Hallo,

ich habe ein Problem, dass es glaube ich schon öfter gab, konnte aber keine Lösung finden, die mir geholfen hätte. Habe gestern einen Trojaner entfernt (FakeAlert B) und die entfernung war auch erfolgreich (keine Spybot oder CWshredder Meldungen). Jetzt ist die Startseite des IE aber nicht mehr zu ändern. IE geht immer auf die MSN Seite (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome).

Hier mal meine HijackThis Log, die aber o.k. sein sollte:

Logfile of HijackThis v1.99.1
Scan saved at 11:14:11, on 05.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\programme\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Programme\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\ThinkPad\Utilities\TpKmapMn.exe
C:\Programme\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programme\Network Associates\VirusScan\Webscanx.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programme\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ThinkPad\Utilities\TpKmapMn.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programme\Freecom Personal Media Suite\FCPMS.exe
C:\Programme\DTV\RC.exe
c:\programme\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Lars\Desktop\HIJACKthis1.99\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Programme\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Programme\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLPSP] "c:\programme\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Programme\Freecom Personal Media Suite\FCPMS.exe
O4 - Startup: RC.lnk = C:\Programme\DTV\RC.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{929AB7C6-796E-42A9-B2B0-B28E343B3372}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF053F4E-B24D-4638-9EB1-7A0A40F9D380}: NameServer = 143.93.107.10,143.93.111.10,
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\programme\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\programme\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: McShield - Unknown owner - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Scanne Dein System mit F-Secure Blacklight und poste das Log.
Prüfe Dein System mit Ewido Antimalware 3.5 Link dazu http://www.ewido.net/de/

Felix,

F-Secure: No hidden items found


ewido anti-spyware:

---------------------------------------------------------
ewido anti-spyware - Scan-Bericht
---------------------------------------------------------

+ Erstellt um: 14:49:56 05.07.2006

+ Scan-Ergebnis:



C:\Eigene Dateien\Temp\backups\backup-20050202-164041-795.dll -> Adware.BiSpy : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Eigene Dateien\Temp\backups\backup-20050202-164041-688.dll -> Adware.IPInsight : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Eigene Dateien\Präsentationen\IsoTechnica Berner\SandStat-Demo\Installation\program files\SandStat\NEWDOT~2.DLL -> Adware.NewDotNet : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Eigene Dateien\Temp\backups\backup-20050202-164041-824.dll -> Adware.NewDotNet : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP1\A0000101.exe -> Downloader.Zlob.ws : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Dokumente und Einstellungen\Lars\Cookies\lars@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
C:\Dokumente und Einstellungen\Lars\Cookies\lars@doubleclick[1].txt -> TrackingCookie.Doubleclick : Gesäubert.
C:\Dokumente und Einstellungen\Lars\Cookies\lars@as1.falkag[2].txt -> TrackingCookie.Falkag : Gesäubert.
C:\Dokumente und Einstellungen\Lars\Cookies\lars@ivwbox[1].txt -> TrackingCookie.Ivwbox : Gesäubert.
C:\Dokumente und Einstellungen\Lars\Cookies\lars@weborama[1].txt -> TrackingCookie.Weborama : Gesäubert.


::Berichtende

Problem noch immer vorhanden!

Lade Dir, update es und führe es aus:
http://www.lavasoft.de/german/software/adaware/

Log File Ad-Aware SE:

TEIL 1

Ad-Aware SE Build 1.06r1
Logfile Created on:Mittwoch, 5. Juli 2006 15:53:02
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R113 28.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


05.07.2006 15:53:02 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 852
ThreadCreationTime : 05.07.2006 08:34:46
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 05.07.2006 08:34:49
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 05.07.2006 08:34:49
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 05.07.2006 08:34:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 05.07.2006 08:34:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ibmpmsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1168
ThreadCreationTime : 05.07.2006 08:34:50
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 05.07.2006 08:34:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1304
ThreadCreationTime : 05.07.2006 08:34:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1420
ThreadCreationTime : 05.07.2006 08:34:57
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [s24evmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1540
ThreadCreationTime : 05.07.2006 08:34:59
BasePriority : Normal
FileVersion : 7, 1, 3, 0
ProductVersion : 7, 1, 3, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2004 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1652
ThreadCreationTime : 05.07.2006 08:35:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1808
ThreadCreationTime : 05.07.2006 08:35:00
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 204
ThreadCreationTime : 05.07.2006 08:35:01
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [avsynmgr.exe]
FilePath : C:\Programme\Network Associates\VirusScan\
ProcessID : 308
ThreadCreationTime : 05.07.2006 08:35:01
BasePriority : Normal


