AC97 Audio Sound Manager

#:21 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 296
ThreadCreationTime : 01.01.2005 23:37:46
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:22 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 320
ThreadCreationTime : 01.01.2005 23:37:46
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:23 [cmgrdian.exe]
FilePath : C:\Programme\McAfee\McAfee Shared Components\Guardian\
ProcessID : 344
ThreadCreationTime : 01.01.2005 23:37:46
BasePriority : Normal
FileVersion : 3.01.1000.0
ProductVersion : 3.01.1000.0
ProductName : McAfee Windows Guardian
CompanyName : Network Associates, Inc.
FileDescription : McAfee Guardian Agent
InternalName : CMGrdian
LegalCopyright : Copyright © 1997-2001 Network Associates, Inc. All rights reserved
OriginalFilename : CMGrdian.exe

#:24 [lxsupmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 352
ThreadCreationTime : 01.01.2005 23:37:47
BasePriority : Normal
FileVersion : 3.0.105.1
ProductVersion : 3.0.105.1
ProductName : Lexmark Supplies Monitor
CompanyName : Lexmark International Inc.
FileDescription : Supplies Monitor
InternalName : LXSUPMON
LegalCopyright : Copyright © 2002
OriginalFilename : LXSUPMON.RC

#:25 [incd.exe]
FilePath : C:\Programme\Ahead\InCD\
ProcessID : 388
ThreadCreationTime : 01.01.2005 23:37:47
BasePriority : Normal
FileVersion : 3.34.0
ProductVersion : 3.34.0
ProductName : InCD
CompanyName : Copyright (C) ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright (C) ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:26 [daemon.exe]
FilePath : C:\Programme\D-Tools\
ProcessID : 396
ThreadCreationTime : 01.01.2005 23:37:47
BasePriority : Normal


#:27 [ccapp.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 404
ThreadCreationTime : 01.01.2005 23:37:47
BasePriority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:28 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 456
ThreadCreationTime : 01.01.2005 23:37:47
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:29 [rulaunch.exe]
FilePath : C:\Programme\McAfee\McAfee Shared Components\Instant Updater\
ProcessID : 500
ThreadCreationTime : 01.01.2005 23:37:47
BasePriority : Normal
FileVersion : 2.02.1001.0
ProductVersion : 2.02.1001.0
ProductName : McAfee Instant Updater
CompanyName : Network Associates, Inc.
FileDescription : Instant Updater Main Program
InternalName : RuLaunch
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc. All rights reserved.
OriginalFilename : RuLaunch.exe

#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 520
ThreadCreationTime : 01.01.2005 23:37:47
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [uiwatcher.exe]
FilePath : C:\Programme\ashampoo\Ashampoo UnInstaller Suite\
ProcessID : 656
ThreadCreationTime : 01.01.2005 23:37:47
BasePriority : Normal
FileVersion : 1.3.1.4
ProductVersion : 1.3.1.4
ProductName : ashampoo UnInstaller Watcher
CompanyName : ashampoo GmbH & Co. KG
FileDescription : UnInstaller Watcher
InternalName : UIWatcher
LegalCopyright : 1999-2002 ashampoo GmbH & Co. KG
LegalTrademarks : ashampoo GmbH & Co. KG
OriginalFilename : UIWatcher

#:32 [wkcalrem.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\
ProcessID : 1432
ThreadCreationTime : 01.01.2005 23:37:48
BasePriority : Normal
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:33 [wincinemamgr.exe]
FilePath : C:\Programme\InterVideo\Common\Bin\
ProcessID : 1496
ThreadCreationTime : 01.01.2005 23:37:48
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright (C) 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:34 [icq.exe]
FilePath : C:\PROGRA~1\ICQ\
ProcessID : 1472
ThreadCreationTime : 01.01.2005 23:37:48
BasePriority : Normal
FileVersion : 5,5,6,3916
ProductVersion : 2003b
ProductName : ICQ
CompanyName : ICQ Inc.
FileDescription : ICQ
InternalName : ICQ
LegalCopyright : Copyright © 1996 - 2001 ICQ Inc. All Rights Reserved.
OriginalFilename : ICQ.exe
Comments : ICQ V2003b

#:35 [calcheck.exe]
FilePath : C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\
ProcessID : 1552
ThreadCreationTime : 01.01.2005 23:37:48
BasePriority : Normal
FileVersion : 2, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Calendar Checker Application
CompanyName : Ulead Systems, Inc.
FileDescription : Photo Express -- Calendar Checker
InternalName : CalCheck
LegalCopyright : Copyright (C) 1992-1998.Ulead Systems, Inc.
LegalTrademarks : Ulead Systems, MediaStudio, PhotoImpact and Photo Express are registered trademarks of Ulead Systems, Inc.
OriginalFilename : CalCheck.EXE

#:36 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 564
ThreadCreationTime : 01.01.2005 23:37:50
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:37 [ghosts~2.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~4\
ProcessID : 2488
ThreadCreationTime : 01.01.2005 23:38:52
BasePriority : Normal
FileVersion : 2003.789
ProductVersion : 2003.789
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright (C) 1998-2003 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe

#:38 [nprotect.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\
ProcessID : 2516
ThreadCreationTime : 01.01.2005 23:38:53
BasePriority : Normal
FileVersion : 17.0.0.82
ProductVersion : 17.0.0.82
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:39 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2532
ThreadCreationTime : 01.01.2005 23:38:53
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:40 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\
ProcessID : 2620
ThreadCreationTime : 01.01.2005 23:38:53
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation
OriginalFilename : NOPDB.dll

#:41 [symlcsvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\
ProcessID : 2652
ThreadCreationTime : 01.01.2005 23:38:54
BasePriority : Normal
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:42 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2676
ThreadCreationTime : 01.01.2005 23:38:54
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:43 [cpd.exe]
FilePath : C:\Programme\McAfee\McAfee Firewall\
ProcessID : 3060
ThreadCreationTime : 01.01.2005 23:39:02
BasePriority : Normal
FileVersion : 4.02.6000.0
ProductVersion : 4.02.6000.0
ProductName : McAfee Firewall
CompanyName : Network Associates, Inc.
FileDescription : McAfee Firewall
LegalCopyright : Copyright © 1996-2003 Networks Associates Technology, Inc. All rights reserved
OriginalFilename : cpd.exe

#:44 [cpd.exe]
FilePath : C:\Programme\McAfee\McAfee Firewall\
ProcessID : 3252
ThreadCreationTime : 01.01.2005 23:39:05
BasePriority : Normal
FileVersion : 4.02.6000.0
ProductVersion : 4.02.6000.0
ProductName : McAfee Firewall
CompanyName : Network Associates, Inc.
FileDescription : McAfee Firewall
LegalCopyright : Copyright © 1996-2003 Networks Associates Technology, Inc. All rights reserved
OriginalFilename : cpd.exe

#:45 [winword.exe]
FilePath : C:\Programme\Microsoft Office\Office10\
ProcessID : 948
ThreadCreationTime : 01.01.2005 23:39:15
BasePriority : Normal


#:46 [msworks.exe]
FilePath : C:\Programme\Microsoft Works\
ProcessID : 1256
ThreadCreationTime : 01.01.2005 23:39:23
BasePriority : Normal
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Task Launcher
InternalName : MSWORKS
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : MSWorks.exe

#:47 [kernel.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
ProcessID : 2228
ThreadCreationTime : 01.01.2005 23:39:34
BasePriority : Normal
FileVersion : 1.38.0.1
ProductVersion : xx.xx.xx.xxxx
ProductName : T-Online Basissoftware
CompanyName : T-Online
FileDescription : T-Online StartCenter 5.0
InternalName : T-Online Software
LegalCopyright : Copyright 2001
OriginalFilename : kernel.exe

#:48 [sc_watch.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
ProcessID : 2248
ThreadCreationTime : 01.01.2005 23:39:35
BasePriority : Normal


#:49 [profil~1.exe]
FilePath : C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\
ProcessID : 2288
ThreadCreationTime : 01.01.2005 23:39:36
BasePriority : Normal
FileVersion : 1.34.00.0002
ProductVersion : 5.00.00.0000
ProductName : T-Online Basissoftware
CompanyName : T-Online
FileDescription : T-Online Profilverwaltung
InternalName : Profilemgr
LegalCopyright : Copyright 2001
OriginalFilename : profilemgr.exe

#:50 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2096
ThreadCreationTime : 02.01.2005 00:03:53
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

SahAgent Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : partner_id

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-484763869-1383384898-1801674531-1004\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 47


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : patrick@servedby.netshelter[2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:patrick@servedby.netshelter.net/
Expires : 29.06.2021 14:48:54
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : patrick@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:patrick@atdmt.com/
Expires : 31.12.2009 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : patrick@as1.falkag[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:patrick@as1.falkag.de/
Expires : 31.01.2005 19:48:50
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : patrick@versiontracker[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:patrick@versiontracker.com/
Expires : 01.01.2007 16:40:16
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : patrick@adtech[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:patrick@adtech.de/
Expires : 31.12.2014 00:40:06
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : patrick@mediaplex[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:patrick@mediaplex.com/
Expires : 22.06.2009 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : patrick@doubleclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:patrick@doubleclick.net/
Expires : 02.01.2008 00:40:10
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 54



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

180Solutions Object Recognized!
Type : File
Data : A0006250.exe
Category : Data Miner
Comment :
Object : C:\!Submit\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 55




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SahAgent Object Recognized!
Type : File
Data : vg.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



SahAgent Object Recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\



SahAgent Object Recognized!
Type : File
Data : WEBInstaller.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 1, 1, 1, 34
ProductVersion : 1, 1, 1, 34
ProductName : WEBInstaller Module
FileDescription : WEBInstaller Module
InternalName : WEBInstaller
LegalCopyright : Copyright 2002
OriginalFilename : WEBInstaller.DLL


SahAgent Object Recognized!
Type : File
Data : v.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : last_conn_h

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : last_conn_l

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : we

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : cdata

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : TimeOffset

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : action_url_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : action_url_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : action_url_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : key_file

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : kw_last_chunk

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : did

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : duid

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : product_id

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : mt1

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : mt2

180Solutions Object Recog