Downloader.Trojan + 180 search Assistant

von **beder** am 09.08.2005, 21:51

Hallo miteinander,

ich hoffe, ihr könnt (und wollt) mir bei meinem Problem helfen, ich gerate nämlich schon langsam in Verzweiflung...und ich bin sicher nicht so pc-fit wie ihr alle hier

Also folgendes...

Als ich meinen PC einschaltete, flatterten mir diverse Virenmeldungen von Symantec entgegen...in meinem naiven Vertrauen in die Technik und Norton dachte ich: Na, das löscht der schon

Aber:
Ich habe mir einen Downloader.Trojan eingefangen...hab mich im Internet auch n bissl darüber schlaugemacht und mir hijackthis gezogen (Log unten)
Im Moment läuft gerade Norton drüber, kanns aber nicht löschen
Außerdem habe ich schon die temporären Dateien im Internet gelöscht und mal ne Runde Clean-Up! gespielt...bringt aber alles nichts

Und außerdem habe ich noch den 180 search Assistant, den ich nicht loswerde, denn er lässt sich nicht deinstallieren...

Könnt ihr mir bitte, bitte helfen? Und falls bei den Löschmethoden irgendwas komplizierteres vorkommt, bitte für den Laien erklären?
Vor allem Hijack ist mir völlig unbekannt...

Gracias

Viele Grüße
Peter

Hijack-LOG

Logfile of HijackThis v1.99.1
Scan saved at 20:54:59, on 09.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonalPremium\AVGUARD.EXE
C:\Programme\AVPersonalPremium\AVESVC.EXE
C:\Programme\AVPersonalPremium\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\mHotkey.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\SpyBlocs\SpyBlocs.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINNT\System32\MsiExec.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Programme\AVPersonalPremium\AVGNT.EXE
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\programme\180searchassistant\salm.exe
C:\WINNT\System32\shellexpl.exe
C:\Programme\Spyware Doctor\spydoctor.exe
C:\WINNT\system32\internat.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\NMain.exe
C:\WINNT\System32\MsiExec.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\WINNT\System32\MsiExec.exe
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
C:\PROGRA~1\NORTON~1\navw32.exe
C:\WINNT\system32\rundll32.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hand-book.com/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://ie.search.psn.cn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F1 - win.ini: run=C:\MOUSE\wmousecc.exe
F3 - REG:win.ini: load=c:\mouse\wbuttons.exe
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\programme\180searchassistant\salmhook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [codfxrun] "C:\Programme\ATI Multimedia\codfx.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [STOPzilla] "C:\Programme\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [SpyBlocs] C:\Programme\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [WinAuth] C:\WINNT\winlogon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonalPremium\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [salm] c:\programme\180searchassistant\salm.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexpl.exe en
O4 - HKCU\..\Run: [sws.exe] c:\programme\GlobalDialer\domer00046\gd-domer00046_de.exe -remove
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [AddClass] C:\WINNT\AddClass.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... dge-c2.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0098F30E-04BE-4DC3-ACB0-B27CD800D969}: NameServer = 131.188.24.2,131.188.24.4,131.188.3.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{607832D7-1598-4CB6-962A-2B6229D01EA2}: NameServer = 217.237.151.97 217.237.150.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{0098F30E-04BE-4DC3-ACB0-B27CD800D969}: NameServer = 131.188.24.2,131.188.24.4,131.188.3.72
O17 - HKLM\System\CS2\Services\Tcpip\..\{0098F30E-04BE-4DC3-ACB0-B27CD800D969}: NameServer = 131.188.24.2,131.188.24.4,131.188.3.72
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: msconfd.dll
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - AntiVir PersonalProducts GmbH. - C:\Programme\AVPersonalPremium\AVMAILC.EXE
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - AntiVir PersonalProducts GmbH - C:\Programme\AVPersonalPremium\AVGUARD.EXE
O23 - Service: AVE Service (AVEService) - AntiVir PersonalProducts GmbH - C:\Programme\AVPersonalPremium\AVESVC.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonalPremium\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

von **automatix** am 09.08.2005, 23:44

An deine Stelle würde ich formatieren. 19 böse Prozesse! Da kommt was auf dich zu. Da ich aber kein Profi in dieser Rubrik bin, will ich nicht vorgreifen. Mal sehen!

von **Nikita** am 10.08.2005, 00:46

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hand-book.com/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://ie.search.psn.cn/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - (no file)
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\programme\180searchassistant\salmhook.dll
O4 - HKLM\..\Run: [STOPzilla] "C:\Programme\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [SpyBlocs] C:\Programme\SpyBlocs\SpyBlocs.exe
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [WinAuth] C:\WINNT\winlogon.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\programme\180searchassistant\salm.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [Explorer] C:\WINNT\System32\shellexpl.exe en
O4 - HKCU\..\Run: [sws.exe] c:\programme\GlobalDialer\domer00046\gd-domer00046_de.exe -remove
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [AddClass] C:\WINNT\AddClass.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media ... dge-c2.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: msconfd.dll
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

PC neustarten

•Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software"

spydoctor
STOPzilla!
SpyBlocs

•KillBox
http://bilder.informationsarchiv.net/Ni ... illBox.zip
Anleitung: (bebildert)
http://nikita.eddys-domain.de/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINNT\RunDll16.exe
c:\programme\180searchassistant\salmhook.dll
c:\programme\180searchassistant\saap.exe
c:\programme\180searchassistant\saap_kyf.dat
c:\programme\180searchassistant\saapau.dat
c:\programme\180searchassistant\saap_gdf.dat
c:\programme\180searchassistant\saap.log
c:\programme\180searchassistant\salm.exe
c:\programme\180searchassistant\salmhook.dll
c:\programme\180searchassistant\salm_kyf.dat
c:\programme\180searchassistant\salmau.dat
c:\programme\180searchassistant\salm_gdf.dat
c:\programme\180searchassistant\salm.log

C:\WINNT\winlogon.exe
C:\WINNT\AddClass.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAcess.exe
C:\Program Files\Media Access\Info.txt
C:\Program Files\Media Access\MediaAccC.dll
c:\windows\downloaded program files\mediaaccx.dll
c:\programme\GlobalDialer\domer00046\gd-domer00046_de.exe
C:\WINNT\System32\shellexpl.exe
C:\Programme\SpyBlocs\SpyBlocs.exe
C:\WINNT\System32\msconfd.dll

PC neustarten

•Ad-aware SE Personal
http://nikita.eddys-domain.de/antispywaretools.html
Laden--> Updaten-->Konfigurieren
http://nikita.eddys-domain.de/adaware.html
#VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!
scannen-->PC neustarten--> noch mal scannen-

ewido (poste das Log vom Scan)
http://nikita.eddys-domain.de/antivirenfree.html

Panda (poste das log vom SCan)
http://nikita.eddys-domain.de/onlinescan.html
-------------------------------------------------------------------------------
#TuneUp2004 (30 Tage free)
http://nikita.eddys-domain.de/reinigung ... istry.html
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

