Seite 1 von 2 1 2 LetzteLetzte
Zeige Ergebnis 1 bis 10 von 13

Thema: Please help with my logfile.

  1. 01.08.2005 04:42 #1
    Evil_Monkey
    Gast

    Please help with my logfile.

    I greatly appreciate your guys' help and thank you in advance!

    Code:
    Logfile of HijackThis v1.99.1
Scan saved at 7:04:03 PM, on 7/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ojbbjb.exe
C:\WINDOWS\system32\apioc32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Matt\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1538 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C6B41B51-2B54-6475-0B3D-1EAE0F0D910A} - C:\WINDOWS\system32\apioc32.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\System32\
O4 - HKLM\..\Run: [7Fok3EQ] sorsockx.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104230340\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Ipwndxzz] C:\Program Files\Hnjus\Lcltpap.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ojbbjb.exe reg_run
O4 - HKLM\..\Run: [ierw.exe] C:\WINDOWS\ierw.exe
O4 - HKLM\..\Run: [f372bd155b80] C:\WINDOWS\System32\ADPTIF58.exe
O4 - HKLM\..\Run: [mscin] C:\WINDOWS\System32\m190309.EXE
O4 - HKLM\..\Run: [kme] C:\WINDOWS\System32\kme.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1056.dll,InstantAccess
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\nuiszp.exe
O4 - HKCU\..\Run: [Hfyrr] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c5.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binarie...SS_1056_XP.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} - http://www.jraun.com/activex/src/KeyActivexTest.ocx
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0035.exe
O16 - DPF: {D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9} (SearchHook Class) - http://www.halflemon.com/Halflemon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: I***Eng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  2. 01.08.2005 09:37 #2
    Ruby
    Ruby ist offline
    Supermod a.D. Benutzerbild von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.042

    AW: Please help with my logfile.

    Welcome to HijackThis.de @ Evil_Monkey

    Please post your Logfiles in vB Code!
    Note: Announcement    ....

    You have a lot of malware at your system an some unknown files which must be ananlyzed for being able to help you.

    1
    Make sure you set windows to see the hidden files and folders.

    2
    Please scan the following files

    C:\WINDOWS\System32\ojbbjb.exe
    C:\WINDOWS\system32\apioc32.exe
    C:\WINDOWS\system32\sorsockx.exe
    -> please look for E6F1873B.DLL
    C:\WINDOWS\System32\wintask.exe
    C:\Program Files\Hnjus\Lcltpap.exe
    C:\WINDOWS\ierw.exe
    C:\WINDOWS\System32\ADPTIF58.exe
    C:\WINDOWS\System32\m190309.EXE
    C:\WINDOWS\System32\kme.exe
    -> please look for EGDACCESS_1056.dl
    C:\WINDOWS\System32\nuiszp.exe
    C:\WINDOWS\System32\?hkntfs.exe
    C:\Program Files\rdso\eetu.exe

    with Virustotal and Jotti

    Please make us know all about the results of the scans by copy&paste.

    You have some worms and trojans at your system.

    -----------------------

    Load down
    RegistryProt.
    Read and follow the instructions.
    For the greatest safety, it is recommended that
    you may not do online-banking, file-sharing, mailing, messaging,
    up and downloads behalve to security sites
    until your system is of formatted or cleaned up.
    Take a look to "Security Tips" in my signature.
    -----------------------
  3. 01.08.2005 21:23 #3
    Evil_Monkey
    Evil_Monkey ist offline
    Einsteiger
    Registriert seit
    01.08.2005
    Beiträge
    7

    Re: Please help with my logfile.

    Thank you for showing me what to do, and yes, my computer is a mess...

    I'm now registered and here are the results of the files you requested from Jotti.

    Code:
    File:  ojbbjb.exe.tmp  
Status:  INFECTED/MALWARE

File:  apioc32.exe  
Status:  INFECTED/MALWARE  

File:  e6f1873b.dll  
Status:  INFECTED/MALWARE  

File:  wintask.exe  
Status:  INFECTED/MALWARE  

File:  Lcltpap.exe  
Status:  INFECTED/MALWARE  

File:  ierw.exe  
Status:  INFECTED/MALWARE  

File:  ADPTIF58.exe  
Status:  INFECTED/MALWARE 

File:  kme.exe  
Status:  INFECTED/MALWARE  

File:  nuiszp.exe  
Status:  INFECTED/MALWARE  

File:  eetu.exe  
Status:  INFECTED/MALWARE
    The results were basically all the same; they were either Trojan downloads or something else of that nature.

