| |
| |||||||
Log-Analyse und Auswertung: Hilfe habe einen Hijacker von ner ganz üblen SorteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.06.2004, 19:04
| #1 |
| |  Hilfe habe einen Hijacker von ner ganz üblen Sorte Hallo Hallo - hab mir einen Hijacker oder so etwas auf meinem system ( XP Professional ) eingefangen und bin schon mit mir allen bekannten Hilfsprogrammen auf die suche gegangen, aber der Hijacker kommt immer wieder!! Hab noch den IE6.0 drauf XP SP2 Die Startseite sagt mir about:blank das ist dann irgendeine seite mit search... Habe auch schon SpHjfix.exe drüber laufe lassen der findet nichts HijackThis sagt mir folgendes an: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {BEDDB942-6862-47DE-B895-25A3F4D899A8} - C:\WINDOWS\System32\lndima.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O17 - HKLM\System\CCS\Services\Tcpip\..\{27C5842D-2828-40FE-9B38-1641C0B0ACF4}: NameServer = 217.237.150.33 194.25.2.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{27C5842D-2828-40FE-9B38-1641C0B0ACF4}: NameServer = 217.237.150.33 194.25.2.129 BITTE HELFT MIR IHR SEIT DIE LETZTE LÖSUNG FÜR MICH SONST MUSS ICH NOCH FORMAT C MACHEN Danke im voraus für eure Hilfe MFG Sam |
|
24.06.2004, 17:06
| #2 |
 | Hilfe habe einen Hijacker von ner ganz üblen Sorte Hi,
__________________bitte arbeite die ersten 2 angeheften Themen hier ab: http://www.trojaner-board.de/forum/u...i?ubb=pntf;f=6 Unter Browser-Hijacking speziell Tools, Vorbeugung & Artikel Dann erzähle mal genau, was du genau gemacht hast, welche Tools (waren die aktualisiert?!!) was wo gefunden bzw entfernt haben. Außerdem ist dein Hijackthis-Log nicht komplett..  |
|
25.06.2004, 16:00
| #3 |
| |  Hilfe habe einen Hijacker von ner ganz üblen Sorte Hallo
__________________Erst mal danke für die schnelle Antwort Ich habe die anweisungen abgearbeitet. Folgendes hat sich ergeben Ich habe das System: Windows XP SP2, IE 6.0 Geprüft mit: 1.Ad-aware 6.0 hat gefunden: Lavasoft Ad-aware Personal Build 6.181 Created with Ad-aware Personal, free for private use. Using reference-file :01R298 20.04.2004 Ad-aware Settings ========================= Set : Activate in-depth scan (Recommended) Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep scan registry 25.06.2004 16:46:04 - Scan started. (Smart mode) Listing running processes #:1 [smss.exe] FilePath : \SystemRoot\System32\ ThreadCreationTime : 25.06.2004 14:42:37 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ThreadCreationTime : 25.06.2004 14:42:39 BasePriority : High #:3 [services.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 25.06.2004 14:42:39 BasePriority : Normal FileSize : 98 KB FileVersion : 5.1.2600.1224 (xpsp2.030516-0318) ProductVersion : 5.1.2600.1224 CompanyName : Microsoft Corporation FileDescription : Anwendung f InternalName : services.exe OriginalFilename : services.exe ProductName : Betriebssystem Microsoft Created on : 22.05.2003 15:47:10 Last accessed : 13.06.2004 18:51:39 Last modified : 22.05.2003 15:47:10 #:4 [lsass.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 25.06.2004 14:42:39 BasePriority : Normal FileSize : 11 KB FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe OriginalFilename : lsass.exe ProductName : Microsoft Created on : 29.08.2002 01:43:40 Last accessed : 13.06.2004 17:54:53 Last modified : 29.08.2002 01:43:40 #:5 [svchost.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 25.06.2004 14:42:40 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 18.08.2001 12:00:00 Last accessed : 13.06.2004 18:05:50 Last modified : 18.08.2001 12:00:00 #:6 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 25.06.2004 14:42:40 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 18.08.2001 12:00:00 Last accessed : 13.06.2004 18:05:50 Last modified : 18.08.2001 12:00:00 #:7 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ThreadCreationTime : 25.06.2004 14:42:41 BasePriority : Normal FileSize : 229 KB FileVersion : 2.0.2.806 ProductVersion : 2.0.2.806 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr OriginalFilename : ccSetMgr.exe ProductName : Common Client Created on : 09.09.2003 06:39:18 Last accessed : 13.06.2004 19:21:37 Last modified : 09.09.2003 06:39:18 #:8 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ThreadCreationTime : 25.06.2004 14:42:41 BasePriority : Normal FileSize : 249 KB FileVersion : 2.0.2.806 ProductVersion : 2.0.2.806 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr OriginalFilename : ccEvtMgr.exe ProductName : Common Client Created on : 09.09.2003 06:36:04 Last accessed : 13.06.2004 19:21:37 Last modified : 09.09.2003 06:36:04 #:9 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ThreadCreationTime : 25.06.2004 14:42:42 BasePriority : Normal FileSize : 50 KB FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe OriginalFilename : spoolsv.exe ProductName : Microsoft Created on : 18.08.2001 12:00:00 Last accessed : 13.06.2004 17:55:39 Last modified : 18.08.2001 12:00:00 #:10 [explorer.exe] FilePath : C:\WINDOWS\ ThreadCreationTime : 25.06.2004 14:42:44 BasePriority : Normal FileSize : 976 KB FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer OriginalFilename : EXPLORER.EXE ProductName : Betriebssystem Microsoft Created on : 29.05.2003 09:48:20 Last accessed : 13.06.2004 18:52:34 Last modified : 29.05.2003 09:48:20 #:11 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ThreadCreationTime : 25.06.2004 14:42:45 BasePriority : Normal FileSize : 69 KB FileVersion : 2.0.2.806 ProductVersion : 2.0.2.806 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp OriginalFilename : ccApp.exe ProductName : Common Client Created on : 09.09.2003 06:32:40 Last accessed : 13.06.2004 18:05:50 Last modified : 09.09.2003 06:32:40 #:12 [ccproxy.