CCleaner--> loesche alle *temp-Datein
http://nikita.eddys-domain.de/IE.html
+

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

das neue log vom HijackThis

von **beder** am 11.08.2005, 13:55

Hallo nikita, zunächst einmal vielen Dank für deine umfangreiche Hilfe, ich habe alle Anweisungen befolgt, aber der Downloader.Trojan befindet sich immer noch auf meiner Platte

HIer ist der Log von ewido

ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 10:25:57, 11.08.2005
+ Report-Checksumme: 69CB5840

+ Scanergebnis:

HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Gesäubert mit Backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Gesäubert mit Backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Gesäubert mit Backup
HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Gesäubert mit Backup
:mozilla.11:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Profiles\default\bqp1zrbk.slt\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.12:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Profiles\default\bqp1zrbk.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
:mozilla.13:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Profiles\default\bqp1zrbk.slt\cookies.txt -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.14:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Profiles\default\bqp1zrbk.slt\cookies.txt -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.15:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Profiles\default\bqp1zrbk.slt\cookies.txt -> Spyware.Cookie.Advertising : Gesäubert mit Backup
:mozilla.16:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Profiles\default\bqp1zrbk.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Gesäubert mit Backup
:mozilla.17:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Profiles\default\bqp1zrbk.slt\cookies.txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
:mozilla.18:C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Profiles\default\bqp1zrbk.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@2o7[2].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@adtech[2].txt -> Spyware.Cookie.Adtech : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@axa.addcontrol[2].txt -> Spyware.Cookie.Addcontrol : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Gesäubert mit Backup
C:\Programme\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Gesäubert mit Backup
C:\Programme\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Gesäubert mit Backup
D:\hijackthis\backups\backup-20050810-095438-263.dll -> Spyware.180Solutions : Gesäubert mit Backup

::Report Ende

Bei Panda gab es keinen Log, aber er hat auch 0 Fehler gefunden

Und hier der letzte Log von Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13:35:10, on 11.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonalPremium\AVGUARD.EXE
C:\Programme\AVPersonalPremium\AVESVC.EXE
C:\Programme\AVPersonalPremium\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\mHotkey.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\AVPersonalPremium\AVGNT.EXE
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\WINNT\system32\internat.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
D:\hijackthis\HijackThis.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\tonchkml32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
F1 - win.ini: run=C:\MOUSE\wmousecc.exe
F3 - REG:win.ini: load=c:\mouse\wbuttons.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [codfxrun] "C:\Programme\ATI Multimedia\codfx.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonalPremium\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programme\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0098F30E-04BE-4DC3-ACB0-B27CD800D969}: NameServer = 131.188.24.2,131.188.24.4,131.188.3.72
O17 - HKLM\System\CCS\Services\Tcpip\..\{607832D7-1598-4CB6-962A-2B6229D01EA2}: NameServer = 217.237.151.97 217.237.150.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{0098F30E-04BE-4DC3-ACB0-B27CD800D969}: NameServer = 131.188.24.2,131.188.24.4,131.188.3.72
O17 - HKLM\System\CS2\Services\Tcpip\..\{0098F30E-04BE-4DC3-ACB0-B27CD800D969}: NameServer = 131.188.24.2,131.188.24.4,131.188.3.72
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - AntiVir PersonalProducts GmbH. - C:\Programme\AVPersonalPremium\AVMAILC.EXE
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - AntiVir PersonalProducts GmbH - C:\Programme\AVPersonalPremium\AVGUARD.EXE
O23 - Service: AVE Service (AVEService) - AntiVir PersonalProducts GmbH - C:\Programme\AVPersonalPremium\AVESVC.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonalPremium\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Kannst du mir noch weiterhelfen?

Viele Grüße
Peter

von **Nikita** am 11.08.2005, 15:45

AboutBuster
Download Aboutbuster: http://www.spychecker.com/program/aboutbuster.html

Alle Dateien in einen Ordner entpacken
die Readme Datei lesen
starte in den abgesicherten Modus (XP/Win2000 "F8" druecken, wenn der PC bootet)

-----------------------------------------------------------
4. Klicke auf "Start".
(Warte bis der initiale ADS Scan fertig ist.)
5. Klicke "Yes", um zu erlauben, dass jede IE-Anwendung beendet wird.
(Warte bis der about:blank Scan fertig ist.)
6. Klicke auf "Ok", um den Scan nochmal laufen zu lassen.
7. Klicke auf "Yes", um zu erlauben, dass jede IE-Anwendung beendet wird.
8. Klicke auf "Yes", um die zweite Runde zu beginnen.
9. Klicke auf "Save log" (speichere das Logfile).
10. Klicke auf "Exit".

WinPFind-->poste alles
http://www.bleepingcomputer.com/files/winpfind.php
Anleitung: http://nikita.eddys-domain.de/winpfind.html

von **beder** am 11.08.2005, 22:43

Hallo nikita,

About Buster funktioniert bei mir leider nicht, er stürzt,nachdem ich den Scan starten will ab mit der Fehlermeldung:
run-time error 339
component comctl32.ocx or one of its dependencies not correctly registered: a file is missing or valid

Hier der Log von WinPFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2600.0000

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 13.11.2002 17:11:38 22744483 C:\Programme\Partition Magic Pro 7.0-FULL.exe
UPX! 13.11.2002 17:24:34 23141 C:\Programme\Partition Magic Pro v7 serial (1).exe
UPX! 13.11.2002 17:24:16 23141 C:\Programme\Partition Magic Pro v7 serial.exe
UPX! 13.11.2002 18:27:28 2829159 C:\Programme\Serials 2000 v7.1.exe

Checking %WinDir% folder...
aspack 23.05.2003 08:57:30 272897 C:\WINNT\mslogo.pif

Checking %System% folder...
Umonitor 19.06.2003 21:05:04 549648 C:\WINNT\SYSTEM32\RASDLG.DLL
winsync 04.10.2000 14:00:00 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts

Checking the Windows folder for system and hidden files within the last 60 days...
11.08.2005 21:12:38 54156 C:\WINNT\QTFont.qfn
30.07.2005 10:38:52 10820 C:\WINNT\Help\update.GID
08.08.2005 17:29:18 0 C:\WINNT\inf\oem19.inf
11.08.2005 21:15:10 1024 C:\WINNT\system32\config\default.LOG
11.08.2005 21:11:40 1024 C:\WINNT\system32\config\SAM.LOG
11.08.2005 21:10:26 1024 C:\WINNT\system32\config\SECURITY.LOG
11.08.2005 21:23:10 1024 C:\WINNT\system32\config\software.LOG
01.08.2005 14:57:08 336 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\ef134ee3-0824-4581-818e-b5965f22e485
01.08.2005 14:57:08 24 C:\WINNT\system32\Microsoft\Protect\S-1-5-18\Preferred
11.08.2005 21:12:06 6 C:\WINNT\Tasks\SA.DAT