    I couldn't find the following files:
    sorsockx.exe
    m190309.EXE
    EGDACCESS_1056.dl
    ?hkntfs.exe
  4. 02.08.2005 01:29 #4
    Ruby
    Ruby ist offline
    Supermod a.D. Benutzerbild von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.042

    AW: Please help with my logfile.

    Hello Evil_Monkey

    Would you please be so kind to hold on the instructions and copy&paste every result to this thread? Thank you so much.

    It will then look like this:

    Code:
    This is a report processed by VirusTotal on 07/31/2005 at 23:26:06 (CET) after scanning the file "Tool_Body.exe" file. 
Antivirus	Version	Update	Result
AntiVir	6.31.1.0	07.29.2005	no virus found
AVG	718	07.28.2005	no virus found
Avira	6.31.1.0	07.29.2005	no virus found
BitDefender	7.0	07.29.2005	Trojan.Downloader.Swizzor.BO
CAT-QuickHeal	7.03	07.31.2005	no virus found
ClamAV	devel-20050725	07.31.2005	no virus found
DrWeb	4.32b	07.31.2005	no virus found
eTrust-Iris	7.1.194.0	07.30.2005	no virus found
eTrust-Vet	11.9.1.0	07.29.2005	no virus found
Fortinet	2.36.0.0	07.30.2005	W32/Swizzor.BO-tr
F-Prot	3.16c	07.31.2005	no virus found
Ikarus	0.2.59.0	07.29.2005	no virus found
Kaspersky	4.0.2.24	07.31.2005	Trojan-Downloader.Win32.Swizzor.bo
McAfee	4546	07.29.2005	no virus found
NOD32v2	1.1183	07.29.2005	no virus found
Norman	5.70.10	07.28.2005	no virus found
Panda	8.02.00	07.31.2005	Adware/Lop
Sophos	3.96.0	07.31.2005	no virus found
Sybari	7.5.1314	07.31.2005	Trojan-Downloader.Win32.Swizzor.bo
Symantec	8.0	07.31.2005	no virus found
TheHacker	5.8.2.078	07.31.2005	no virus found
VBA32	3.10.4	07.31.2005	Trojan-Downloader.Win32.Swizzor.bo
    Code:
    File:  hope_mpeg.exe  
Status:  INFECTED/MALWARE  
MD5  db3d412bc56e4402b2c8aca9d3af13de  
Packers detected:  PE_PATCH.UPC, UPC 
Scanner results  
AntiVir  Found nothing 
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found nothing 
BitDefender  Found nothing 
ClamAV  Found nothing 
Dr.Web  Found nothing 
F-Prot Antivirus  Found nothing 
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found Trojan-Downloader.Win32.Swizzor.de  
NOD32  Found probably a variant of Win32/TrojanDownloader.Swizzor (probable variant)  
Norman Virus Control  Found nothing 
UNA  Found nothing 
VBA32  Found nothing
    Geändert von Ruby (02.08.2005 um 01:32 Uhr)
  5. 02.08.2005 06:48 #5
    Evil_Monkey
    Evil_Monkey ist offline
    Einsteiger
    Registriert seit
    01.08.2005
    Beiträge
    7

    Re: Please help with my logfile.

    Oh, I'm sorry about that. This time I'll copy and paste the entire thing.