#:15 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 324
ThreadCreationTime : 05.07.2006 08:35:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [cdac11ba.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 356
ThreadCreationTime : 05.07.2006 08:35:02
BasePriority : Normal
FileVersion : 4.20.020
ProductVersion : 4.20.020 Windows NT 2002/12/10
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:17 [dlsdbnt.exe]
FilePath : c:\programme\dell printers\Additional Color Laser Software\Status Monitor\
ProcessID : 412
ThreadCreationTime : 05.07.2006 08:35:02
BasePriority : Normal
FileVersion : 1.000.403.12
ProductVersion : 1.000.000.00
ProductName : Dell Status Monitor Service
CompanyName : Dell Inc.
FileDescription : Status Database
InternalName : DLSDBNT
LegalCopyright : Copyright (c) 2004. All rights reserved.
OriginalFilename : DLSDBNT.EXE

#:18 [rrpcsb.exe]
FilePath : C:\Programme\IBM\IBM Rapid Restore Ultra\
ProcessID : 504
ThreadCreationTime : 05.07.2006 08:35:03
BasePriority : Normal
FileVersion : 4,0,0,4026
ProductVersion : 4,0,0,4026
ProductName : rrpcsb Module
FileDescription : rrpcsb Module
InternalName : rrpcsb
LegalCopyright : Copyright 2002
OriginalFilename : rrpcsb.EXE

#:19 [vsstat.exe]
FilePath : C:\Programme\Network Associates\VirusScan\
ProcessID : 628
ThreadCreationTime : 05.07.2006 08:35:04
BasePriority : Normal


#:20 [qconsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 652
ThreadCreationTime : 05.07.2006 08:35:04
BasePriority : Normal
FileVersion : 3, 3, 0, 0
ProductVersion : 3, 3, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Service Component.
InternalName : QConSvc
LegalCopyright : Copyright (C) IBM Corp. 2001, 2004
OriginalFilename : QConSvc.Exe
Comments : IBM Access Connections Component.

#:21 [vshwin32.exe]
FilePath : C:\Programme\Network Associates\VirusScan\
ProcessID : 752
ThreadCreationTime : 05.07.2006 08:35:04
BasePriority : Normal


#:22 [regsrvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 796
ThreadCreationTime : 05.07.2006 08:35:04
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:23 [smagent.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 1380
ThreadCreationTime : 05.07.2006 08:35:05
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:24 [tpkmpsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 05.07.2006 08:35:06
BasePriority : Normal


#:25 [tpkmapmn.exe]
FilePath : C:\Programme\ThinkPad\Utilities\
ProcessID : 1232
ThreadCreationTime : 05.07.2006 08:35:06
BasePriority : Normal


#:26 [tpkmapmn.exe]
FilePath : C:\Programme\ThinkPad\Utilities\
ProcessID : 1576
ThreadCreationTime : 05.07.2006 08:35:06
BasePriority : Normal


#:27 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 05.07.2006 08:35:06
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:28 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1680
ThreadCreationTime : 05.07.2006 08:35:07
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:29 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1724
ThreadCreationTime : 05.07.2006 08:35:07
BasePriority : Normal
FileVersion : 6.5.725.000
ProductVersion : 6.5.725.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:30 [tp4serv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 05.07.2006 08:35:09
BasePriority : Normal
FileVersion : 3.12
ProductVersion : 3.12
ProductName : IBM PS/2 TrackPoint Support
CompanyName : IBM Corporation
FileDescription : IBM PS/2 TrackPoint Daemon
InternalName : daemon.exe
LegalCopyright : Copyright (C) IBM Corporation 1997-2003
OriginalFilename : daemon.exe

