Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Cannot access?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.03.2006, 05:59   #1
gloumer
 
Cannot access? - Standard

Cannot access?



Hallo!

Sitze gerade seit einigen STunden schon an einem Problem, das in diesem Forum bereits beschrieben wurde. Allerdings scheinen die beschriebenen Loesungen bei mir nicht zu funktionieren.
Das Problem auessert sich so, dass bestimmte Sites nicht aufgerufen werden koennen (bspw. google.com). Es erschschein eine Web site mit dem HInweis:

Cannot access ?
This is because your PC infected by SpyWare
Click here for Spyware Remover

Anbei ist das HJT log.
Danke fuer Eure Hilfe.

Logfile of HijackThis v1.99.1
Scan saved at 9:53:09 PM, on 3/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135617163\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1135617163\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\m?hta.exe
C:\PROGRA~1\MCROSO~1.NET\smss.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\common files\aol\1135617163\ee\aolssc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\JOAVER~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: (no name) - {E00AA18C-1243-1AB3-4CB4-63E489C579BD} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 2130706433 symantec.com
O1 - Hosts: 2130706433 securityresponse.symantec.com
O1 - Hosts: 2130706433 www.symantec.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54C2D6BC-682D-38DA-77E4-13834FD996B9} - C:\WINDOWS\System32\vvsht.dll (file missing)
O2 - BHO: (no name) - {54C2D6BE-6857-3ADD-77E5-6F8338DD96B9} - C:\WINDOWS\System32\vvsht.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {83C9C57C-43A8-6F94-E1EB-D50980326D49} - C:\WINDOWS\wkxfjjwy.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Search - {CBA021EA-A20F-E76C-E037-2C368B3AFDAD} - C:\WINDOWS\wkxfjjwy.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135617163\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1135617163\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1135617163\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [useful-soft] C:\WINDOWS\system32\wartsrv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yxa] C:\WINDOWS\System32\m?hta.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins002.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135356486828
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://delivery1.corvettemuseum.com/activex/AxisCamControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Alt 09.03.2006, 07:12   #2
stupormundi
 
Cannot access? - Standard

Cannot access?



Servus!
Lass´ mal folgende Datei
Zitat:
C:\WINDOWS\System32\m?hta.exe
bei http://virusscan.jotti.org/de und/oder http://www.virustotal.com/flash/index_en.html prüfen und poste das Ergebnis anschließend hier. Falls Du bei Jotti eine Fehlermeldung (0 bytes ...) bekommst, beende den zur Datei gehörenden Prozess und/oder deaktiviere temporär Deine Personal FireWall.
Sollte beides nichts bringen, kopiere die Datei in ein anderes Verzeichnis, benenne sie um und versuche es damit. Zum Auffinden versteckter Dateien nutze den link in meiner Signatur. Achte bei den angegebenen Dateinamen auf die genaue Schreibweise und den exakten Pfad!

Und zu HJT: Entpacke HJT in ein eigenes Verzeichnis - im Temporärordner wie derzeit bei Dir funktionieren die mitunter wichtigen Backups nicht!
stupormundi
__________________

__________________

Alt 09.03.2006, 13:24   #3
dartus
 
Cannot access? - Standard

Cannot access?



Hallo gloumer,

scanne ebenfalls diese Datei:

C:\PROGRA~1\MCROSO~1.NET\smss.exe

dartus

Hi stupermondi
__________________
__________________

Alt 09.03.2006, 13:29   #4
stupormundi
 
Cannot access? - Standard

Cannot access?



Thanx dartus, die habe ich voll übersehen!
(Steht eh gleich daneben!)
stupormundi
__________________
Unsichtbare Dateien suchen: Sehr gute Anleitung von Rene-gad:
WICHTIG: Alle aktiven links editieren (http-->h**p) und persönliche Informationen aus den Logfiles entfernen
Kein Support via PN - sorry!

Alt 09.03.2006, 13:35   #5
felix1
/// Helfer-Team
 
Cannot access? - Standard

Cannot access?



Und wenn einmal bei Jotti, dann das auch noch prüfen lassen:
C:\WINDOWS\system32\wartsrv.exe

Könnte das sein:
http://www.sophos.de/virusinfo/analy...startpawb.html

__________________
LG

Der Felix

Keine Hilfe per PN und E-Mail

Alt 09.03.2006, 13:38   #6
dartus
 
Cannot access? - Standard

Cannot access?