    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:13:31 (CET) after scanning the file "ojbbjb.exe.tmp" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 TR/Drop.Qoologi.N.2 
AVG 718 08.01.2005 Downloader.Generic.BHA 
Avira 6.31.1.0 08.01.2005 TR/Drop.Qoologi.N.2 
BitDefender 7.0 07.29.2005 no virus found 
CAT-QuickHeal 7.03 08.02.2005 TrojanDownloader.Qoologic.n 
ClamAV devel-20050725 07.31.2005 Trojan.Downloader.Small-687 
DrWeb 4.32b 08.01.2005 Trojan.DownLoader.3508 
eTrust-Iris 7.1.194.0 08.02.2005 no virus found 
eTrust-Vet 11.9.1.0 08.01.2005 no virus found 
Fortinet 2.36.0.0 07.30.2005 W32/Qoologic.N-dldr 
F-Prot 3.16c 08.01.2005 security risk named W32/Downloader.DXP 
Ikarus 0.2.59.0 08.01.2005 no virus found 
Kaspersky 4.0.2.24 08.02.2005 Trojan-Downloader.Win32.Qoologic.n 
McAfee 4547 08.01.2005 potentially unwanted program Adware-Qoolaid 
NOD32v2 1.1184 08.01.2005 a variant of Win32/TrojanDownloader.Qoologic 
Norman 5.70.10 08.01.2005 no virus found 
Panda 8.02.00 08.01.2005 Trj/Qoologic.G 
Sophos 3.96.0 08.02.2005 no virus found 
Sybari 7.5.1314 08.02.2005 Trojan-Downloader.Win32.Qoologic.n 
Symantec 8.0 08.01.2005 no virus found 
TheHacker 5.8.2.079 08.02.2005 no virus found 
VBA32 3.10.4 08.01.2005 Trojan-Downloader.Win32.Qoologic.n
    Code:
    File:  ojbbjb.exe.tmp  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  459af99c6b13d25bf2e1b8538847e3cb  
Packers detected:  ASPACK 
Scanner results  
AntiVir  Found TR/Drop.Qoologi.N.2  
ArcaVir  Found Trojan.Downloader.Qoologic.N  
Avast  Found Win32:Qoologic-N  
AVG Antivirus  Found Downloader.Generic.BHA  
BitDefender  Found nothing 
ClamAV  Found Trojan.Downloader.Small-687  
Dr.Web  Found Trojan.DownLoader.3508  
F-Prot Antivirus  Found W32/Downloader.DXP  
Fortinet  Found W32/Qoologic.N-dldr  
Kaspersky Anti-Virus  Found Trojan-Downloader.Win32.Qoologic.n  
NOD32  Found a variant of Win32/TrojanDownloader.Qoologic  
Norman Virus Control  Found nothing 
UNA  Found nothing 
VBA32  Found Trojan-Downloader.Win32.Qoologic.n
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:20:21 (CET) after scanning the file "apioc32.exe" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 TR/Agent.EM 
AVG 718 08.01.2005 Downloader.Agent.HU 
Avira 6.31.1.0 08.01.2005 TR/Agent.EM 
BitDefender 7.0 07.29.2005 Trojan.Agent.EM 
CAT-QuickHeal 7.03 08.02.2005 Trojan.Agent.em 
ClamAV devel-20050725 07.31.2005 Trojan.Agent-96 
DrWeb 4.32b 08.01.2005 Trojan.MulDrop.2295 
eTrust-Iris 7.1.194.0 08.02.2005 Win32/Winshow.16384!Trojan 
eTrust-Vet 11.9.1.0 08.01.2005 Win32.Winshow.CG 
Fortinet 2.36.0.0 07.30.2005 W32/Agent.EM-tr 
F-Prot 3.16c 08.01.2005 security risk named W32/Agent.PP 
Ikarus 0.2.59.0 08.01.2005 Trojan.Win32.Agent.EM 
Kaspersky 4.0.2.24 08.02.2005 Trojan.Win32.Agent.em 
McAfee 4547 08.01.2005 Spy-Agent.d 
NOD32v2 1.1184 08.01.2005 Win32/Agent.EM 
Norman 5.70.10 08.01.2005 W32/Agent.EBA 
Panda 8.02.00 08.01.2005 Adware/SearchAid 
Sophos 3.96.0 08.02.2005 Troj/Agent-DX 
Sybari 7.5.1314 08.02.2005 W32/Agent.EB 
Symantec 8.0 08.01.2005 Trojan Horse 
TheHacker 5.8.2.079 08.02.2005 Trojan/Agent.em 
VBA32 3.10.4 08.01.2005 Trojan.Win32.Agent.em
    Code:
    File:  apioc32.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  4dcd1af49b800f608269fd3a77550e84  
Packers detected:  UPX 
Scanner results  
AntiVir  Found TR/Agent.EM  
ArcaVir  Found Trojan.Agent.Em  
Avast  Found Win32:Agent-AE  
AVG Antivirus  Found Downloader.Agent.HU  
BitDefender  Found Trojan.Agent.EM  
ClamAV  Found Trojan.Agent-96  
Dr.Web  Found Trojan.MulDrop.2295  
F-Prot Antivirus  Found W32/Agent.PP  
Fortinet  Found W32/Agent.EM-tr  
Kaspersky Anti-Virus  Found Trojan.Win32.Agent.em  
NOD32  Found Win32/Agent.EM  
Norman Virus Control  Found W32/Agent.EBA  
UNA  Found Trojan.Win32.Agent  