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ThreadCreationTime : 25.06.2004 14:43:48 BasePriority : Normal FileSize : 213 KB FileVersion : 2.0.2.806 ProductVersion : 2.0.2.806 Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy OriginalFilename : ccProxy.exe ProductName : Common Client Created on : 09.09.2003 06:37:42 Last accessed : 13.06.2004 17:46:47 Last modified : 09.09.2003 06:37:42 #:13 [sagent2.exe] FilePath : C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\ ThreadCreationTime : 25.06.2004 14:43:48 BasePriority : Normal FileSize : 92 KB FileVersion : 2, 3, 0, 0 ProductVersion : 1, 0, 0, 0 Copyright : Copyright (C) SEIKO EPSON CORP. 2000-2001 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Printer Status Agent InternalName : SAgent2 OriginalFilename : SAgent2.exe ProductName : EPSON Bidirectional Printer Created on : 24.05.2004 15:55:48 Last accessed : 13.06.2004 17:46:35 Last modified : 17.07.2002 00:03:00 #:14 [ghosts~2.exe] FilePath : C:\PROGRA~1\NORTON~2\NORTON~4\ ThreadCreationTime : 25.06.2004 14:43:48 BasePriority : Normal FileSize : 196 KB FileVersion : 2003.789 ProductVersion : 2003.789 Copyright : Copyright (C) 1998-2003 Symantec Corp. All rights reserved. CompanyName : Symantec Corporation FileDescription : Norton Ghost Start InternalName : GhostStartService OriginalFilename : GhostStartService.exe ProductName : Norton Ghost Start Service #:15 [navapsvc.exe] FilePath : C:\Programme\Norton SystemWorks\Norton Antivirus\ ThreadCreationTime : 25.06.2004 14:43:48 BasePriority : Normal FileSize : 155 KB FileVersion : 10.00.2 ProductVersion : 10.00.2 Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC OriginalFilename : NAVAPSVC.EXE ProductName : Norton AntiVirus Created on : 08.06.2004 17:28:20 Last accessed : 13.06.2004 19:21:13 Last modified : 12.05.2004 07:16:16 #:16 [nprotect.exe] FilePath : C:\PROGRA~1\NORTON~2\NORTON~2\ ThreadCreationTime : 25.06.2004 14:43:48 BasePriority : Normal FileSize : 84 KB FileVersion : 17.0.0.82 ProductVersion : 17.0.0.82 Copyright : Copyright (c) 1997-2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT OriginalFilename : NPROTECT.EXE ProductName : Norton Utilities Created on : 13.09.2003 16:04:54 Last accessed : 13.06.2004 17:48:31 Last modified : 13.09.2003 16:04:54 #:17 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 25.06.2004 14:43:54 BasePriority : Normal FileSize : 108 KB FileVersion : 6.14.10.5672 ProductVersion : 6.14.10.5672 Copyright : (C) NVIDIA Corporation. All rights reserved. CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 56.72 InternalName : NVSVC OriginalFilename : nvsvc32.exe ProductName : NVIDIA Driver Helper Service, Version 56.72 Created on : 24.03.2004 08:04:00 Last accessed : 13.06.2004 17:55:13 Last modified : 24.03.2004 08:04:00 #:18 [nopdb.exe] FilePath : C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\ ThreadCreationTime : 25.06.2004 14:43:55 BasePriority : Normal FileSize : 172 KB FileVersion : 7.00.0.24 ProductVersion : 7.00.0.24 Copyright : Copyright (c) 1997-2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : NOPDB InternalName : NOPDB OriginalFilename : NOPDB.dll ProductName : Norton Speed Disk Created on : 13.09.2003 16:04:50 Last accessed : 13.06.2004 17:48:33 Last modified : 13.09.2003 16:04:50 #:19 [svchost.exe] FilePath : C:\WINDOWS\System32\ ThreadCreationTime : 25.06.2004 14:43:55 BasePriority : Normal FileSize : 12 KB FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe OriginalFilename : svchost.exe ProductName : Microsoft Created on : 18.08.2001 12:00:00 Last accessed : 13.06.2004 18:05:50 Last modified : 18.08.2001 12:00:00 #:20 [savscan.exe] FilePath : C:\Programme\Norton SystemWorks\Norton Antivirus\ ThreadCreationTime : 25.06.2004 14:44:03 BasePriority : Normal FileSize : 189 KB FileVersion : 9.2.1.14 ProductVersion : 9.2 Copyright : Copyright (c) 2003 Symantec Corporation CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN OriginalFilename : SAVSCAN.EXE ProductName : Symantec AntiVirus AutoProtect Created on : 06.06.2004 16:54:09 Last accessed : 13.06.2004 17:48:24 Last modified : 26.11.2003 07:26:22 #:21 [winword.exe] FilePath : C:\Programme\Microsoft Office\Office\ ThreadCreationTime : 25.06.2004 14:44:50 BasePriority : Normal FileSize : 8244 KB FileVersion : 9.0.2823 ProductVersion : 9.0.2823 Copyright : Copyright CompanyName : Microsoft Corporation FileDescription : Microsoft Word for Windows InternalName : WinWord OriginalFilename : WinWord.exe ProductName : Microsoft Office 2000 Created on : 30.04.1999 02:00:00 Last accessed : 13.06.2004 17:47:30 Last modified : 30.04.1999 02:00:00 #:22 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ThreadCreationTime : 25.06.2004 14:45:58 BasePriority : Normal FileSize : 668 KB FileVersion : 6.0.1.181 ProductVersion : 6.0.0.0 Copyright : Copyright CompanyName : Lavasoft Sweden FileDescription : Ad-aware 6 core application InternalName : Ad-aware.exe OriginalFilename : Ad-aware.exe ProductName : Lavasoft Ad-aware Plus Created on : 25.06.2004 14:10:41 Last accessed : 25.06.2004 14:10:41 Last modified : 12.07.2003 19:00:20 Memory scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 0 Objects found so far: 0 Started registry scan CoolWebSearch Object recognized! Type : RegValue Data : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Internet Explorer\Main Value : HOMEOldSP Windows Object recognized! Type : RegData Data : Rootkey : HKEY_CURRENT_USER Object : Software\Policies\Microsoft\Internet Explorer\Control Panel Value : Homepage Data : Registry scan result : New objects : 2 Objects found so far: 2 Started deep registry scan Deep registry scan result : New objects : 0 Objects found so far: 2 Deep scanning and examining files (C  Performing conditional scans.. CoolWebSearch Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : PROTOCOLS\Filter\text/html CoolWebSearch Object recognized! Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : PROTOCOLS\Filter\text/plain Conditional scan result: ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 2 Objects found so far: 4 16:47:59 Scan complete Summary of this scan ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Total scanning time :00:01:54:781 Objects scanned :42922 Objects identified :4 Objects ignored :0 New objects :4 2.Spybot-search & destroy v1.3 hat gefunden: DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done) HKEY_USERS\S-1-5-21-329068152-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registrierungsdatenbank-Änderung, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 --- Spybot - Search && Destroy version: 1.3 --- 2004-06-16 Includes\Cookies.sbi 2004-06-16 Includes\Dialer.sbi 2004-06-17 Includes\Hijackers.sbi 2004-06-16 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2004-06-16 Includes\Malware.sbi 2004-06-16 Includes\Revision.sbi 2004-06-16 Includes\Security.sbi 2004-06-16 Includes\Spybots.sbi 2004-06-16 Includes\Tracks.uti 2004-06-16 Includes\Trojans.sbi 3.NoAdware v2.0 nichts gefunden 4.Hjack This v1.97.7 hat folgenden Log Logfile of HijackThis v1.97.7 Scan saved at 16:57:07, on 25.06.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE C:\Programme\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\Programme\Microsoft Office\Office\WINWORD.EXE C:\Dokumente und Einstellungen\Henning\Desktop\Anti Spy\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\lndima.dll/sp.html (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {BEDDB942-6862-47DE-B895-25A3F4D899A8} - C:\WINDOWS\System32\lndima.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Ich bedanke mich bei euch ganz rechtherzlich im voraus und hoffe Ihr könnt was damit Anfangen. Mit freundlichen Grüßen Sam |
|