Hallo felix1,

den hatte ich schon erkannt.
Erstmal warten was das Scanergebnis bringt.

dartus
__________________
--> Cannot access?

Alt 09.03.2006, 13:38   #7
stupormundi
 
Cannot access? - Standard

Cannot access?



Hallo @all!
Nicht dass ihr jetzt glaubt, ich hätte alle übersehen ...

Aber bei der letzten Datei bin ich mir eh schon sicher gewesen - dachte allerdings mehr an einen Highjacker!

lg, stupormundi
__________________
Unsichtbare Dateien suchen: Sehr gute Anleitung von Rene-gad:
WICHTIG: Alle aktiven links editieren (http-->h**p) und persönliche Informationen aus den Logfiles entfernen
Kein Support via PN - sorry!

Alt 11.03.2006, 02:30   #8
gloumer
 
Cannot access? - Standard

Cannot access?



Danke fuer Eure Hilfe.

Hier ist das Ergebnis fuer wartsrv.exe.
Ich konnte die Datei C:\PROGRA~1\MCROSO~1.NET\smss.exe nicht finden.
Das gleich gilt fuer C:\WINDOWS\System32\m?hta.exe. Ich habe lediglich die mshta.exe gefunden und sie war sauber.
Die wartsrv.exe habe ich soweit umbenannt und verschoben. Ist das Problem mit dieser Datei damit geloest?

Datei: wartsrv.exe
Auslastung: 0% 100%

Status: INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme: PE_PATCH.PRJ, UPX

AntiVir Trojan/Click.Qhost.U.1 gefunden
ArcaVir Keine Viren gefunden
Avast Keine Viren gefunden
AVG Antivirus Clicker.BSK gefunden
BitDefender Trojan.Clicker.Qhost.J gefunden
ClamAV Keine Viren gefunden
Dr.Web Trojan.StartPage.1251 gefunden
F-Prot Antivirus W32/Downloader.RYF gefunden
Fortinet Adware/QHOSTS gefunden
Kaspersky Anti-Virus Trojan-Clicker.Win32.Qhost.u gefunden
NOD32 a variant of Win32/StartPage.ABJ gefunden
Norman Virus Control W32/Qhost.CH gefunden
UNA Keine Viren gefunden
VirusBuster Keine Viren gefunden
VBA32 Trojan-Clicker.Win32.Qhost.u gefunden

Alt 11.03.2006, 11:26   #9
felix1
/// Helfer-Team
 
Cannot access? - Standard

Cannot access?



Den ersten haben wir schon mal, wie ich vermutet habe:
http://www.sophos.de/virusinfo/analy...ojqhostsu.html

Installiere Clearprog, rufe es auf und setze den Haken bei alles löschen und dann Löschen drücken.
http://www.clearprog.de/
Lade und update Ad-aware sowie Spybot S&D und lasse die Programme laufen.
Mit Spybot immunisieren
http://www.comsafe.de/download.html

Lade RegSeeker
Sichern vor Löschen anhaken und nur die grünen Funde entfernen!

Dann lasse den PC mal hier online scannen und teile das Ergebnis mit.
Weiterhin prüfe den PC noch mit diesem Tool und teile das Ergebnis mit.

Dann nochmals ein HJT-Logfile.
__________________
LG

Der Felix

Keine Hilfe per PN und E-Mail

Alt 11.03.2006, 16:39   #10
gloumer
 
Cannot access? - Standard

Cannot access?



Ok, habe die gruenen Entries aus der Registry entfernet.
F-Secure Blacklight hat nichts gefunden.
kaspersky Active-X hat sich leider nicht installieren lassen. Ich komme immer wieder zu der Datenschutzerklaerung ohne die Moeglichkeit diese zu bestaetigen.