VBA32  Found Trojan.Win32.Agent.em
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:24:03 (CET) after scanning the file "e6f1873b.dll" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 TR/Dldr.Braidupda.D 
AVG 718 08.01.2005 Downloader.Braidupdate.D 
Avira 6.31.1.0 08.01.2005 TR/Dldr.Braidupda.D 
BitDefender 7.0 07.29.2005 Trojan.Downloader.Braidupdate.D 
CAT-QuickHeal 7.03 08.02.2005 no virus found 
ClamAV devel-20050725 07.31.2005 Trojan.Downloader.Braidupdate-1 
DrWeb 4.32b 08.01.2005 no virus found 
eTrust-Iris 7.1.194.0 08.02.2005 no virus found 
eTrust-Vet 11.9.1.0 08.01.2005 no virus found 
Fortinet 2.36.0.0 07.30.2005 W32/Braidupdate.D-tr 
F-Prot 3.16c 08.01.2005 no virus found 
Ikarus 0.2.59.0 08.01.2005 no virus found 
Kaspersky 4.0.2.24 08.02.2005 Trojan-Downloader.Win32.Braidupdate.d 
McAfee 4547 08.01.2005 potentially unwanted program Adware-BrowserAid 
NOD32v2 1.1184 08.01.2005 no virus found 
Norman 5.70.10 08.01.2005 no virus found 
Panda 8.02.00 08.01.2005 Adware/BrowserAid 
Sophos 3.96.0 08.02.2005 Troj/Brdupd-A 
Sybari 7.5.1314 08.02.2005 Trojan-Downloader.Win32.Braidupdate.d 
Symantec 8.0 08.01.2005 no virus found 
TheHacker 5.8.2.079 08.02.2005 Trojan/Downloader.Braidupdate.d 
VBA32 3.10.4 08.01.2005 no virus found
    Code:
    File:  e6f1873b.dll  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  19e3d41c66ba98b64a27c878fed4fa14  
Packers detected:  - 
Scanner results  
AntiVir  Found TR/Dldr.Braidupda.D  
ArcaVir  Found Trojan.Downloader.Braidupdate.D  
Avast  Found Win32:Trojan-gen. {Other}  
AVG Antivirus  Found Downloader.Braidupdate.D  
BitDefender  Found Trojan.Downloader.Braidupdate.D  
ClamAV  Found Trojan.Downloader.Braidupdate-1  
Dr.Web  Found not a virus Adware.Startium  
F-Prot Antivirus  Found nothing 
Fortinet  Found W32/Braidupdate.D-tr  
Kaspersky Anti-Virus  Found Trojan-Downloader.Win32.Braidupdate.d  
NOD32  Found nothing 
Norman Virus Control  Found nothing 
UNA  Found TrojanDownloader.Win32.Braidupdate  
VBA32  Found nothing
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:27:27 (CET) after scanning the file "wintask.exe" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 TR/Dldr.Small.abd 
AVG 718 08.01.2005 Downloader.Small.15.BS 
Avira 6.31.1.0 08.01.2005 TR/Dldr.Small.abd 
BitDefender 7.0 07.29.2005 Trojan.Downloader.Small.ABD 
CAT-QuickHeal 7.03 08.02.2005 TrojanDownloader.Small.abd 
ClamAV devel-20050725 07.31.2005 Trojan.Downloader.Small-334 
DrWeb 4.32b 08.01.2005 Trojan.DownLoader.1895 
eTrust-Iris 7.1.194.0 08.02.2005 Win32/SillyDL.Topinst!Trojan 
eTrust-Vet 11.9.1.0 08.01.2005 Win32.SillyDl.MK 
Fortinet 2.36.0.0 07.30.2005 W32/Small.AF 
F-Prot 3.16c 08.01.2005 security risk named W32/Small.AF 
Ikarus 0.2.59.0 08.01.2005 Trojan-Downloader.Win32.Small.ABD 
Kaspersky 4.0.2.24 08.02.2005 Trojan-Downloader.Win32.Small.abd 
McAfee 4547 08.01.2005 Generic Downloader.aa 
NOD32v2 1.1184 08.01.2005 Win32/TrojanDownloader.Small.ABD 
Norman 5.70.10 08.01.2005 W32/DLoader.AJL 
Panda 8.02.00 08.01.2005 Trj/Downloader.AYV 
Sophos 3.96.0 08.02.2005 Troj/Dloader-NA 
Sybari 7.5.1314 08.02.2005 Win32/SillyDL.Topinst!Trojan 
Symantec 8.0 08.01.2005 no virus found 
TheHacker 5.8.2.079 08.02.2005 Trojan/Downloader.Small.abd 
VBA32 3.10.4 08.01.2005 Trojan-Downloader.Win32.Small.abd
    Code:
    File:  wintask.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  3f660d7a76423ad2a72e70c972767f88  
Packers detected:  PE_PATCH, MEW 
Scanner results  
AntiVir  Found TR/Dldr.Small.abd  
ArcaVir  Found Trojan.Downloader.Small.Abd.B  
Avast  Found Win32:Trojano-1096  
AVG Antivirus  Found Downloader.Small.15.BS  
BitDefender  Found Trojan.Downloader.Small.ABD  
ClamAV  Found Trojan.Downloader.Small-334  
Dr.Web  Found Trojan.DownLoader.1895  
F-Prot Antivirus  Found W32/Small.AF  
Fortinet  Found W32/Small.AF  