#:31 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 05.07.2006 08:35:09
BasePriority : Normal
FileVersion : 3.0.0.3879
ProductVersion : 7.0.0.3879
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:32 [tpshocks.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 780
ThreadCreationTime : 05.07.2006 08:35:09
BasePriority : Normal


#:33 [avconsol.exe]
FilePath : C:\Programme\Network Associates\VirusScan\
ProcessID : 808
ThreadCreationTime : 05.07.2006 08:35:09
BasePriority : Normal


#:34 [tphkmgr.exe]
FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 820
ThreadCreationTime : 05.07.2006 08:35:09
BasePriority : Above Normal


#:35 [webscanx.exe]
FilePath : C:\Programme\Network Associates\VirusScan\
ProcessID : 880
ThreadCreationTime : 05.07.2006 08:35:10
BasePriority : Normal


#:36 [ezejmnap.exe]
FilePath : C:\PROGRA~1\ThinkPad\UTILIT~1\
ProcessID : 896
ThreadCreationTime : 05.07.2006 08:35:10
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : IBM ThinkPad EasyEject Support Application
CompanyName : IBM Corp.
FileDescription : IBM ThinkPad EasyEject Support Application
InternalName : IBM ThinkPad EasyEject Support Application
LegalCopyright : Copyright (C) IBM Corp. 2002,2004.
OriginalFilename : EzEjMnAp.EXE

#:37 [tponscr.exe]
FilePath : C:\Programme\ThinkPad\PkgMgr\HOTKEY\
ProcessID : 928
ThreadCreationTime : 05.07.2006 08:35:10
BasePriority : Normal


#:38 [tpscrex.exe]
FilePath : C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\
ProcessID : 1068
ThreadCreationTime : 05.07.2006 08:35:10
BasePriority : Normal
FileVersion : 1.06
ProductVersion : 1.06
ProductName : ThinkPad UltraZoom
CompanyName : IBM Corporation
FileDescription : ThinkPad UltraZoom
InternalName : TPSCREX
LegalCopyright : Copyright (c) 2000, IBM Corporation
OriginalFilename : TpScrEx.exe

#:39 [ibmmessages.exe]
FilePath : C:\Programme\IBM\Messages By IBM\
ProcessID : 1132
ThreadCreationTime : 05.07.2006 08:35:10
BasePriority : Normal


#:40 [ibmprc.exe]
FilePath : C:\IBMTOOLS\UTILS\
ProcessID : 1140
ThreadCreationTime : 05.07.2006 08:35:10
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : ibmprc Application
CompanyName : IBM Corp.
FileDescription : ibmprc Application
InternalName : ibmprc
LegalCopyright : Copyright (C) 2004 IBM
OriginalFilename : ibmprc.exe

TEIL 2

#:41 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1340
ThreadCreationTime : 05.07.2006 08:35:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:42 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1344
ThreadCreationTime : 05.07.2006 08:35:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:43 [acrotray.exe]
FilePath : C:\Programme\Adobe\Acrobat 7.0\Distillr\
ProcessID : 544
ThreadCreationTime : 05.07.2006 08:35:11
BasePriority : Normal
FileVersion : 7.0.7.2006011200
ProductVersion : 7.0.7.2006011200
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe

#:44 [smax4pnp.exe]
FilePath : C:\Programme\Analog Devices\SoundMAX\
ProcessID : 1488
ThreadCreationTime : 05.07.2006 08:35:11
BasePriority : Normal
FileVersion : 5, 0, 1, 57
ProductVersion : 5, 0, 1, 57
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright (C) 2002-2004 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:45 [pronomgr.exe]
FilePath : C:\Programme\Intel\PROSetWired\NCS\PROSet\
ProcessID : 1512
ThreadCreationTime : 05.07.2006 08:35:11
BasePriority : Normal
FileVersion : 6.4.3.8
ProductVersion : 6.4.3.8
ProductName : Intel(R) Network Configuration Services
CompanyName : Intel(R) Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright(C) 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

#:46 [qctray.exe]
FilePath : C:\PROGRA~1\ThinkPad\CONNEC~1\
ProcessID : 1956
ThreadCreationTime : 05.07.2006 08:35:12
BasePriority : Normal
FileVersion : 3, 3, 0, 0
ProductVersion : 3, 3, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Taskbar Application.
InternalName : QCTray
LegalCopyright : Copyright (C) IBM Corp. 2001, 2004
OriginalFilename : QCTray.exe
Comments : IBM Access Connections Component.