Hier ist das HJT file

Logfile of HijackThis v1.99.1
Scan saved at 8:38:42 AM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135617163\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1135617163\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\m?hta.exe
C:\PROGRA~1\AMERIC~2.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\AMERIC~2.0\shellmon.exe
C:\PROGRA~1\MCROSO~1.NET\smss.exe
c:\program files\common files\aol\1135617163\ee\aolssc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Jo A Verne\Desktop\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: (no name) - {E00AA18C-1243-1AB3-4CB4-63E489C579BD} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54C2D6BC-682D-38DA-77E4-13834FD996B9} - (no file)
O2 - BHO: (no name) - {54C2D6BE-6857-3ADD-77E5-6F8338DD96B9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {83C9C57C-43A8-6F94-E1EB-D50980326D49} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Search - {CBA021EA-A20F-E76C-E037-2C368B3AFDAD} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135617163\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1135617163\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1135617163\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yxa] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~2.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\MCROSO~1.NET\smss.exe" -vt ndrv
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135356486828
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://delivery1.corvettemuseum.com/activex/AxisCamControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Alt 11.03.2006, 16:44   #11
felix1
/// Helfer-Team
 
Cannot access? - Standard

Cannot access?



Lasse diese Datei:
C:\PROGRA~1\MCROSO~1.NET\smss.exe
bei Jotti prüfen.
Was ist mit ad-adaware und S&D?
__________________
LG

Der Felix

Keine Hilfe per PN und E-Mail

Alt 12.03.2006, 01:17   #12
gloumer
 
Cannot access? - Standard

Cannot access?



Die Datei smss.exe exisitiert nicht im Verzeichnis C:\PROGRA~1\MCROSO~1.NET\
Ich nehme an ich kann den Eintrag mit HJT fixen.

Spybot S&D findet nichts. Ad-Aware log file ist anbei

MRU List Object Recognized!
Location: : C:\Documents and Settings\Jo A Verne\Application Data\microsoft\office\recent
Description :

MRU List Object Recognized!
Location: : C:\Documents and Settings\Jo A Verne\recent
Description :

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description :

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description :

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description :

MRU List Object Recognized!
Location: : S-1-5-21-2155972505-615812018-4258888628-1006\software\microsoft\internet explorer
Description :

MRU List Object Recognized!
Location: : S-1-5-21-2155972505-615812018-4258888628-1006\software\microsoft\internet explorer\typedurls
Description :

MRU List Object Recognized!
Location: : S-1-5-21-2155972505-615812018-4258888628-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description :

MRU List Object Recognized!
Location: : S-1-5-21-2155972505-615812018-4258888628-1006\software\microsoft\search assistant\acmru
Description :


MRU List Object Recognized!
Location: : S-1-5-21-2155972505-615812018-4258888628-1006\software\microsoft\windows\currentversion\applets\regedit
Description :


MRU List Object Recognized!
Location: : S-1-5-21-2155972505-615812018-4258888628-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description :


MRU List Object Recognized!
Location: : S-1-5-21-2155972505-615812018-4258888628-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description :


MRU List Object Recognized!
Location: : S-1-5-21-2155972505-615812018-4258888628-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description :

Alt 12.03.2006, 01:18   #13
gloumer
 
Cannot access? - Standard

Cannot access?



Fortsetzung ad-aware

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 564
ThreadCreationTime : 3-11-2006 3:18:20 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 3-11-2006 3:18:21 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 808
ThreadCreationTime : 3-11-2006 3:18:24 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 3-11-2006 3:18:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 3-11-2006 3:18:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 3-11-2006 3:18:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1076
ThreadCreationTime : 3-11-2006 3:18:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1248
ThreadCreationTime : 3-11-2006 3:18:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1380
ThreadCreationTime : 3-11-2006 3:18:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1488
ThreadCreationTime : 3-11-2006 3:18:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1664
ThreadCreationTime : 3-11-2006 3:18:32 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1740
ThreadCreationTime : 3-11-2006 3:18:32 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1796
ThreadCreationTime : 3-11-2006 3:18:33 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1876
ThreadCreationTime : 3-11-2006 3:18:34 PM
BasePriority : Normal
FileVersion : 6.0.2.211
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2005 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:15 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1904
ThreadCreationTime : 3-11-2006 3:18:34 PM
BasePriority : Normal
FileVersion : 2,0,0,73
ProductVersion : 2,0,0,73
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:16 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1924
ThreadCreationTime : 3-11-2006 3:18:34 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 3-11-2006 3:18:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:18 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1236
ThreadCreationTime : 3-11-2006 3:18:44 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:19 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1272
ThreadCreationTime : 3-11-2006 3:18:44 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed(TM) Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed(TM) Monitor
InternalName : AOL TopSpeed(TM) Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:20 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1300
ThreadCreationTime : 3-11-2006 3:18:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:21 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1352
ThreadCreationTime : 3-11-2006 3:18:45 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:22 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1408
ThreadCreationTime : 3-11-2006 3:18:45 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed(TM)
CompanyName : America Online Inc
FileDescription : AOL TopSpeed(TM)
InternalName : AOL TopSpeed(TM) Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed(TM)
OriginalFilename : aoltpspd.exe