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
20.11.2002 17:37:52 0 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dm.ini
09.06.2005 16:44:56 100280 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonalPremium\AVShlExt.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programme\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2004\sdshelex.dll"
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programme\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{441253c2-a0da-4e6e-924f-0024b4d06d9e}
= C:\Programme\T-Online\T-Online_Software_5\Banking\HbDokMan.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonalPremium\AVShlExt.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programme\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2004\sdshelex.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programme\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Programme\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\programme\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Programme\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINNT\system32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
ButtonText = ATI TV :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6224f700-cba3-4071-b251-47cb894244cd}
ButtonText = ICQ Pro : C:\Programme\ICQ\ICQ.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager mobsync.exe /logon
SoundMan SOUNDMAN.EXE
NeroCheck C:\WINNT\System32\NeroCheck.exe
Microsoft Works Update Detection C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
ATIPTA C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
codfxrun "C:\Programme\ATI Multimedia\codfx.exe"
CHotkey mHotkey.exe
QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime
iTunesHelper C:\Programme\iTunes\iTunesHelper.exe
TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
SSC_UserPrompt C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
ccApp "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
AVGCtrl "C:\Programme\AVPersonalPremium\AVGNT.EXE" /min
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
ToADiMon.exe C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
internat.exe internat.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11.08.2005 22:32:17

schönen Abend noch

Grüße
Peter

von **Nikita** am 11.08.2005, 22:58

ich kann nichts finden...wieso kommst du auf die Idee, dass der Trojan noch drauf ist ? Gibt es eine Meldung vom Antivirus ? welche?

Start -- Ausführen -- reinschreiben : cmd -- DOS wird sich öffnen

einzeln in das schwarze DOS-Fenster reinkopieren:

cd\
cd %windir%\system32
dir /a:-d /o:-d > %systemdrive%\system32.txt
start %systemdrive%\system32.txt
cls
exit

nun wird sich automatisch der Texteditor öffnen und alle Daten einzeigen, die sich auf dem PC befinden. Kopiere bitte nur die letzten 30 Tage raus.
Dann schliesse DOS und führe die gleiche Anweisungen aus für:

cd\
cd %temp%\
dir /a:-d /o:-d > %systemdrive%\systemtemp.txt
start %systemdrive%\systemtemp.txt
cls
exit

cd\
cd %windir%
dir /a:-d /o:-d > %systemdrive%\system.txt
start %systemdrive%\system.txt
cls
exit

cd\
dir /a:-d /o:-d > %systemdrive%\sys.txt
start %systemdrive%\sys.txt
cls
exit

von **Yvonne** am 11.08.2005, 22:58

Also Downloader.Trojan müsste doch eigentlich in TEMPORÄRE INTERNET DATEIEN sein, lösch mal deine Tämporare Internet Dateien- ALLE.

:wink:

von **beder** am 11.08.2005, 23:21

@Nikita:
Naja, mein PC ist unheimlich langsam, hängt sich wegen mangelndem Arebitsspeicher auf und Norton zeigt mir ständig an, dass der Downloader.Trojan neue Dateien erzeugt, die automatisch gelöscht werden (manche auch nicht), mag mir aber nicht die dafür verantwortliche Datei/deren Pfad nennen (eben nur,dass es Downloader.Trojan ist)
...kann man das irgendwie aus Norton rauskitzeln?

Hier die Einträge aus dem DOS-Fenster

Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Datentr„gernummer: 483E-E505

Verzeichnis von C:\WINNT\system32

11.08.2005 22:37 16.384 Perflib_Perfdata_7b4.dat
11.08.2005 17:07 16.384 Perflib_Perfdata_5a4.dat
11.08.2005 10:52 2.550 Uninstall.ico
11.08.2005 10:52 1.406 Help.ico
11.08.2005 10:51 1.718 Open.ico
11.08.2005 10:51 1.406 AddQuit.ico
11.08.2005 10:51 5.350 IE.ico
11.08.2005 10:51 9.470 Desktop.ico
11.08.2005 10:50 1.718 Quick.ico
10.08.2005 14:56 16.384 Perflib_Perfdata_3e4.dat
10.08.2005 10:21 16.384 Perflib_Perfdata_870.dat
10.08.2005 09:56 301.232 FNTCACHE.DAT
10.08.2005 09:37 16.384 Perflib_Perfdata_79c.dat
09.08.2005 17:45 16.384 Perflib_Perfdata_57c.dat
29.07.2005 21:07 73.728 asuninst.exe
23.07.2005 20:32 63 CONFIG.NT
22.07.2005 18:11 3.799 jupdate-1.5.0_04-b05.log

Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Datentr„gernummer: 483E-E505

Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp

11.08.2005 21:12 618 jusched.log
1 Datei(en) 618 Bytes
0 Verzeichnis(se), 3.477.504 Bytes frei

Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Datentr„gernummer: 483E-E505

Verzeichnis von C:\WINNT

11.08.2005 21:12 54.156 QTFont.qfn
11.08.2005 21:12 191.505 WindowsUpdate.log
11.08.2005 16:55 16.538 ntbtlog.txt
11.08.2005 16:52 32.456 SchedLgU.Txt
11.08.2005 12:28 1.441 WIN.INI
10.08.2005 14:53 1.409 QTFont.for
10.08.2005 12:59 9.654 mozver.dat
07.08.2005 18:52 779 CDEX.INI
02.08.2005 11:34 211 uno.ini
24.07.2005 18:10 173 CompLex4.INI
24.07.2005 18:08 302 inform.ini
23.07.2005 20:36 316.640 WMSysPr9.prx
23.07.2005 19:24 365 beatbox.INI
23.07.2005 19:24 149 muma2003.INI

Datentr„ger in Laufwerk C: ist Lokaler Datentr„ger
Datentr„gernummer: 483E-E505

Verzeichnis von C:\

11.08.2005 23:18 0 sys.txt
11.08.2005 23:18 11.226 system.txt
11.08.2005 23:17 304 systemtemp.txt
11.08.2005 23:14 100.701 system32.txt
11.08.2005 22:36 412.385.280 pagefile.sys

@ Yvonne: Die temporären Internetdateien habe ich schon gelöscht, hat leider nix gebracht...

Grüße
Peter

von **Nikita** am 12.08.2005, 10:33

ich kann weiterhin nichts erkennen

arbeite bitte den escan ab

http://nikita.eddys-domain.de/escan.html

von **beder** am 12.08.2005, 18:16

Hallo Nikita,

escan läuft gerade drüber und findet immer noch was...und außerdem habe ich festgestellt, dass mein Norton Quarantine Ordner ins unermessliche wächst (GBs...) und ich kann ihn nicht löschen, weder per Hand (Zugriff auf Dateien verweigert) noch per Killbox (could not delete)
Ist das die Wurzel allen Übels? Was kann man dagegen denn machen?

Escan-Log wird gepostet, sobald fertig...

Viele Grüße
Peter

von **beder** am 12.08.2005, 18:54

Der escan scheitert an den vom Downloader.Trojan erstellten .tmp-Dateien, weil er pro solche zum Scannen etwa 5-10 Sekunden braucht, was bei zigtausend Dateien eine Scanlänge von Wochen bedeuten würde...vielleicht sollte ich zuerst diesen Quarantine-Ordner löschen? Aber wie?

von **beder** am 12.08.2005, 18:55

HIer der Log bis dato....