26.06.2004, 03:18
| #4 |
  | Hilfe habe einen Hijacker von ner ganz üblen Sorte Lass bitte im abgesicherten Modus eScan drüberlaufen (vorher updaten!). Lösch zudem mittels HijackThis - ebenfalls im abgesicherten Modus - alle Einträge, die C:\WINDOWS\System32\lndima.dll bzw. die Datei lndima.dll enthalten. Schau nach diesen Maßnahmen bitte in den Ordner C:\WINDOWS\System32\ und such dort nach der Datei lndima.dll. Falls du sie noch auffindest, wurde sie von eScan nicht erkannt und sollte den AV-Signaturen hinzugefügt werden. Nimm diese Datei dann aus dem Systemordner heraus, leg sie in einem teporären Quarantäneorder ab. Starte im normalen Modus und sende die Datei an die unten in meiner Signatur genannten Mailadressen. Danke! eScan: http://www.trojaner-board.de/forum/u...c;f=6;t=005602 |
|
28.06.2004, 16:14
| #5 |
| |  Hilfe habe einen Hijacker von ner ganz üblen Sorte Hi Ich glaub es geht jetzt wieder hier sind nochmal die Logs aus eScan und HiJackThis . Was für eine Signatur soll ich dir zuschicken?? Nochmals Danke Sam |
|
28.06.2004, 16:15
| #6 |
| | Hilfe habe einen Hijacker von ner ganz üblen Sorte Sun Jun 27 16:27:14 2004 => ********************************************************** Sun Jun 27 16:27:14 2004 => eScan AntiVirus Toolkit Utility. Sun Jun 27 16:27:14 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sun Jun 27 16:27:14 2004 => ********************************************************** Sun Jun 27 16:27:14 2004 => Version 4.2.4 Sun Jun 27 16:27:14 2004 => Log File: C:\DOKUME~1\Henning\LOKALE~1\Temp\mwav.log Sun Jun 27 16:27:14 2004 => Command Line Options Given: /s Sun Jun 27 16:27:28 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25. Sun Jun 27 16:27:42 2004 => AV Library Loaded... Sun Jun 27 16:27:42 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavss.exe Sun Jun 27 16:27:42 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\Getvlist.exe Sun Jun 27 16:27:44 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavss.dll Sun Jun 27 16:27:45 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavssdi.dll Sun Jun 27 16:27:45 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavssi.dll Sun Jun 27 16:27:45 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavvlg.dll Sun Jun 27 16:27:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\msvlclnt.dll Sun Jun 27 16:27:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\ipc.dll Sun Jun 27 16:27:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\main.avi Sun Jun 27 16:27:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\virus.avi Sun Jun 27 16:27:48 2004 => ********************************************************** Sun Jun 27 16:27:48 2004 => eScan AntiVirus Toolkit Utility. Sun Jun 27 16:27:48 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sun Jun 27 16:27:48 2004 => Sun Jun 27 16:27:48 2004 => Support: support@mwti.net Sun Jun 27 16:27:48 2004 => Web: http://www.mwti.net Sun Jun 27 16:27:48 2004 => ********************************************************** Sun Jun 27 16:27:48 2004 => Version 4.2.4 Sun Jun 27 16:27:48 2004 => Log File: C:\DOKUME~1\Henning\LOKALE~1\Temp\mwav.log Sun Jun 27 16:27:48 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25. Sun Jun 27 16:27:48 2004 => Options Selected by User: Sun Jun 27 16:27:48 2004 => Memory Check: Disabled Sun Jun 27 16:27:48 2004 => Registry Check: Disabled Sun Jun 27 16:27:48 2004 => StartUp Folder Check: Disabled Sun Jun 27 16:27:48 2004 => System Folder Check: Disabled Sun Jun 27 16:27:48 2004 => System Area Check: Disabled Sun Jun 27 16:27:48 2004 => Services Check: Disabled Sun Jun 27 16:27:48 2004 => Drive Check Option Disabled Sun Jun 27 16:27:48 2004 => Scanning Type: Scan And Clean Sun Jun 27 16:27:48 2004 => Folder Check: Disabled Sun Jun 27 16:27:50 2004 => ***** Scanning Memory Files ***** Sun Jun 27 16:27:50 2004 => Scanning File C:\WINDOWS\system32\services.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSetMgr.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccEvtMgr.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccProxy.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\EPSON\EBAPI\SAgent2.exe Sun Jun 27 16:27:50 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE Sun Jun 27 16:27:50 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\navapsvc.exe Sun Jun 27 16:27:51 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE Sun Jun 27 16:27:51 2004 => Scanning File C:\WINDOWS\System32\nvsvc32.exe Sun Jun 27 16:27:51 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE Sun Jun 27 16:27:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:27:52 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\SAVScan.exe Sun Jun 27 16:27:52 2004 => Scanning File C:\WINDOWS\Explorer.EXE Sun Jun 27 16:27:52 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccApp.exe Sun Jun 27 16:27:52 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\mwavscan.com Sun Jun 27 16:27:52 2004 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE Sun Jun 27 16:27:52 2004 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE Sun Jun 27 16:27:53 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavss.exe Sun Jun 27 16:27:53 2004 => ***** Scanning Registry Files ***** Sun Jun 27 16:27:53 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sun Jun 27 16:27:53 2004 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE Sun Jun 27 16:27:53 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccApp.exe Sun Jun 27 16:27:53 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\mwavscan.com Sun Jun 27 16:27:53 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sun Jun 27 16:27:53 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sun Jun 27 16:27:53 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sun Jun 27 16:27:53 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sun Jun 27 16:27:53 2004 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE Sun Jun 27 16:27:53 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sun Jun 27 16:27:53 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sun Jun 27 16:27:53 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sun Jun 27 16:27:53 2004 => Scanning HKCR\txtfile\shell\open\command Sun Jun 27 16:27:53 2004 => Scanning HKCR\comfile\shell\open\command Sun Jun 27 16:27:53 2004 => Scanning HKCR\exefile\shell\open\command Sun Jun 27 16:27:53 2004 => Scanning HKCR\dllfile\shell\open\command Sun Jun 27 16:27:53 2004 => Scanning HKCR\batfile\shell\open\command Sun Jun 27 16:27:53 2004 => Scanning HKCR\piffile\shell\open\command Sun Jun 27 16:27:53 2004 => Scanning HKCR\scrfile\shell\open\command Sun Jun 27 16:27:53 2004 => Scanning HKCR\scrfile\shell\config\command Sun Jun 27 16:27:53 2004 => Scanning HKCR\regfile\shell\open\command Sun Jun 27 16:27:53 2004 => ***** Scanning StartUp Folders ***** Sun Jun 27 16:27:53 2004 => ***** Scanning C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart Folder ***** Sun Jun 27 16:27:53 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart\*.