#:47 [qcwlicon.exe]
FilePath : C:\Programme\ThinkPad\ConnectUtilities\
ProcessID : 1968
ThreadCreationTime : 05.07.2006 08:35:12
BasePriority : Normal
FileVersion : 3, 3, 0, 0
ProductVersion : 3, 3, 0, 0
ProductName : IBM ThinkPad Utility
CompanyName : IBM Corp.
FileDescription : IBM Access Connections - Wireless Status Icon.
InternalName : QCWLIcon
LegalCopyright : Copyright (C) IBM Corp. 2001, 2004
OriginalFilename : QCWLIcon.exe
Comments : IBM Access Connections Component.

#:48 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_07\bin\
ProcessID : 1976
ThreadCreationTime : 05.07.2006 08:35:12
BasePriority : Normal


#:49 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 1776
ThreadCreationTime : 05.07.2006 08:35:13
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:50 [zlclient.exe]
FilePath : C:\Programme\ZoneAlarm\
ProcessID : 1464
ThreadCreationTime : 05.07.2006 08:35:13
BasePriority : Normal
FileVersion : 6.5.725.000
ProductVersion : 6.5.725.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:51 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1200
ThreadCreationTime : 05.07.2006 08:35:13
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:52 [tpkmapmn.exe]
FilePath : C:\Programme\ThinkPad\Utilities\
ProcessID : 2068
ThreadCreationTime : 05.07.2006 08:35:14
BasePriority : Normal


#:53 [teatimer.exe]
FilePath : C:\Programme\Spybot - Search & Destroy\
ProcessID : 2096
ThreadCreationTime : 05.07.2006 08:35:14
BasePriority : Idle
FileVersion : 1, 4, 0, 2
ProductVersion : 1, 4, 0, 3
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:54 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 2324
ThreadCreationTime : 05.07.2006 08:35:16
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:55 [fcpms.exe]
FilePath : C:\Programme\Freecom Personal Media Suite\
ProcessID : 2392
ThreadCreationTime : 05.07.2006 08:35:17
BasePriority : Normal
FileVersion : 2.17
ProductVersion : 2.17
ProductName : Freecom Personal Media Suite
CompanyName : Freecom
FileDescription : Personal Media Suite
InternalName : Zion
LegalCopyright : Copyright © 2003-2005
OriginalFilename : FCPMS.exe

#:56 [rc.exe]
FilePath : C:\Programme\DTV\
ProcessID : 2400
ThreadCreationTime : 05.07.2006 08:35:17
BasePriority : Normal
FileVersion : 1, 0, 0, 40917
ProductVersion : 1, 0, 0, 40917
ProductName : DTV player
CompanyName : Computer & Entertainment, Inc.
FileDescription : DTV player remote monitor
LegalCopyright : Copyright (C) 2004 C&E, Inc.

#:57 [dlpwdnt.exe]
FilePath : c:\programme\dell printers\Additional Color Laser Software\Status Monitor\
ProcessID : 2836
ThreadCreationTime : 05.07.2006 08:35:28
BasePriority : Normal
FileVersion : 1.000.403.12
ProductVersion : 1.000.000.00
ProductName : Dell Status Monitor Service
CompanyName : Dell Inc.
FileDescription : Printer Status Watcher
InternalName : DLPWDNT
LegalCopyright : Copyright (c) 2004. All rights reserved.
OriginalFilename : DLPWDNT.EXE

#:58 [mcshield.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Network Associates\McShield\
ProcessID : 584
ThreadCreationTime : 05.07.2006 08:35:47
BasePriority : High


#:59 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2280
ThreadCreationTime : 05.07.2006 08:35:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:60 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3192
ThreadCreationTime : 05.07.2006 09:07:41
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:61 [msimn.exe]
FilePath : C:\Programme\Outlook Express\
ProcessID : 3168
ThreadCreationTime : 05.07.2006 09:16:28
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © 2004 Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : MSIMN.EXE