Fri Aug 12 18:10:01 2005 => **********************************************************
Fri Aug 12 18:10:01 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Fri Aug 12 18:10:01 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Fri Aug 12 18:10:01 2005 => **********************************************************
Fri Aug 12 18:10:01 2005 => Version 6.6.7 (C:\bases_x\mwavscan.com)
Fri Aug 12 18:10:01 2005 => Log File: C:\bases_x\MWAV.LOG
Fri Aug 12 18:10:01 2005 => MWAV Registered: FALSE.
Fri Aug 12 18:10:01 2005 => MWAV Mode: Only Scan files.
Fri Aug 12 18:10:01 2005 => Command Line Options Given: /MEM /REG /STARTUP /SysFolder /SER /DRIVE /WaitToExit /SNOC
Fri Aug 12 18:10:09 2005 => Latest Date of files inside MWAV: 12 Aug 2005 11:36:00.
Fri Aug 12 18:10:16 2005 => AV Library Loaded...

Fri Aug 12 18:10:16 2005 => **********************************************************
Fri Aug 12 18:10:16 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Fri Aug 12 18:10:16 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Fri Aug 12 18:10:16 2005 =>
Fri Aug 12 18:10:16 2005 => Support: support@mwti.net
Fri Aug 12 18:10:16 2005 => Web: http://www.mwti.net
Fri Aug 12 18:10:16 2005 => **********************************************************
Fri Aug 12 18:10:16 2005 => Version 6.6.7 (C:\bases_x\mwavscan.com)
Fri Aug 12 18:10:16 2005 => Log File: C:\bases_x\MWAV.LOG
Fri Aug 12 18:10:16 2005 => User Account: Administrator
Fri Aug 12 18:10:16 2005 => Windows Root Folder: C:\WINNT
Fri Aug 12 18:10:16 2005 => Windows Sys32 Folder: C:\WINNT\system32
Fri Aug 12 18:10:16 2005 => OS: Windows NT
Fri Aug 12 18:10:18 2005 => Latest Date of files inside MWAV: 12 Aug 2005 11:36:00.

Fri Aug 12 18:10:18 2005 => Options Selected by User:
Fri Aug 12 18:10:18 2005 => Memory Check: Enabled
Fri Aug 12 18:10:18 2005 => Registry Check: Enabled
Fri Aug 12 18:10:18 2005 => StartUp Folder Check: Enabled
Fri Aug 12 18:10:18 2005 => System Folder Check: Enabled
Fri Aug 12 18:10:18 2005 => System Area Check: Disabled
Fri Aug 12 18:10:18 2005 => Services Check: Enabled
Fri Aug 12 18:10:18 2005 => Drive Check: Disabled
Fri Aug 12 18:10:18 2005 => All Drive Check :Enabled
Fri Aug 12 18:10:18 2005 => Folder Check: Disabled