* Sun Jun 27 16:27:53 2004 => Scanning File C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart\desktop.ini [**] Sun Jun 27 16:27:53 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder ***** Sun Jun 27 16:27:53 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.* Sun Jun 27 16:27:53 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**] Sun Jun 27 16:27:53 2004 => ***** Scanning Service Files ***** Sun Jun 27 16:27:53 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Sun Jun 27 16:27:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys Sun Jun 27 16:27:54 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys Sun Jun 27 16:27:54 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Sun Jun 27 16:27:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:27:55 2004 => Scanning File C:\WINDOWS\System32\alg.exe Sun Jun 27 16:27:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\amdk7.sys Sun Jun 27 16:27:55 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jun 27 16:27:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys Sun Jun 27 16:27:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys Sun Jun 27 16:27:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys Sun Jun 27 16:27:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:27:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys Sun Jun 27 16:27:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:27:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:27:56 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccEvtMgr.exe Sun Jun 27 16:27:56 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccProxy.exe Sun Jun 27 16:27:56 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccPwdSvc.exe Sun Jun 27 16:27:56 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSetMgr.exe Sun Jun 27 16:27:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys Sun Jun 27 16:27:57 2004 => Scanning File C:\WINDOWS\system32\cisvc.exe Sun Jun 27 16:27:57 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe Sun Jun 27 16:27:57 2004 => Scanning File C:\WINDOWS\System32\drivers\cmuda.sys Sun Jun 27 16:27:58 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Sun Jun 27 16:27:58 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sun Jun 27 16:27:58 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:27:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys Sun Jun 27 16:27:59 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe Sun Jun 27 16:27:59 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys Sun Jun 27 16:27:59 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDFL.sys Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDIO.sys Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys Sun Jun 27 16:28:00 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\EPSON\EBAPI\SAgent2.exe Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:28:00 2004 => Scanning File C:\WINDOWS\system32\services.exe Sun Jun 27 16:28:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:28:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:28:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys Sun Jun 27 16:28:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fetnd5.sys Sun Jun 27 16:28:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys Sun Jun 27 16:28:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys Sun Jun 27 16:28:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys Sun Jun 27 16:28:01 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE Sun Jun 27 16:28:01 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~4\GHPCIS~1.SYS Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\Drivers\gt680x.sys Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\imapi.sys Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\imapi.exe Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys Sun Jun 27 16:28:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sun Jun 27 16:28:03 2004 => Total Number of Files Scanned: 87 Sun Jun 27 16:28:03 2004 => Total Number of Virus(es) Found: 0 Sun Jun 27 16:28:03 2004 => Total Number of Disinfected Files: 0 Sun Jun 27 16:28:03 2004 => Total Number of Files Renamed: 0 Sun Jun 27 16:28:04 2004 => Total Number of Deleted Files: 0 Sun Jun 27 16:28:04 2004 => Total Number of Errors: 0 Sun Jun 27 16:28:04 2004 => Time Elapsed: 00:00:14 Sun Jun 27 16:28:04 2004 => ***** Scanning complete. ***** Sun Jun 27 16:28:04 2004 => Virus Database Date: 2004/06/20 Sun Jun 27 16:28:04 2004 => Virus Database Count: 95240 Sun Jun 27 16:28:04 2004 => Scan Completed. Sun Jun 27 16:28:04 2004 => AV Library Unloaded (3)... Mon Jun 28 17:00:44 2004 => ********************************************************** Mon Jun 28 17:00:44 2004 => eScan AntiVirus Toolkit Utility. Mon Jun 28 17:00:44 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Mon Jun 28 17:00:44 2004 => ********************************************************** Mon Jun 28 17:00:44 2004 => Version 4.2.4 Mon Jun 28 17:00:44 2004 => Log File: C:\DOKUME~1\Henning\LOKALE~1\Temp\mwav.log Mon Jun 28 17:00:44 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25. Mon Jun 28 17:00:46 2004 => AV Library Loaded... Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavss.exe Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\Getvlist.exe Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavss.dll Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavssdi.dll Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavssi.dll Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavvlg.dll Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\msvlclnt.dll Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\ipc.dll Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\main.avi Mon Jun 28 17:00:46 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\virus.avi Mon Jun 28 17:00:46 2004 => Virus Database Date: 2004/06/20 Mon Jun 28 17:00:46 2004 => Virus Database Count: 95240 Mon Jun 28 17:00:48 2004 => Generating Virus List... getvlist.exe C:\DOKUME~1\Henning\LOKALE~1\Temp\vlist.txt Mon Jun 28 17:00:55 2004 => ********************************************************** Mon Jun 28 17:00:55 2004 => eScan AntiVirus Toolkit Utility. Mon Jun 28 17:00:55 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Mon Jun 28 17:00:55 2004 => Mon Jun 28 17:00:55 2004 => Support: support@mwti.net Mon Jun 28 17:00:55 2004 => Web: http://www.mwti.net Mon Jun 28 17:00:55 2004 => ********************************************************** Mon Jun 28 17:00:55 2004 => Version 4.2.4 Mon Jun 28 17:00:55 2004 => Log File: C:\DOKUME~1\Henning\LOKALE~1\Temp\mwav.log Mon Jun 28 17:00:55 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25. Mon Jun 28 17:00:55 2004 => Options Selected by User: Mon Jun 28 17:00:55 2004 => Memory Check: Enabled Mon Jun 28 17:00:55 2004 => Registry Check: Enabled Mon Jun 28 17:00:55 2004 => StartUp Folder Check: Enabled Mon Jun 28 17:00:55 2004 => System Folder Check: Disabled Mon Jun 28 17:00:55 2004 => System Area Check: Disabled Mon Jun 28 17:00:55 2004 => Services Check: Enabled Mon Jun 28 17:00:55 2004 => Drive Check Option Disabled Mon Jun 28 17:00:55 2004 => Scanning Type: Scan And Clean Mon Jun 28 17:00:55 2004 => Folder Check: Disabled Mon Jun 28 17:00:56 2004 => ***** Scanning Memory Files ***** Mon Jun 28 17:00:56 2004 => Scanning File C:\WINDOWS\system32\services.exe Mon Jun 28 17:00:56 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Mon Jun 28 17:00:56 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:00:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:00:56 2004 => Scanning File C:\WINDOWS\Explorer.EXE Mon Jun 28 17:00:56 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\mwavscan.com Mon Jun 28 17:00:56 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavss.exe Mon Jun 28 17:00:56 2004 => ***** Scanning Registry Files ***** Mon Jun 28 17:00:56 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Mon Jun 28 17:00:56 2004 => Scanning File C:\WINDOWS\Explorer.exe Mon Jun 28 17:00:57 2004 => Scanning File C:\WINDOWS\system32\userinit.exe Mon Jun 28 17:00:57 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Mon Jun 28 17:00:57 2004 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE Mon Jun 28 17:00:57 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccApp.exe Mon Jun 28 17:00:57 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\mwavscan.com Mon Jun 28 17:00:57 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Mon Jun 28 17:00:57 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Mon Jun 28 17:00:57 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Mon Jun 28 17:00:57 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Mon Jun 28 17:00:57 2004 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE Mon Jun 28 17:00:57 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Mon Jun 28 17:00:58 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Mon Jun 28 17:00:58 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Mon Jun 28 17:00:58 2004 => Scanning HKCR\txtfile\shell\open\command Mon Jun 28 17:00:58 2004 => Scanning HKCR\comfile\shell\open\command Mon Jun 28 17:00:58 2004 => Scanning HKCR\exefile\shell\open\command Mon Jun 28 17:00:58 2004 => Scanning HKCR\dllfile\shell\open\command Mon Jun 28 17:00:58 2004 => Scanning HKCR\batfile\shell\open\command Mon Jun 28 17:00:58 2004 => Scanning HKCR\piffile\shell\open\command Mon Jun 28 17:00:58 2004 => Scanning HKCR\scrfile\shell\open\command Mon Jun 28 17:00:58 2004 => Scanning HKCR\scrfile\shell\config\command Mon Jun 28 17:00:58 2004 => Scanning HKCR\regfile\shell\open\command Mon Jun 28 17:00:59 2004 => ***** Scanning StartUp Folders ***** Mon Jun 28 17:00:59 2004 => ***** Scanning C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart Folder ***** Mon Jun 28 17:00:59 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart\*.* Mon Jun 28 17:00:59 2004 => Scanning File C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart\desktop.ini [**] Mon Jun 28 17:00:59 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder ***** Mon Jun 28 17:00:59 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.* Mon Jun 28 17:00:59 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**] Mon Jun 28 17:00:59 2004 => ***** Scanning Service Files ***** Mon Jun 28 17:00:59 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Mon Jun 28 17:00:59 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\alg.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\amdk7.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccEvtMgr.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccProxy.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccPwdSvc.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSetMgr.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\system32\cisvc.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe Mon Jun 28 17:01:00 2004 => Scanning File C:\WINDOWS\System32\drivers\cmuda.sys Mon Jun 28 17:01:01 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Mon Jun 28 17:01:01 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys Mon Jun 28 17:01:01 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe Mon Jun 28 17:01:01 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys Mon Jun 28 17:01:01 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys Mon Jun 28 17:01:02 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys Mon Jun 28 17:01:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:02 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys Mon Jun 28 17:01:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:02 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys Mon Jun 28 17:01:02 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDFL.sys Mon Jun 28 17:01:02 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDIO.sys Mon Jun 28 17:01:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys Mon Jun 28 17:01:02 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\EPSON\EBAPI\SAgent2.exe Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\system32\services.exe Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fetnd5.sys Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys Mon Jun 28 17:01:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys Mon Jun 28 17:01:03 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE Mon Jun 28 17:01:04 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~4\GHPCIS~1.SYS Mon Jun 28 17:01:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys Mon Jun 28 17:01:04 2004 => Scanning File C:\WINDOWS\System32\Drivers\gt680x.sys Mon Jun 28 17:01:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys Mon Jun 28 17:01:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\imapi.sys Mon Jun 28 17:01:04 2004 => Scanning File C:\WINDOWS\System32\imapi.exe Mon Jun 28 17:01:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys Mon Jun 28 17:01:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys Mon Jun 28 17:01:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys Mon Jun 28 17:01:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys Mon Jun 28 17:01:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys Mon Jun 28 17:01:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys Mon Jun 28 17:01:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Mon Jun 28 17:01:07 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe Mon Jun 28 17:01:07 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe Mon Jun 28 17:01:07 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys Mon Jun 28 17:01:07 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys Mon Jun 28 17:01:08 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys Mon Jun 28 17:01:08 2004 => Scanning File C:\WINDOWS\System32\drivers\msmpu401.sys Mon Jun 28 17:01:08 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\navapsvc.exe Mon Jun 28 17:01:08 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040623.017\NAVENG.SYS Mon Jun 28 17:01:09 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040623.017\NAVEX15.SYS Mon Jun 28 17:01:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys Mon Jun 28 17:01:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys Mon Jun 28 17:01:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\system32\netdde.exe Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\system32\netdde.exe Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\NPDRIVER.SYS Mon Jun 28 17:01:10 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nv4_mini.sys Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\nvsvc32.exe Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\drivers\PalmUSBD.sys Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\system32\services.exe Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys Mon Jun 28 17:01:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdpdr.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\locator.exe Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RTL8139.SYS Mon Jun 28 17:01:12 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Mon Jun 28 17:01:13 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\SAVRT.SYS Mon Jun 28 17:01:13 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\SAVRTPEL.SYS Mon Jun 28 17:01:13 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\SAVScan.exe Mon Jun 28 17:01:13 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe Mon Jun 28 17:01:13 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Mon Jun 28 17:01:13 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Mon Jun 28 17:01:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:13 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SDDRIVER.SYS Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\system32\SetupNT.sys Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SNDSrvc.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys Mon Jun 28 17:01:14 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMDNS.SYS Mon Jun 28 17:01:15 2004 => Scanning File C:\PROGRAMME\SYMANTEC\SYMEVENT.SYS Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMFW.SYS Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMIDS.SYS Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMNDIS.SYS Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMREDRV.SYS Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMTDI.SYS Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys Mon Jun 28 17:01:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\tlntsvr.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\ups.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\viaide.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:16 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:17 2004 => ***** Scanning Important System Files ***** Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\winsock.dll Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\ws2help.dll Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\ws2_32.dll Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\wscript.exe Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\wsecedit.dll Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\wshatm.dll Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\wshbth.dll Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\wshcon.dll Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\wshde.dll Mon Jun 28 17:01:17 2004 => Scanning File C:\WINDOWS\System32\wshext.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\wship6.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\wshisn.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\wshnetbs.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\wshom.ocx Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\WshRm.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\wshtcpip.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\wsnmp32.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\wsock32.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\wstdecod.dll Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\explorer.exe Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\explorer.scf Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\notepad.exe Mon Jun 28 17:01:18 2004 => Scanning File C:\WINDOWS\System32\cmd.exe Mon Jun 28 17:01:19 2004 => Scanning File C:\WINDOWS\System32\kernel32.dll Mon Jun 28 17:01:19 2004 => Scanning File C:\WINDOWS\System32\ntoskrnl.exe Mon Jun 28 17:01:19 2004 => Scanning File C:\WINDOWS\System32\ntkrnlpa.exe Mon Jun 28 17:01:19 2004 => Scanning File C:\WINDOWS\System32\hal.dll Mon Jun 28 17:01:19 2004 => Scanning File C:\WINDOWS\System32\win32k.sys Mon Jun 28 17:01:19 2004 => Scanning File C:\WINDOWS\System32\ntdll.dll Mon Jun 28 17:01:20 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll Mon Jun 28 17:01:20 2004 => Scanning File C:\WINDOWS\System32\user32.dll Mon Jun 28 17:01:20 2004 => Scanning File C:\WINDOWS\System32\gdi32.dll