#:62 [guard.exe]
FilePath : C:\Programme\ewido anti-spyware 4.0\
ProcessID : 2136
ThreadCreationTime : 05.07.2006 11:55:14
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:63 [ewido.exe]
FilePath : C:\Programme\ewido anti-spyware 4.0\
ProcessID : 772
ThreadCreationTime : 05.07.2006 11:55:24
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe

#:64 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2348
ThreadCreationTime : 05.07.2006 13:52:39
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lars@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:lars@doubleclick.net/
Expires : 05.07.2006 15:08:48
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : lars@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:lars@as1.falkag.de/
Expires : 03.09.2006 14:53:56
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

16:06:30 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:27.812
Objects scanned:138707
Objects identified:2
Objects ignored:0
New critical objects:2

Problem besteht noch immer!

Dann bleibt nur der esan übrig. Lese die Anleitung genau durch.
http://www.trojaner-board.de/showthread.php?t=24192

Hallo,
ich würde mal ausser Escan noch Smitfraudfix drüber jagen, und zwar in der Option 2. Bereinigen der Registry bejaen. Poste danach den Inhalt der Datei C:\rapport.txt



Grüße Wildone

Zitat:

Zitat von Wildone

Hallo,
ich würde mal ausser Escan noch Smitfraudfix drüber jagen, und zwar in der Option 2. Bereinigen der Registry bejaen. Poste danach den Inhalt der Datei C:\rapport.txt



Grüße Wildone

@Wildone
Hatte auch schon daran gedacht, sah aber keine Hinweise für solchen Befall.
Schönen Fussballabend
Der Felix

Hallo,

Zitat:

ich habe ein Problem, dass es glaube ich schon öfter gab, konnte aber keine Lösung finden, die mir geholfen hätte. Habe gestern einen Trojaner entfernt (FakeAlert B) und die entfernung war auch erfolgreich (keine Spybot oder CWshredder Meldungen)

Sollte ein Hinweis sein, Fakealert ist nur eine andere Bezeichnung für Smitfraud oder Zlob.
Und den schönen Fußballabend werde ich haben, auch wenn ich noch den "Schock" von gestern verdauen muss.


Grüße Wildone

Zitat:

Zitat von Wildone

Hallo,
ich würde mal ausser Escan noch Smitfraudfix drüber jagen, und zwar in der Option 2. Bereinigen der Registry bejaen. Poste danach den Inhalt der Datei C:\rapport.txt



Grüße Wildone

Genau so bin ich ihn los geworden, aber das Problem mit der Homepage bleibt bestehen. Ist das vielleicht nur eine Windows Einstellung, die nach der Entfernung von FakeAlert quasi übrig geblieben ist? Ich benutze noch ZA (neuste Version) und McAfee, alte Version, aber immer neue dats. Gibt aber bei keinen die Option eine Änderung der Startseite zu blocken.

Habe beim Scannen mit MWAV noch 2 Smitfraud Meldungen bekommen Logfile ist aber riesig (5.8 MB), so dass ich es hier nicht posten oder anhängen kann.

Habe dann im abgesicherten Modus noch mal SmitfraudFix laufen lassen, Ergebnis ist folgendes Logfile:

SmitFraudFix v2.67

Scan done at 16:45:40,12, 06.07.2006
Run from C:\Dokumente und Einstellungen\Lars\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\ADMINI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Nach dem Fixen erhielt ich folgendes Logfile:

SmitFraudFix v2.67

Scan done at 16:55:07,18, 06.07.2006
Run from C:\Dokumente und Einstellungen\Lars\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Und ratet mal: Problem immernoch vorhanden!

Lade Dir Regseeker, "Clean the Registry" und alle grünen makieren und mit Del löschen.

Ist geschehen, habe alle grünen Einträge im abgesicherten Modus, Sys-Wiederherstellung deaktiviert.

Neue Fehlermeldung beim Neustart:

SMaxPNP.exe konnte nicht initialisiert werden

und

Smax4.exe konnte nicht initialisiert werden.


IE Startseite weiterhin nicht veränderbar