Fri Aug 12 18:10:19 2005 => ***** Scanning Memory Files *****
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\System32\smss.exe
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\ntdll.dll
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\System32\sfcfiles.dll
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\SYSTEM32\CSRSS.EXE
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\CSRSRV.dll
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\basesrv.dll
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\winsrv.dll
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\USER32.DLL
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\KERNEL32.DLL
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\GDI32.DLL
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\advapi32.dll
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\RPCRT4.DLL
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\SYSTEM32\WINLOGON.EXE
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\MSVCRT.DLL
Fri Aug 12 18:10:19 2005 => Scanning File C:\WINNT\system32\USERENV.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\NDDEAPI.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\SFC.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\SECUR32.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\PROFMAP.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\NETAPI32.dll
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\NETRAP.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\SAMLIB.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\WS2_32.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\WS2HELP.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\WLDAP32.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\DNSAPI.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\WSOCK32.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\msgina.dll
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\SHELL32.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\SHLWAPI.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\COMCTL32.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\WINSTA.DLL
Fri Aug 12 18:10:20 2005 => Scanning File C:\WINNT\system32\WINMM.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\setupapi.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\wdmaud.drv
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\wintrust.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\CRYPT32.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\MSASN1.DLL
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\IMAGEHLP.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\ole32.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\mscat32.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\rsaenh.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\cscdll.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\WlNotify.dll
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\CERTCLI.DLL
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\ATL.DLL
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\WINSCARD.DLL
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\WINSPOOL.DRV
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\MPR.DLL
Fri Aug 12 18:10:21 2005 => Scanning File C:\WINNT\system32\cscui.dll
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\wzcdlg.dll
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\OLEAUT32.dll
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\WZCSAPI.DLL
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\CLBCATQ.DLL
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\msacm32.drv
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\MSACM32.dll
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\VERSION.dll
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\LZ32.DLL
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\msv1_0.dll
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\services.exe
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\UMPNPMGR.DLL
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\SCESRV.DLL
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\NTDSAPI.DLL
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\eventlog.dll
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\dhcpcsvc.dll
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\ICMP.DLL
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\IPHLPAPI.DLL
Fri Aug 12 18:10:22 2005 => Scanning File C:\WINNT\system32\MPRAPI.DLL
Fri Aug 12 18:10:23 2005 => Scanning File C:\WINNT\system32\ACTIVEDS.DLL
Fri Aug 12 18:10:23 2005 => Scanning File C:\WINNT\system32\ADSLDPC.DLL
Fri Aug 12 18:10:23 2005 => Scanning File C:\WINNT\system32\RTUTILS.DLL
Fri Aug 12 18:10:23 2005 => Scanning File C:\WINNT\system32\RASAPI32.DLL
Fri Aug 12 18:10:23 2005 => Scanning File C:\WINNT\system32\RASMAN.DLL
Fri Aug 12 18:10:23 2005 => Scanning File C:\WINNT\system32\TAPI32.DLL
Fri Aug 12 18:10:23 2005 => Scanning File C:\WINNT\system32\dnsrslvr.dll
Fri Aug 12 18:10:23 2005 => Scanning File C:\WINNT\system32\lmhsvc.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\dmserver.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\CFGMGR32.DLL
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\Srvsvc.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\wkssvc.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\CRYPTDLL.DLL
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\cryptsvc.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\psbase.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\seclogon.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\trkwks.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\browser.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\wmicore.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\system32\msafd.dll
Fri Aug 12 18:10:24 2005 => Scanning File C:\WINNT\System32\wshtcpip.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\lsass.exe
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\LSASRV.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\SAMSRV.DLL
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\msprivs.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\kerberos.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\netlogon.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\schannel.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\rsabase.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\scecli.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\polagent.dll
Fri Aug 12 18:10:25 2005 => Scanning File C:\WINNT\system32\MFC42U.DLL
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\system32\OAKLEY.DLL
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\system32\MFC42LOC.DLL
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\system32\dssenh.dll
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\system32\svchost.exe
Fri Aug 12 18:10:26 2005 => Scanning File c:\winnt\system32\rpcss.dll
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\system32\mswsock.dll
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\system32\AVSDA.DLL
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\System32\rnr20.dll
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\System32\winrnr.dll
Fri Aug 12 18:10:26 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\AdHndCnt.dll
Fri Aug 12 18:10:26 2005 => Scanning File C:\WINNT\system32\msi.dll
Fri Aug 12 18:10:27 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SNDSrvc.exe
Fri Aug 12 18:10:27 2005 => Scanning File C:\WINNT\system32\SymNeti.DLL
Fri Aug 12 18:10:27 2005 => Scanning File C:\WINNT\system32\MSVCP60.dll
Fri Aug 12 18:10:27 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SPBBC\SPBBCSvc.exe
Fri Aug 12 18:10:28 2005 => Scanning File C:\WINNT\system32\MSVCP71.dll
Fri Aug 12 18:10:28 2005 => Scanning File C:\WINNT\system32\MSVCR71.dll
Fri Aug 12 18:10:28 2005 => Scanning File C:\WINNT\system32\DBGHELP.DLL
Fri Aug 12 18:10:28 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccVrTrst.dll
Fri Aug 12 18:10:28 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccL30.dll
Fri Aug 12 18:10:28 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSet.dll
Fri Aug 12 18:10:28 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SPBBC\SPBBCEvt.dll