Kaspersky Anti-Virus  Found Trojan-Downloader.Win32.Small.abd  
NOD32  Found Win32/TrojanDownloader.Small.ABD  
Norman Virus Control  Found W32/DLoader.AJL  
UNA  Found TrojanDownloader.Win32.Small  
VBA32  Found Trojan-Downloader.Win32.Small.abd
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:31:27 (CET) after scanning the file "Lcltpap.exe" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 TR/DelProx.A 
AVG 718 08.01.2005 Small.P 
Avira 6.31.1.0 08.01.2005 TR/DelProx.A 
BitDefender 7.0 07.29.2005 Trojan.Small.CY 
CAT-QuickHeal 7.03 08.02.2005 Trojan.Small.cy 
ClamAV devel-20050725 07.31.2005 Trojan.Small-35 
DrWeb 4.32b 08.01.2005 Trojan.DownLoader.1389 
eTrust-Iris 7.1.194.0 08.02.2005 Win32/Dyfuca.B!Trojan 
eTrust-Vet 11.9.1.0 08.01.2005 Win32.Dyfuca.B 
Fortinet 2.36.0.0 07.30.2005 no virus found 
F-Prot 3.16c 08.01.2005 security risk named W32/Downloader.AAW 
Ikarus 0.2.59.0 08.01.2005 Trojan.Win32.Small.CY 
Kaspersky 4.0.2.24 08.02.2005 Trojan.Win32.Small.cy 
McAfee 4547 08.01.2005 potentially unwanted program Adware-DFC 
NOD32v2 1.1184 08.01.2005 Win32/Small.CY 
Norman 5.70.10 08.01.2005 no virus found 
Panda 8.02.00 08.01.2005 Spyware/Dyfuca 
Sophos 3.96.0 08.02.2005 no virus found 
Sybari 7.5.1314 08.02.2005 Trojan.Small.ADM 
Symantec 8.0 08.01.2005 no virus found 
TheHacker 5.8.2.079 08.02.2005 Trojan/Small.cy 
VBA32 3.10.4 08.01.2005 Trojan.Win32.Small.cy
    Code:
    File:  Lcltpap.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  8dcd4190a320a114d8d0a8ffcbbb6044  
Packers detected:  PETITE 
Scanner results  
AntiVir  Found TR/DelProx.A  
ArcaVir  Found Trojan.Small.Cy.A  
Avast  Found Win32:Trojano-1035  
AVG Antivirus  Found Small.P  
BitDefender  Found Trojan.Small.CY  
ClamAV  Found Trojan.Small-35  
Dr.Web  Found Trojan.DownLoader.1389  
F-Prot Antivirus  Found W32/Downloader.AAW  
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found Trojan.Win32.Small.cy  
NOD32  Found Win32/Small.CY  
Norman Virus Control  Found nothing 
UNA  Found Trojan.Win32.Rog  
VBA32  Found Trojan.Win32.Small.cy
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:33:30 (CET) after scanning the file "ierw.exe" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 TR/Dldr.Agent.BQ.14 
AVG 718 08.01.2005 Downloader.Agent.NJ 
Avira 6.31.1.0 08.01.2005 TR/Dldr.Agent.BQ.14 
BitDefender 7.0 07.29.2005 no virus found 
CAT-QuickHeal 7.03 08.02.2005 TrojanDownloader.Agent.bq 
ClamAV devel-20050725 07.31.2005 no virus found 
DrWeb 4.32b 08.01.2005 no virus found 
eTrust-Iris 7.1.194.0 08.02.2005 Win32/Winshow.DL!Trojan 
eTrust-Vet 11.9.1.0 08.01.2005 Win32.Winshow.DP 
Fortinet 2.36.0.0 07.30.2005 W32/Agent.BQ-dldr 
F-Prot 3.16c 08.01.2005 security risk named W32/Agent.SG@dl 
Ikarus 0.2.59.0 08.01.2005 no virus found 
Kaspersky 4.0.2.24 08.02.2005 Trojan-Downloader.Win32.Agent.bq 
McAfee 4547 08.01.2005 Generic Downloader.f 
NOD32v2 1.1184 08.01.2005 Win32/TrojanDownloader.Agent.BQ 
Norman 5.70.10 08.01.2005 no virus found 
Panda 8.02.00 08.01.2005 no virus found 
Sophos 3.96.0 08.02.2005 no virus found 
Sybari 7.5.1314 08.02.2005 Win32.Winshow.DP 
Symantec 8.0 08.01.2005 no virus found 
TheHacker 5.8.2.079 08.02.2005 Trojan/Downloader.Agent.bq 
VBA32 3.10.4 08.01.2005 Trojan.DownLoader.3312
    Code:
    File:  ierw.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  df08fdcb957d3f4b8c6f960ff5cbf355  
Packers detected:  PE-CRYPT.SUE, UPX 
Scanner results  
AntiVir  Found TR/Dldr.Agent.BQ.14  
ArcaVir  Found Trojan.Downloader.Agent.Bq  
Avast  Found nothing 
AVG Antivirus  Found Downloader.Agent.NJ  
BitDefender  Found nothing 
ClamAV  Found nothing 
Dr.Web  Found nothing 
F-Prot Antivirus  Found W32/Agent.SG@dl  
Fortinet  Found W32/Agent.BQ-dldr  
Kaspersky Anti-Virus  Found Trojan-Downloader.Win32.Agent.bq  