#:23 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 1496
ThreadCreationTime : 3-11-2006 3:18:48 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:24 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 976
ThreadCreationTime : 3-11-2006 3:18:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1988
ThreadCreationTime : 3-11-2006 3:18:49 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 688
ThreadCreationTime : 3-11-2006 3:18:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:27 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 988
ThreadCreationTime : 3-11-2006 3:18:54 PM
BasePriority : Normal
FileVersion : 6.00.3215.0
ProductVersion : 6.00.3215.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © Microsoft Corporation 1987-2001. All rights reserved.
OriginalFilename : WkUFind.exe

Alt 12.03.2006, 01:18   #14
gloumer
 
Cannot access? - Standard

Cannot access?



Fortsetzung ad-aware


#:28 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1124
ThreadCreationTime : 3-11-2006 3:18:54 PM
BasePriority : Normal
FileVersion : 3,0,0,1715
ProductVersion : 7,0,0,1715
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:29 [bcmsmmsg.exe]
FilePath : C:\WINDOWS\
ProcessID : 1132
ThreadCreationTime : 3-11-2006 3:18:54 PM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe

#:30 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 932
ThreadCreationTime : 3-11-2006 3:18:54 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:31 [mm_tray.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1336
ThreadCreationTime : 3-11-2006 3:18:54 PM
BasePriority : Normal
FileVersion : 7.10.4053
ProductVersion : 7.10.4053
ProductName : MUSICMATCH JUKEBOX
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright (c) MUSICMATCH 1998-2001
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:32 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 1560
ThreadCreationTime : 3-11-2006 3:18:55 PM
BasePriority : Normal
FileVersion : 5.2.0.91
ProductVersion : 5.2.0.91
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright (c) 2001-2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:33 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2060
ThreadCreationTime : 3-11-2006 3:18:55 PM
BasePriority : Normal
FileVersion : 104.0.4.3
ProductVersion : 104.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:34 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1135617163\ee\
ProcessID : 2076
ThreadCreationTime : 3-11-2006 3:18:55 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:35 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 2128
ThreadCreationTime : 3-11-2006 3:18:56 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe

#:36 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2152
ThreadCreationTime : 3-11-2006 3:18:56 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:37 [aolsp scheduler.exe]
FilePath : C:\Program Files\Common Files\AOL\1135617163\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\
ProcessID : 2264
ThreadCreationTime : 3-11-2006 3:18:56 PM
BasePriority : Normal


#:38 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 2524
ThreadCreationTime : 3-11-2006 3:18:58 PM
BasePriority : Normal


#:39 [m?hta.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2624
ThreadCreationTime : 3-11-2006 3:19:00 PM
BasePriority : Normal


#:40 [waol.exe]
FilePath : C:\PROGRA~1\AMERIC~2.0\
ProcessID : 2688
ThreadCreationTime : 3-11-2006 3:19:01 PM
BasePriority : Idle


#:41 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 3120
ThreadCreationTime : 3-11-2006 3:19:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2001
OriginalFilename : TestLine.exe

#:42 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 3228
ThreadCreationTime : 3-11-2006 3:19:04 PM
BasePriority : Normal
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:43 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 3616
ThreadCreationTime : 3-11-2006 3:19:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:44 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 2748
ThreadCreationTime : 3-11-2006 3:19:54 PM
BasePriority : Normal
FileVersion : 2006.1.3.2
ProductVersion : 2006.1.3
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:45 [shellmon.exe]
FilePath : C:\PROGRA~1\AMERIC~2.0\
ProcessID : 2952
ThreadCreationTime : 3-11-2006 3:20:27 PM
BasePriority : Normal