Fri Aug 12 18:10:28 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSetMgr.exe
Fri Aug 12 18:10:29 2005 => Scanning File C:\WINNT\system32\IMM32.DLL
Fri Aug 12 18:10:29 2005 => Scanning File C:\WINNT\system32\WTSAPI32.DLL
Fri Aug 12 18:10:29 2005 => Scanning File C:\WINNT\system32\UTILDLL.dll
Fri Aug 12 18:10:29 2005 => Scanning File C:\WINNT\system32\REGAPI.dll
Fri Aug 12 18:10:29 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSetEvt.dll
Fri Aug 12 18:10:29 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccEvtMgr.exe
Fri Aug 12 18:10:29 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SPBBC\SPBBCEVT.DLL
Fri Aug 12 18:10:29 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCLOGIN.DLL
Fri Aug 12 18:10:29 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCSETEVT.DLL
Fri Aug 12 18:10:29 2005 => Scanning File C:\PROGRA~1\NORTON~1\NAVEVENT.DLL
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\spoolsv.exe
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\SPOOLSS.DLL
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\localspl.dll
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\cnbjmon.dll
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\EBPMON2.DLL
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\pjlmon.dll
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\tcpmon.dll
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\usbmon.dll
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\win32spl.dll
Fri Aug 12 18:10:30 2005 => Scanning File C:\WINNT\system32\inetpp.dll
Fri Aug 12 18:10:31 2005 => Scanning File C:\Programme\AVPersonalPremium\AVGUARD.EXE
Fri Aug 12 18:10:31 2005 => Scanning File C:\Programme\AVPersonalPremium\GUARDMSG.DLL
Fri Aug 12 18:10:31 2005 => Scanning File C:\Programme\AVPersonalPremium\AVPREF.DLL
Fri Aug 12 18:10:31 2005 => Scanning File C:\Programme\AVPersonalPremium\SMTPLIB.DLL
Fri Aug 12 18:10:31 2005 => Scanning File C:\Programme\AVPersonalPremium\AVEWIN32.DLL
Fri Aug 12 18:10:31 2005 => Scanning File C:\Programme\AVPersonalPremium\AVESVC.EXE
Fri Aug 12 18:10:31 2005 => Scanning File C:\Programme\AVPersonalPremium\AVESVCR.DLL
Fri Aug 12 18:10:31 2005 => Scanning File C:\Programme\AVPersonalPremium\avpack32.dll
Fri Aug 12 18:10:32 2005 => Scanning File C:\Programme\AVPersonalPremium\unacev2.dll
Fri Aug 12 18:10:32 2005 => Scanning File C:\Programme\AVPersonalPremium\AVWUPSRV.EXE
Fri Aug 12 18:10:32 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\EPSON\EBAPI\SAgent2.exe
Fri Aug 12 18:10:33 2005 => Scanning File C:\WINNT\system32\EBAPI2.DLL
Fri Aug 12 18:10:33 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\EPSON\EBAPI\EBPLPT.DLL
Fri Aug 12 18:10:33 2005 => Scanning File c:\winnt\system32\es.dll
Fri Aug 12 18:10:34 2005 => Scanning File c:\winnt\system32\TxfAux.Dll
Fri Aug 12 18:10:34 2005 => Scanning File c:\winnt\system32\ntmssvc.dll
Fri Aug 12 18:10:35 2005 => Scanning File c:\winnt\system32\sens.dll
Fri Aug 12 18:10:35 2005 => Scanning File C:\WINNT\System32\comsvcs.dll
Fri Aug 12 18:10:36 2005 => Scanning File C:\WINNT\System32\MSDTCPRX.dll
Fri Aug 12 18:10:37 2005 => Scanning File C:\WINNT\System32\MTXCLU.DLL
Fri Aug 12 18:10:38 2005 => Scanning File C:\WINNT\System32\CLUSAPI.DLL
Fri Aug 12 18:10:38 2005 => Scanning File C:\WINNT\System32\RESUTILS.DLL
Fri Aug 12 18:10:38 2005 => Scanning File C:\WINNT\System32\NTMSDBA.dll
Fri Aug 12 18:10:38 2005 => Scanning File c:\winnt\system32\tapisrv.dll
Fri Aug 12 18:10:39 2005 => Scanning File c:\winnt\system32\rasmans.dll
Fri Aug 12 18:10:39 2005 => Scanning File c:\winnt\system32\netcfgx.dll
Fri Aug 12 18:10:39 2005 => Scanning File c:\winnt\system32\RASDLG.dll
Fri Aug 12 18:10:41 2005 => Scanning File c:\winnt\system32\netman.dll
Fri Aug 12 18:10:42 2005 => Scanning File C:\WINNT\System32\rastapi.dll
Fri Aug 12 18:10:42 2005 => Scanning File C:\WINNT\system32\NETSHELL.dll
Fri Aug 12 18:10:43 2005 => Scanning File C:\WINNT\System32\unimdm.tsp
Fri Aug 12 18:10:44 2005 => Scanning File C:\WINNT\System32\uniplat.dll
Fri Aug 12 18:10:44 2005 => Scanning File C:\WINNT\System32\WMI.dll
Fri Aug 12 18:10:44 2005 => Scanning File C:\WINNT\System32\NTMARTA.DLL
Fri Aug 12 18:10:45 2005 => Scanning File C:\WINNT\System32\kmddsp.tsp
Fri Aug 12 18:10:45 2005 => Scanning File C:\WINNT\System32\ndptsp.tsp
Fri Aug 12 18:10:45 2005 => Scanning File C:\WINNT\System32\ipconf.tsp
Fri Aug 12 18:10:46 2005 => Scanning File C:\WINNT\System32\h323.tsp
Fri Aug 12 18:10:46 2005 => Scanning File C:\WINNT\System32\rasppp.dll
Fri Aug 12 18:10:47 2005 => Scanning File C:\WINNT\System32\ntlsapi.dll
Fri Aug 12 18:10:47 2005 => Scanning File C:\WINNT\System32\raschap.dll
Fri Aug 12 18:10:48 2005 => Scanning File C:\WINNT\System32\rastls.dll
Fri Aug 12 18:10:49 2005 => Scanning File C:\WINNT\System32\CRYPTUI.dll
Fri Aug 12 18:10:50 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\EWIDOC~1.EXE
Fri Aug 12 18:10:51 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\lang.dll
Fri Aug 12 18:10:51 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\EWIDOG~1.EXE
Fri Aug 12 18:10:51 2005 => Scanning File C:\WINNT\system32\PSAPI.DLL
Fri Aug 12 18:10:51 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\FRAMEW~1.DLL
Fri Aug 12 18:10:52 2005 => Scanning File C:\WINNT\system32\comdlg32.dll
Fri Aug 12 18:10:52 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\gdiplus.dll
Fri Aug 12 18:10:52 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\CONFIG~1.DLL
Fri Aug 12 18:10:52 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\UPDATE~1.DLL
Fri Aug 12 18:10:53 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\wizard.dll
Fri Aug 12 18:10:53 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\engine.dll
Fri Aug 12 18:10:53 2005 => Scanning File C:\WINNT\system32\WININET.dll
Fri Aug 12 18:10:53 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\scan.dll
Fri Aug 12 18:10:54 2005 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Fri Aug 12 18:10:54 2005 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT32.DLL
Fri Aug 12 18:10:54 2005 => Scanning File C:\PROGRA~1\NORTON~1\IWP\NPFMntor.exe
Fri Aug 12 18:10:54 2005 => Scanning File C:\WINNT\system32\regsvc.exe
Fri Aug 12 18:10:54 2005 => Scanning File C:\WINNT\system32\MSTask.exe
Fri Aug 12 18:10:54 2005 => Scanning File C:\WINNT\system32\MSIDLE.DLL
Fri Aug 12 18:10:54 2005 => Scanning File C:\WINNT\system32\stisvc.exe
Fri Aug 12 18:10:54 2005 => Scanning File C:\WINNT\system32\STI.dll
Fri Aug 12 18:10:55 2005 => Scanning File C:\WINNT\System32\dc120usd.dll
Fri Aug 12 18:10:55 2005 => Scanning File C:\WINNT\system32\dc120.dll
Fri Aug 12 18:10:55 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Fri Aug 12 18:10:55 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcnet.dll
Fri Aug 12 18:10:56 2005 => Scanning File C:\WINNT\Explorer.EXE
Fri Aug 12 18:10:56 2005 => Scanning File C:\WINNT\system32\shim.dll
Fri Aug 12 18:10:56 2005 => Scanning File C:\WINNT\AppPatch\AcLayers.DLL
Fri Aug 12 18:10:56 2005 => Scanning File C:\WINNT\system32\SHDOCVW.DLL
Fri Aug 12 18:10:56 2005 => Scanning File C:\WINNT\System32\browseui.dll
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\system32\mydocs.dll
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\system32\ntshrui.dll
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\System32\ntlanman.dll
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\System32\NETUI0.DLL
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\System32\NETUI1.DLL
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\System32\webcheck.dll
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\system32\stobject.dll
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\system32\BATMETER.DLL
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\system32\POWRPROF.DLL
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\system32\INDICDLL.dll
Fri Aug 12 18:10:57 2005 => Scanning File C:\WINNT\System32\docprop2.dll
Fri Aug 12 18:10:58 2005 => Scanning File C:\WINNT\System32\MSVFW32.DLL
Fri Aug 12 18:10:58 2005 => Scanning File C:\WINNT\System32\AVIFIL32.DLL
Fri Aug 12 18:10:58 2005 => Scanning File C:\WINNT\system32\faxshell.dll
Fri Aug 12 18:10:58 2005 => Scanning File C:\WINNT\HKNTDLL.dll
Fri Aug 12 18:11:02 2005 => File C:\WINNT\HKNTDLL.dll tagged as not-a-virus:Monitor.Win32.Hooker.e. No Action Taken.