NOD32  Found Win32/TrojanDownloader.Agent.BQ  
Norman Virus Control  Found nothing 
UNA  Found nothing 
VBA32  Found Trojan.DownLoader.3312
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:35:35 (CET) after scanning the file "ADPTIF58.exe" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 ADSPY/URLSPy.b.8.C 
AVG 718 08.01.2005 no virus found 
Avira 6.31.1.0 08.01.2005 ADSPY/URLSPy.b.8.C 
BitDefender 7.0 07.29.2005 no virus found 
CAT-QuickHeal 7.03 08.02.2005 AdWare.UrlSpy.b (Not a Virus) 
ClamAV devel-20050725 07.31.2005 no virus found 
DrWeb 4.32b 08.01.2005 no virus found 
eTrust-Iris 7.1.194.0 08.02.2005 no virus found 
eTrust-Vet 11.9.1.0 08.01.2005 no virus found 
Fortinet 2.36.0.0 07.30.2005 suspicious 
F-Prot 3.16c 08.01.2005 no virus found 
Ikarus 0.2.59.0 08.01.2005 no virus found 
Kaspersky 4.0.2.24 08.02.2005 not-a-virus:AdWare.UrlSpy.b 
McAfee 4547 08.01.2005 no virus found 
NOD32v2 1.1184 08.01.2005 Win32/Adware.URLSpy 
Norman 5.70.10 08.01.2005 no virus found 
Panda 8.02.00 08.01.2005 Spyware/UrlSpy 
Sophos 3.96.0 08.02.2005 no virus found 
Sybari 7.5.1314 08.02.2005 no virus found 
Symantec 8.0 08.01.2005 no virus found 
TheHacker 5.8.2.079 08.02.2005 no virus found 
VBA32 3.10.4 08.01.2005 AdWare.UrlSpy.b
    Code:
    File:  ADPTIF58.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain -, results will not be stored in the database.) 
MD5  fd8de65f40c2836c3b91b75513c1047d  
Packers detected:  - 
Scanner results  
AntiVir  Found nothing 
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found nothing 
BitDefender  Found nothing 
ClamAV  Found nothing 
Dr.Web  Found not a virus Adware.Urlspy  
F-Prot Antivirus  Found nothing 
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found not-a-virus:AdWare.UrlSpy.b  
NOD32  Found Win32/Adware.URLSpy application  
Norman Virus Control  Found nothing 
UNA  Found nothing 
VBA32  Found AdWare.UrlSpy.b
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:39:36 (CET) after scanning the file "kme.exe" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 no virus found 
AVG 718 08.01.2005 no virus found 
Avira 6.31.1.0 08.01.2005 no virus found 
BitDefender 7.0 07.29.2005 no virus found 
CAT-QuickHeal 7.03 08.02.2005 (Suspicious) - DNAScan 
ClamAV devel-20050725 07.31.2005 no virus found 
DrWeb 4.32b 08.01.2005 no virus found 
eTrust-Iris 7.1.194.0 08.02.2005 no virus found 
eTrust-Vet 11.9.1.0 08.01.2005 no virus found 
Fortinet 2.36.0.0 07.30.2005 no virus found 
F-Prot 3.16c 08.01.2005 no virus found 
Ikarus 0.2.59.0 08.01.2005 no virus found 
Kaspersky 4.0.2.24 08.02.2005 Trojan-Downloader.Win32.Lastad.r 
McAfee 4547 08.01.2005 no virus found 
NOD32v2 1.1184 08.01.2005 probably unknown NewHeur_PE virus 
Norman 5.70.10 08.01.2005 no virus found 
Panda 8.02.00 08.01.2005 Adware/Ndware 
Sophos 3.96.0 08.02.2005 no virus found 
Sybari 7.5.1314 08.02.2005 Trojan-Downloader.Win32.Lastad.r 
Symantec 8.0 08.01.2005 no virus found 
TheHacker 5.8.2.079 08.02.2005 no virus found 
VBA32 3.10.4 08.01.2005 Trojan-Downloader.Win32.Lastad.r
    Code:
    File:  kme.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  8ccb7e8961905c2584641343d5301cc2  
Packers detected:  PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT 
Scanner results  
AntiVir  Found nothing 
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found nothing 
BitDefender  Found nothing 
ClamAV  Found nothing 
Dr.Web  Found nothing 
F-Prot Antivirus  Found nothing 
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found Trojan-Downloader.Win32.Lastad.r  
NOD32  Found probably unknown NewHeur_PE (probable variant)  
Norman Virus Control  Found nothing 
UNA  Found nothing 
VBA32  Found Trojan-Downloader.Win32.Lastad.r
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:42:03 (CET) after scanning the file "nuiszp.exe" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 BDS/Agent.EC 