#:46 [smss.exe]
FilePath : C:\PROGRA~1\MCROSO~1.NET\
ProcessID : 3556
ThreadCreationTime : 3-11-2006 3:21:00 PM
BasePriority : Normal


#:47 [aolssc.exe]
FilePath : c:\program files\common files\aol\1135617163\ee\
ProcessID : 2544
ThreadCreationTime : 3-11-2006 3:24:16 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:48 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3452
ThreadCreationTime : 3-11-2006 3:25:46 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:49 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3980
ThreadCreationTime : 3-11-2006 3:26:03 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:50 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2812
ThreadCreationTime : 3-11-2006 3:26:05 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:51 [hijackthis.exe]
FilePath : C:\Documents and Settings\Jo A Verne\Desktop\antivirus\
ProcessID : 3412
ThreadCreationTime : 3-11-2006 3:54:22 PM
BasePriority : Normal
FileVersion : 1.99.0001
ProductVersion : 1.99.0001
ProductName : HijackThis
CompanyName : Soeperman Enterprises Ltd.
FileDescription : HijackThis
InternalName : HijackThis
LegalCopyright : Freeware
OriginalFilename : HijackThis.exe
Comments : Version history is in Help section

#:52 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1968
ThreadCreationTime : 3-11-2006 3:54:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:53 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3308
ThreadCreationTime : 3-11-2006 3:56:14 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jo a verne@oinadserve[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:jo a verne@oinadserve.com/
Expires : 12-31-2020 5:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jo a verne@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:jo a verne@z1.adserver.com/
Expires : 3-11-2007 8:52:02 AM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jo a verne@~~local~~[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:23
Value : Cookie:jo a verne@~~local~~/
Expires : 3-25-2006 7:55:42 AM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jo a verne@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:jo a verne@2o7.net/
Expires : 3-10-2011 8:43:04 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jo a verne@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:jo a verne@zedo.com/
Expires : 4-10-2006 8:27:02 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 18



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 18




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

9:20:24 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:56.94
Objects scanned:149370
Objects identified:5
Objects ignored:0
New critical objects:5

Antwort

Themen zu Cannot access?
adobe, antivirus, bho, drivers, explorer, forum, hijack, hijackthis, infected, internet, internet explorer, messenger, microsoft, monitor, problem, protection center, realplayer, security, settings manager, symantec, system, system32, temp, update, urlsearchhook, userinit, windows, windows xp




Ähnliche Themen: Cannot access?


  1. www.google.de access restricted
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (5)
  2. w32 zero access entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (16)
  3. google.de access restricted!
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (24)
  4. Trojaner O.access
    Log-Analyse und Auswertung - 02.01.2013 (22)
  5. Zero-Access Befall
    Log-Analyse und Auswertung - 01.10.2012 (35)
  6. (2x) Das Leben danach - Zero/Access
    Mülltonne - 23.09.2012 (3)
  7. AVG Zero.Access Remover
    Anleitungen, FAQs & Links - 28.04.2012 (0)
  8. Trojaner Generic 27 - Zero Access
    Plagegeister aller Art und deren Bekämpfung - 28.02.2012 (37)
  9. Dialer Instant Access
    Log-Analyse und Auswertung - 21.10.2008 (15)
  10. ZoneAlarm log access
    Antiviren-, Firewall- und andere Schutzprogramme - 07.04.2006 (6)
  11. Broken Internet access ??
    Log-Analyse und Auswertung - 04.01.2005 (2)
  12. O10 - Hijacked Internet access by New.Net
    Log-Analyse und Auswertung - 03.01.2005 (3)
  13. Access violation
    Archiv - 18.01.2003 (4)
  14. Access-Online-Grundkurs???
    Alles rund um Windows - 16.01.2003 (0)

Zum Thema Cannot access? - Hallo! Sitze gerade seit einigen STunden schon an einem Problem, das in diesem Forum bereits beschrieben wurde. Allerdings scheinen die beschriebenen Loesungen bei mir nicht zu funktionieren. Das Problem auessert - Cannot access?...
Archiv
Du betrachtest: Cannot access? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.