Fri Aug 12 18:11:02 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\SHELLH~1.DLL
Fri Aug 12 18:11:03 2005 => Scanning File C:\WINNT\system32\shdoclc.dll
Fri Aug 12 18:11:03 2005 => Scanning File C:\WINNT\System32\WBEM\WinMgmt.exe
Fri Aug 12 18:11:03 2005 => Scanning File C:\WINNT\System32\WBEM\wbemcomn.dll
Fri Aug 12 18:11:03 2005 => Scanning File C:\WINNT\System32\mspmspsv.exe
Fri Aug 12 18:11:04 2005 => Scanning File c:\winnt\system32\wuauserv.dll
Fri Aug 12 18:11:04 2005 => Scanning File C:\WINNT\system32\wuaueng.dll
Fri Aug 12 18:11:04 2005 => Scanning File C:\WINNT\system32\ADVPACK.dll
Fri Aug 12 18:11:04 2005 => Scanning File C:\WINNT\system32\SHFOLDER.dll
Fri Aug 12 18:11:04 2005 => Scanning File C:\WINNT\system32\ESENT.dll
Fri Aug 12 18:11:04 2005 => Scanning File C:\WINNT\system32\WINHTTP.dll
Fri Aug 12 18:11:04 2005 => Scanning File C:\WINNT\system32\Cabinet.dll
Fri Aug 12 18:11:04 2005 => Scanning File C:\WINNT\system32\mspatcha.dll
Fri Aug 12 18:11:04 2005 => Scanning File C:\WINNT\system32\msxml3.dll
Fri Aug 12 18:11:05 2005 => Scanning File C:\WINNT\system32\wups.dll
Fri Aug 12 18:11:05 2005 => Scanning File C:\WINNT\system32\wups2.dll
Fri Aug 12 18:11:05 2005 => Scanning File C:\WINNT\SOUNDMAN.EXE
Fri Aug 12 18:11:05 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WORKSS~1\WkUFind.exe
Fri Aug 12 18:11:05 2005 => Scanning File C:\WINNT\system32\MSVCR70.dll
Fri Aug 12 18:11:05 2005 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Fri Aug 12 18:11:06 2005 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\ATRPUIXX.DEU
Fri Aug 12 18:11:06 2005 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atipdsxx.dll
Fri Aug 12 18:11:06 2005 => Scanning File C:\WINNT\mHotkey.exe
Fri Aug 12 18:11:06 2005 => Scanning File C:\Programme\QuickTime\qttask.exe
Fri Aug 12 18:11:06 2005 => Scanning File C:\WINNT\system32\QuickTime.qts
Fri Aug 12 18:11:07 2005 => Scanning File C:\WINNT\system32\OLEPRO32.DLL
Fri Aug 12 18:11:07 2005 => Scanning File C:\WINNT\system32\ddraw.dll
Fri Aug 12 18:11:07 2005 => Scanning File C:\WINNT\system32\DCIMAN32.dll
Fri Aug 12 18:11:07 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTime3GPP.qtx
Fri Aug 12 18:11:07 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeAuthoring.qtx
Fri Aug 12 18:11:08 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeCapture.qtx
Fri Aug 12 18:11:08 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeEffects.qtx
Fri Aug 12 18:11:08 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeEssentials.qtx
Fri Aug 12 18:11:09 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeImage.qtx
Fri Aug 12 18:11:09 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeInternetExtras.qtx
Fri Aug 12 18:11:10 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeMPEG.qtx
Fri Aug 12 18:11:10 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeMPEG4.qtx
Fri Aug 12 18:11:11 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeMPEG4Authoring.qtx
Fri Aug 12 18:11:11 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeMusic.qtx
Fri Aug 12 18:11:11 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeStreaming.qtx
Fri Aug 12 18:11:12 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeStreamingAuthoring.qtx
Fri Aug 12 18:11:12 2005 => Scanning File C:\WINNT\system32\QuickTime\QuickTimeStreamingExtras.qtx
Fri Aug 12 18:11:13 2005 => Scanning File C:\Programme\iTunes\iTunesHelper.exe
Fri Aug 12 18:11:13 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Fri Aug 12 18:11:14 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccApp.exe
Fri Aug 12 18:11:14 2005 => Scanning File C:\Programme\Symantec\LiveUpdate\LuComServerPS_2_6.DLL
Fri Aug 12 18:11:14 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCALERT.DLL
Fri Aug 12 18:11:14 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCEMLPXY.DLL
Fri Aug 12 18:11:14 2005 => Scanning File C:\PROGRA~1\NORTON~1\CCIMSCAN.DLL
Fri Aug 12 18:11:14 2005 => Scanning File C:\WINNT\system32\ATL71.DLL
Fri Aug 12 18:11:14 2005 => Scanning File C:\PROGRA~1\NORTON~1\DEFALERT.DLL
Fri Aug 12 18:11:15 2005 => Scanning File C:\PROGRA~1\NORTON~1\IWP\IWP.DLL
Fri Aug 12 18:11:15 2005 => Scanning File C:\PROGRA~1\NORTON~1\NAVAPW32.DLL
Fri Aug 12 18:11:15 2005 => Scanning File C:\PROGRA~1\NORTON~1\apwutil.dll
Fri Aug 12 18:11:15 2005 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT32.DLL
Fri Aug 12 18:11:15 2005 => Scanning File C:\PROGRA~1\NORTON~1\NAVOPTRF.DLL
Fri Aug 12 18:11:16 2005 => Scanning File C:\WINNT\system32\SYMREDIR.DLL
Fri Aug 12 18:11:16 2005 => Scanning File C:\PROGRA~1\NORTON~1\STATUSHP.DLL
Fri Aug 12 18:11:16 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccProSub.dll
Fri Aug 12 18:11:16 2005 => Scanning File C:\Programme\Symantec\LiveUpdate\NetDetectController_2_6.DLL
Fri Aug 12 18:11:17 2005 => Scanning File C:\PROGRA~1\NORTON~1\NAVTasks.dll
Fri Aug 12 18:11:17 2005 => Scanning File C:\WINNT\System32\mstask.dll
Fri Aug 12 18:11:17 2005 => Scanning File C:\PROGRA~1\NORTON~1\NAVError.dll
Fri Aug 12 18:11:17 2005 => Scanning File C:\PROGRA~1\NORTON~1\apwcmdnt.dll
Fri Aug 12 18:11:17 2005 => Scanning File C:\PROGRA~1\NORTON~1\ccAVMail.dll
Fri Aug 12 18:11:17 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\AAdHnd.DLL
Fri Aug 12 18:11:17 2005 => Scanning File C:\WINNT\system32\RASADHLP.DLL
Fri Aug 12 18:11:18 2005 => Scanning File C:\PROGRA~1\NORTON~1\IWP\SymFWAgt.dll
Fri Aug 12 18:11:18 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccLogin.dll
Fri Aug 12 18:11:18 2005 => Scanning File C:\PROGRA~1\NORTON~1\IWP\ccFWSetg.dll
Fri Aug 12 18:11:18 2005 => Scanning File C:\PROGRA~1\NORTON~1\NAVOpts.dll
Fri Aug 12 18:11:18 2005 => Scanning File C:\PROGRA~1\NORTON~1\N32Exclu.dll
Fri Aug 12 18:11:19 2005 => Scanning File C:\PROGRA~1\NORTON~1\S32NAVO.DLL
Fri Aug 12 18:11:19 2005 => Scanning File C:\PROGRA~1\NORTON~1\NAVAPSCR.dll
Fri Aug 12 18:11:19 2005 => Scanning File C:\Programme\Symantec\LiveUpdate\ProductRegCom_2_6.DLL
Fri Aug 12 18:11:19 2005 => Scanning File C:\Programme\AVPersonalPremium\AVGNT.EXE
Fri Aug 12 18:11:19 2005 => Scanning File C:\WINNT\system32\MFC42.DLL
Fri Aug 12 18:11:19 2005 => Scanning File C:\Programme\AVPersonalPremium\AVGCMSG.DLL
Fri Aug 12 18:11:20 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
Fri Aug 12 18:11:20 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
Fri Aug 12 18:11:20 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ADialHlp.dll
Fri Aug 12 18:11:20 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ADialHRC.dll
Fri Aug 12 18:11:20 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MMSOSINQ.dll
Fri Aug 12 18:11:21 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MSYSTINQ.dll
Fri Aug 12 18:11:21 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MLIB32.dll
Fri Aug 12 18:11:21 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ADParmIF.dll
Fri Aug 12 18:11:21 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMRC.dll
Fri Aug 12 18:11:21 2005 => Scanning File C:\WINNT\system32\internat.exe
Fri Aug 12 18:11:21 2005 => Scanning File C:\WINNT\system32\wuauclt.exe
Fri Aug 12 18:11:22 2005 => Scanning File C:\WINNT\system32\wuaucpl.cpl
Fri Aug 12 18:11:22 2005 => Scanning File C:\WINNT\system32\MSIMG32.dll
Fri Aug 12 18:11:22 2005 => Scanning File C:\WINNT\system32\wucltui.dll
Fri Aug 12 18:11:22 2005 => Scanning File C:\Programme\iPod\bin\iPodService.exe
Fri Aug 12 18:11:25 2005 => Scanning File C:\escheck\eScanCheck110.exe
Fri Aug 12 18:11:25 2005 => Scanning File C:\WINNT\system32\MSVBVM60.DLL
Fri Aug 12 18:11:26 2005 => Scanning File C:\WINNT\system32\URLMON.DLL
Fri Aug 12 18:11:26 2005 => Scanning File C:\WINNT\System32\MSCOMCTL.OCX
Fri Aug 12 18:11:27 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
Fri Aug 12 18:11:28 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel_res.dll
Fri Aug 12 18:11:28 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADial.dll
Fri Aug 12 18:11:28 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToCnfAcM.dll