AVG 718 08.01.2005 BackDoor.Agent.4.BL 
Avira 6.31.1.0 08.01.2005 BDS/Agent.EC 
BitDefender 7.0 07.29.2005 Backdoor.Agent.EC 
CAT-QuickHeal 7.03 08.02.2005 Backdoor.Agent.ec 
ClamAV devel-20050725 07.31.2005 Trojan.Agent-7 
DrWeb 4.32b 08.01.2005 BackDoor.Mozzy 
eTrust-Iris 7.1.194.0 08.02.2005 Win32/CLG!Backdoor 
eTrust-Vet 11.9.1.0 08.01.2005 Win32.Reckmess.A 
Fortinet 2.36.0.0 07.30.2005 W32/Bdoor.AV-tr 
F-Prot 3.16c 08.01.2005 security risk named W32/Spybot.BMS 
Ikarus 0.2.59.0 08.01.2005 Backdoor.Win32.Agent.EC 
Kaspersky 4.0.2.24 08.02.2005 Backdoor.Win32.Agent.ec 
McAfee 4547 08.01.2005 BackDoor-CLH 
NOD32v2 1.1184 08.01.2005 Win32/Agent.EC 
Norman 5.70.10 08.01.2005 W32/Agent.EH 
Panda 8.02.00 08.01.2005 Bck/PPPH.A 
Sophos 3.96.0 08.02.2005 Troj/Bdoor-AV 
Sybari 7.5.1314 08.02.2005 W32/Agent.E 
Symantec 8.0 08.01.2005 Backdoor.Jupdate 
TheHacker 5.8.2.079 08.02.2005 Backdoor/Agent.ec 
VBA32 3.10.4 08.01.2005 Backdoor.Win32.Agent.ec
    Code:
    File:  nuiszp.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)  
MD5  f0a52c219d3c31da96057768648b6821  
Packers detected:  PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT 
Scanner results  
AntiVir  Found BDS/Agent.EC  
ArcaVir  Found Trojan.Agent.Ec  
Avast  Found Win32:Trojano-834  
AVG Antivirus  Found BackDoor.Agent.4.BL  
BitDefender  Found Backdoor.Agent.EC  
ClamAV  Found Trojan.Agent-7  
Dr.Web  Found BackDoor.Mozzy  
F-Prot Antivirus  Found W32/Spybot.BMS  
Fortinet  Found W32/Bdoor.AV-tr  
Kaspersky Anti-Virus  Found Backdoor.Win32.Agent.ec  
NOD32  Found Win32/Agent.EC  
Norman Virus Control  Found W32/Agent.EH  
UNA  Found Backdoor.Agent  
VBA32  Found Backdoor.Win32.Agent.ec
    Code:
    This is a report processed by VirusTotal on 08/02/2005 at 06:45:25 (CET) after scanning the file "eetu.exe" file.
Antivirus Version Update Result 
AntiVir 6.31.1.0 08.01.2005 no virus found 
AVG 718 08.01.2005 no virus found 
Avira 6.31.1.0 08.01.2005 no virus found 
BitDefender 7.0 07.29.2005 no virus found 
CAT-QuickHeal 7.03 08.02.2005 AdWare.PurityScan.ck (Not a Virus) 
ClamAV devel-20050725 07.31.2005 no virus found 
DrWeb 4.32b 08.01.2005 no virus found 
eTrust-Iris 7.1.194.0 08.02.2005 Win32/Clspring.Variant!Trojan 
eTrust-Vet 11.9.1.0 08.01.2005 no virus found 
Fortinet 2.36.0.0 07.30.2005 suspicious 
F-Prot 3.16c 08.01.2005 no virus found 
Ikarus 0.2.59.0 08.01.2005 no virus found 
Kaspersky 4.0.2.24 08.02.2005 not-a-virus:AdWare.PurityScan.ck 
McAfee 4547 08.01.2005 no virus found 
NOD32v2 1.1184 08.01.2005 a variant of Win32/Adware.MediaTickets 
Norman 5.70.10 08.01.2005 no virus found 
Panda 8.02.00 08.01.2005 Adware/PurityScan 
Sophos 3.96.0 08.02.2005 no virus found 
Sybari 7.5.1314 08.02.2005 Win32/Clspring.Variant!Trojan 
Symantec 8.0 08.01.2005 no virus found 
TheHacker 5.8.2.079 08.02.2005 no virus found 
VBA32 3.10.4 08.01.2005 no virus found
    Code:
    File:  eetu.exe  
Status:  INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain -, results will not be stored in the database.) 
MD5  f56ed436e1c604c9ce2ce1f66e8c419c  
Packers detected:  UPX 
Scanner results  
AntiVir  Found nothing 
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found nothing 
BitDefender  Found nothing 
ClamAV  Found nothing 
Dr.Web  Found nothing 
F-Prot Antivirus  Found nothing 
Fortinet  Found nothing 
Kaspersky Anti-Virus  Found not-a-virus:AdWare.PurityScan.ck  
NOD32  Found a variant of Win32/Adware.MediaTickets application  
Norman Virus Control  Found nothing 
UNA  Found nothing 
VBA32  Found nothing
    Like last time, I couldn't locate the following files:
    C:\WINDOWS\system32\sorsockx.exe
    C:\WINDOWS\System32\m190309.EXE
    EGDACCESS_1056.dl
    C:\WINDOWS\System32\?hkntfs.exe