Mon Jun 28 17:01:20 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll Mon Jun 28 17:01:20 2004 => Scanning File C:\WINDOWS\System32\command.com Mon Jun 28 17:01:20 2004 => ***** Checking for specific ITW Viruses ***** Mon Jun 28 17:01:20 2004 => Checking for Welchia Virus... Mon Jun 28 17:01:20 2004 => Checking for LovGate Virus... Mon Jun 28 17:01:20 2004 => Checking for CodeRed Virus... Mon Jun 28 17:01:21 2004 => Checking for OpaServ Virus... Mon Jun 28 17:01:21 2004 => Checking for Sobig.e Virus... Mon Jun 28 17:01:21 2004 => Checking for Winupie Virus... Mon Jun 28 17:01:21 2004 => Checking for Swen Virus... Mon Jun 28 17:01:21 2004 => Checking for JS.Fortnight Virus... Mon Jun 28 17:01:21 2004 => Checking for Novarg Virus... Mon Jun 28 17:01:21 2004 => ***** Scanning complete. ***** Mon Jun 28 17:01:21 2004 => Total Number of Files Scanned: 245 Mon Jun 28 17:01:21 2004 => Total Number of Virus(es) Found: 0 Mon Jun 28 17:01:21 2004 => Total Number of Disinfected Files: 0 Mon Jun 28 17:01:21 2004 => Total Number of Files Renamed: 0 Mon Jun 28 17:01:22 2004 => Total Number of Deleted Files: 0 Mon Jun 28 17:01:22 2004 => Total Number of Errors: 0 Mon Jun 28 17:01:22 2004 => Time Elapsed: 00:00:26 Mon Jun 28 17:01:22 2004 => Virus Database Date: 2004/06/20 Mon Jun 28 17:01:22 2004 => Virus Database Count: 95240 Mon Jun 28 17:01:22 2004 => Scan Completed. Mon Jun 28 17:01:28 2004 => Options Selected by User: Mon Jun 28 17:01:28 2004 => Memory Check: Enabled Mon Jun 28 17:01:28 2004 => Registry Check: Enabled Mon Jun 28 17:01:28 2004 => StartUp Folder Check: Enabled Mon Jun 28 17:01:28 2004 => System Folder Check: Disabled Mon Jun 28 17:01:28 2004 => System Area Check: Disabled Mon Jun 28 17:01:28 2004 => Services Check: Enabled Mon Jun 28 17:01:28 2004 => Drive Check Option Disabled Mon Jun 28 17:01:28 2004 => Scanning Type: Scan And Clean Mon Jun 28 17:01:28 2004 => Folder Check: Disabled Mon Jun 28 17:01:28 2004 => ***** Scanning Memory Files ***** Mon Jun 28 17:01:28 2004 => Scanning File C:\WINDOWS\system32\services.exe Mon Jun 28 17:01:28 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Mon Jun 28 17:01:28 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:28 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:28 2004 => Scanning File C:\WINDOWS\Explorer.EXE Mon Jun 28 17:01:29 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\mwavscan.com Mon Jun 28 17:01:29 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\kavss.exe Mon Jun 28 17:01:29 2004 => Scanning File C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe Mon Jun 28 17:01:29 2004 => ***** Scanning Registry Files ***** Mon Jun 28 17:01:29 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Mon Jun 28 17:01:29 2004 => Scanning File C:\WINDOWS\Explorer.exe Mon Jun 28 17:01:29 2004 => Scanning File C:\WINDOWS\system32\userinit.exe Mon Jun 28 17:01:29 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Mon Jun 28 17:01:29 2004 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE Mon Jun 28 17:01:29 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccApp.exe Mon Jun 28 17:01:29 2004 => Scanning File C:\DOKUME~1\Henning\LOKALE~1\Temp\mwavscan.com Mon Jun 28 17:01:29 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Mon Jun 28 17:01:29 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Mon Jun 28 17:01:29 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Mon Jun 28 17:01:29 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Mon Jun 28 17:01:30 2004 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE Mon Jun 28 17:01:30 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Mon Jun 28 17:01:30 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Mon Jun 28 17:01:30 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Mon Jun 28 17:01:30 2004 => Scanning HKCR\txtfile\shell\open\command Mon Jun 28 17:01:30 2004 => Scanning HKCR\comfile\shell\open\command Mon Jun 28 17:01:30 2004 => Scanning HKCR\exefile\shell\open\command Mon Jun 28 17:01:30 2004 => Scanning HKCR\dllfile\shell\open\command Mon Jun 28 17:01:30 2004 => Scanning HKCR\batfile\shell\open\command Mon Jun 28 17:01:30 2004 => Scanning HKCR\piffile\shell\open\command Mon Jun 28 17:01:30 2004 => Scanning HKCR\scrfile\shell\open\command Mon Jun 28 17:01:30 2004 => Scanning HKCR\scrfile\shell\config\command Mon Jun 28 17:01:30 2004 => Scanning HKCR\regfile\shell\open\command Mon Jun 28 17:01:31 2004 => ***** Scanning StartUp Folders ***** Mon Jun 28 17:01:31 2004 => ***** Scanning C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart Folder ***** Mon Jun 28 17:01:31 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart\*.* Mon Jun 28 17:01:31 2004 => Scanning File C:\Dokumente und Einstellungen\Henning\Startmenü\Programme\Autostart\desktop.ini [**] Mon Jun 28 17:01:31 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder ***** Mon Jun 28 17:01:31 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.* Mon Jun 28 17:01:31 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**] Mon Jun 28 17:01:31 2004 => ***** Scanning Service Files ***** Mon Jun 28 17:01:31 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Mon Jun 28 17:01:31 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys Mon Jun 28 17:01:31 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys Mon Jun 28 17:01:31 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Mon Jun 28 17:01:31 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:31 2004 => Scanning File C:\WINDOWS\System32\alg.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\amdk7.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccEvtMgr.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccProxy.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccPwdSvc.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSetMgr.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\system32\cisvc.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\drivers\cmuda.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDFL.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDIO.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\EPSON\EBAPI\SAgent2.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\system32\services.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fetnd5.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE Mon Jun 28 17:01:32 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~4\GHPCIS~1.SYS Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\Drivers\gt680x.