Fri Aug 12 18:11:28 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToCnfAMP.dll
Fri Aug 12 18:11:28 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MToCfPrf.dll
Fri Aug 12 18:11:29 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MACnfAcM.dll
Fri Aug 12 18:11:30 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MTolA132.dll
Fri Aug 12 18:11:30 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToDialer.dll
Fri Aug 12 18:11:31 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\WLaCSeH.dll
Fri Aug 12 18:11:31 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MDun32.dll
Fri Aug 12 18:11:31 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MADialer.dll
Fri Aug 12 18:11:32 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\guistartcenter.dll
Fri Aug 12 18:11:32 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\guisc_res.dll
Fri Aug 12 18:11:33 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MToCfPRC.dll
Fri Aug 12 18:11:33 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiRC.dll
Fri Aug 12 18:11:33 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\update_abocfg.dll
Fri Aug 12 18:11:34 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToDialRC.dll
Fri Aug 12 18:11:34 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MDun32RC.dll
Fri Aug 12 18:11:35 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\gui_res.dll
Fri Aug 12 18:11:35 2005 => Scanning File C:\WINNT\system32\mlang.dll
Fri Aug 12 18:11:35 2005 => Scanning File C:\WINNT\System32\mshtml.dll
Fri Aug 12 18:11:36 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\scrauth.dll
Fri Aug 12 18:11:36 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\ScrBlock.dll
Fri Aug 12 18:11:36 2005 => Scanning File c:\winnt\system32\jscript.dll
Fri Aug 12 18:11:36 2005 => Scanning File c:\winnt\system32\vbscript.dll
Fri Aug 12 18:11:37 2005 => Scanning File C:\WINNT\system32\macromed\flash\Flash.ocx
Fri Aug 12 18:11:38 2005 => Scanning File C:\WINNT\system32\MSLS31.DLL
Fri Aug 12 18:11:38 2005 => Scanning File C:\WINNT\system32\ddrawex.dll
Fri Aug 12 18:11:38 2005 => Scanning File C:\WINNT\system32\faxperf.dll
Fri Aug 12 18:11:38 2005 => Scanning File C:\WINNT\System32\rasctrs.dll
Fri Aug 12 18:11:38 2005 => Scanning File C:\WINNT\System32\rsvpperf.dll
Fri Aug 12 18:11:38 2005 => Scanning File C:\WINNT\system32\tapiperf.dll
Fri Aug 12 18:11:38 2005 => Scanning File C:\WINNT\system32\Perfctrs.dll
Fri Aug 12 18:11:38 2005 => Scanning File C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
Fri Aug 12 18:11:39 2005 => Scanning File C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
Fri Aug 12 18:11:40 2005 => Scanning File C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\profmgr_res.dll
Fri Aug 12 18:11:40 2005 => Scanning File C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\gui_res.dll
Fri Aug 12 18:11:40 2005 => Scanning File C:\Programme\Real\RealPlayer\RealPlay.exe
Fri Aug 12 18:11:42 2005 => Scanning File C:\WINNT\system32\PNCRT.dll
Fri Aug 12 18:11:43 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\rnms3270.dll
Fri Aug 12 18:11:44 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\Common\objb3201.dll
Fri Aug 12 18:11:44 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\RCAPLU~1\uisy3201.dll
Fri Aug 12 18:11:45 2005 => Scanning File C:\Programme\Real\RealPlayer\lang\gemctl_de.dll
Fri Aug 12 18:11:45 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\Common\pnrs3260.dll
Fri Aug 12 18:11:45 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\rnad3201.dll
Fri Aug 12 18:11:45 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\rnqu3270.dll
Fri Aug 12 18:11:46 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\setu3270.dll
Fri Aug 12 18:11:46 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\Plugins\httpfsys.dll
Fri Aug 12 18:11:47 2005 => Scanning File C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
Fri Aug 12 18:11:48 2005 => Scanning File C:\WINNT\system32\imgutil.dll
Fri Aug 12 18:11:48 2005 => Scanning File C:\WINNT\System32\mshtmled.dll
Fri Aug 12 18:11:48 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
Fri Aug 12 18:11:48 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\jpiexp32.dll
Fri Aug 12 18:11:48 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\jpishare.dll
Fri Aug 12 18:11:48 2005 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_0\bin\client\jvm.dll
Fri Aug 12 18:11:48 2005 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_0\bin\hpi.dll
Fri Aug 12 18:11:48 2005 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_0\bin\verify.dll
Fri Aug 12 18:11:48 2005 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_0\bin\java.dll
Fri Aug 12 18:11:49 2005 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_0\bin\zip.dll
Fri Aug 12 18:11:49 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\awt.dll
Fri Aug 12 18:11:49 2005 => Scanning File C:\WINNT\system32\D3DIM700.DLL
Fri Aug 12 18:11:49 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\fontmanager.dll
Fri Aug 12 18:11:49 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\deploy.dll
Fri Aug 12 18:11:49 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\RegUtils.dll
Fri Aug 12 18:11:49 2005 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\jpicom32.dll
Fri Aug 12 18:11:49 2005 => Scanning File C:\WINNT\system32\msjava.dll
Fri Aug 12 18:11:49 2005 => Scanning File C:\WINNT\system32\VMHELPER.DLL
Fri Aug 12 18:11:49 2005 => Scanning File C:\WINNT\system32\MSRATING.DLL
Fri Aug 12 18:11:50 2005 => Scanning File C:\WINNT\system32\msratelc.dll
Fri Aug 12 18:11:50 2005 => Scanning File C:\WINNT\System32\ACTXPRXY.DLL
Fri Aug 12 18:11:50 2005 => Scanning File C:\Programme\Netscape\Netscape\Netscp.exe
Fri Aug 12 18:11:50 2005 => Scanning File C:\Programme\Netscape\Netscape\xpcom.dll
Fri Aug 12 18:11:50 2005 => Scanning File C:\Programme\Netscape\Netscape\mozreg.dll
Fri Aug 12 18:11:50 2005 => Scanning File C:\Programme\Netscape\Netscape\nspr4.dll
Fri Aug 12 18:11:50 2005 => Scanning File C:\Programme\Netscape\Netscape\plc4.dll
Fri Aug 12 18:11:50 2005 => Scanning File C:\Programme\Netscape\Netscape\plds4.dll
Fri Aug 12 18:11:50 2005 => Scanning File C:\Programme\Netscape\Netscape\components\embedcomponents.dll
Fri Aug 12 18:11:50 2005 => Scanning File C:\Programme\Netscape\Netscape\js3250.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\components\msgMapi.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\msgbsutl.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\components\caps.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\components\xpc3250.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\components\xppref32.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\components\necko.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\zlib.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\components\qfaservices.dll
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\components\FULLSOFT.DLL
Fri Aug 12 18:11:51 2005 => Scanning File C:\Programme\Netscape\Netscape\components\appshell.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\gkwidget.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\gkgfx.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\rdf.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\profile.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\chrome.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\gkparser.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\uconv.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\ucharuti.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\urildr.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\jsloader.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\activation.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\gkgfxwin.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\docshell.dll
Fri Aug 12 18:11:52 2005 => Scanning File C:\Programme\Netscape\Netscape\components\js