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys Mon Jun 28 17:01:32 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\imapi.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\imapi.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\drivers\msmpu401.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\navapsvc.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040623.017\NAVENG.SYS Mon Jun 28 17:01:33 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040623.017\NAVEX15.SYS Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\system32\netdde.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\system32\netdde.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\NPDRIVER.SYS Mon Jun 28 17:01:33 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nv4_mini.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\nvsvc32.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\drivers\PalmUSBD.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\system32\services.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Mon Jun 28 17:01:33 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdpdr.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\locator.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RTL8139.SYS Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\SAVRT.SYS Mon Jun 28 17:01:34 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\SAVRTPEL.SYS Mon Jun 28 17:01:34 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~1\SAVScan.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SDDRIVER.SYS Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\system32\SetupNT.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SNDSrvc.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Mon Jun 28 17:01:34 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMDNS.SYS Mon Jun 28 17:01:34 2004 => Scanning File C:\PROGRAMME\SYMANTEC\SYMEVENT.SYS Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMFW.SYS Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMIDS.SYS Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMNDIS.SYS Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMREDRV.SYS Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\Drivers\SYMTDI.SYS Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\tlntsvr.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\ups.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\viaide.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Mon Jun 28 17:01:35 2004 => ***** Scanning Important System Files ***** Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\winsock.dll Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\ws2help.dll Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\ws2_32.dll Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\wscript.exe Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\wsecedit.dll Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\wshatm.dll Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\wshbth.dll Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\wshcon.dll Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\wshde.dll Mon Jun 28 17:01:35 2004 => Scanning File C:\WINDOWS\System32\wshext.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\wship6.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\wshisn.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\wshnetbs.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\wshom.ocx Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\WshRm.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\wshtcpip.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\wsnmp32.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\wsock32.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\wstdecod.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\explorer.exe Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\explorer.scf Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\notepad.exe Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\cmd.exe Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\kernel32.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\ntoskrnl.exe Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\ntkrnlpa.exe Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\hal.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\win32k.sys Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\ntdll.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\user32.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\gdi32.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll Mon Jun 28 17:01:36 2004 => Scanning File C:\WINDOWS\System32\command.com Mon Jun 28 17:01:36 2004 => ***** Checking for specific ITW Viruses ***** Mon Jun 28 17:01:36 2004 => Checking for Welchia Virus... Mon Jun 28 17:01:36 2004 => Checking for LovGate Virus... Mon Jun 28 17:01:36 2004 => Checking for CodeRed Virus... Mon Jun 28 17:01:36 2004 => Checking for OpaServ Virus... Mon Jun 28 17:01:36 2004 => Checking for Sobig.e Virus... Mon Jun 28 17:01:37 2004 => Checking for Winupie Virus... Mon Jun 28 17:01:37 2004 => Checking for Swen Virus... Mon Jun 28 17:01:37 2004 => Checking for JS.Fortnight Virus... Mon Jun 28 17:01:37 2004 => Checking for Novarg Virus... Mon Jun 28 17:01:37 2004 => ***** Scanning complete. ***** Mon Jun 28 17:01:37 2004 => Total Number of Files Scanned: 246 Mon Jun 28 17:01:37 2004 => Total Number of Virus(es) Found: 0 Mon Jun 28 17:01:37 2004 => Total Number of Disinfected Files: 0 Mon Jun 28 17:01:37 2004 => Total Number of Files Renamed: 0 Mon Jun 28 17:01:37 2004 => Total Number of Deleted Files: 0 Mon Jun 28 17:01:37 2004 => Total Number of Errors: 0 Mon Jun 28 17:01:37 2004 => Time Elapsed: 00:00:09 Mon Jun 28 17:01:38 2004 => Virus Database Date: 2004/06/20 Mon Jun 28 17:01:38 2004 => Virus Database Count: 95240 Mon Jun 28 17:01:38 2004 => Scan Completed. Logfile of HijackThis v1.97.7 Scan saved at 17:04:11, on 28.06.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Dokumente und Einstellungen\Henning\Desktop\Anti Spy\HijackThis.exe C:\Programme\Microsoft Office\Office\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\Henning\LOKALE~1\Temp\mwavscan.com" /s O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present |
|
| Themen zu Hilfe habe einen Hijacker von ner ganz üblen Sorte |
| antivirus, bho, bla, dateien, explorer, folge, format, hijacker, icq, immer wieder, internet, internet explorer, kommt immer wieder, meinem, microsoft, monitor, nvcpl.dll, obfuscated, rundll, rundll32.exe, seite, services, software, spybot, startseite, suche, symantec, system, system32, tcpip, windows |
Linear-Darstellung