    I hope that's everything.
  6. 02.08.2005 07:42 #6
    Ruby
    Ruby ist offline
    Supermod a.D. Benutzerbild von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.042

    AW: Please help with my logfile.

    Hi Evil_Monkey and many thanks for this wonderful posting

    Please load these files
    C:\WINDOWS\System32\ojbbjb.exe
    C:\WINDOWS\system32\apioc32.exe
    -> please look for E6F1873B.DLL
    C:\WINDOWS\System32\wintask.exe
    C:\Program Files\Hnjus\Lcltpap.exe
    C:\WINDOWS\ierw.exe
    C:\WINDOWS\System32\ADPTIF58.exe
    C:\WINDOWS\System32\kme.exe
    C:\WINDOWS\System32\nuiszp.exe
    C:\Program Files\rdso\eetu.exe
    ->up to Upload malicious software (*).
    ->up to ST-Adware-Upload (*).

    (*) If you need a zip-tool we suggest zipgenius (It is free).

    Please make us know if you succeeded in uploading these files to both (!) the URLs. Thank you.
  7. 02.08.2005 10:18 #7
    Evil_Monkey
    Evil_Monkey ist offline
    Einsteiger
    Registriert seit
    01.08.2005
    Beiträge
    7

    Re: Please help with my logfile.

    I successfully uploaded all of those files to "Upload malicious software", and I also uploaded all of the files into "ST-Adware-Upload".

    Now what should I do?
  8. 02.08.2005 10:35 #8
    Ruby
    Ruby ist offline
    Supermod a.D. Benutzerbild von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.042

    AW: Please help with my logfile.

    Now?

    Now you will want to run HijackThis:
    -> config -> misc tools --> delete a file on reboot ->
    take these files:

    C:\WINDOWS\System32\ojbbjb.exe
    C:\WINDOWS\system32\apioc32.exe
    -> please look for E6F1873B.DLL
    C:\WINDOWS\System32\wintask.exe
    C:\Program Files\Hnjus\Lcltpap.exe
    C:\WINDOWS\ierw.exe
    C:\WINDOWS\System32\ADPTIF58.exe
    C:\WINDOWS\System32\kme.exe
    C:\WINDOWS\System32\nuiszp.exe
    C:\Program Files\rdso\eetu.exe

    answer the question if you want to reboot your system with NO as long as you have a file to put into HijackThis. As you have brought the last file into HijackThis, you will want to answer the question to reboot with YES and reboot your system.

    Run HijackThis once more -> open the Misc Tools Section -> Generate StartUplist.log, set a checkmark into both the boxes, have it save a logfile and post it please. Thanks.
  9. 03.08.2005 03:40 #9
    Evil_Monkey
    Evil_Monkey ist offline
    Einsteiger
    Registriert seit
    01.08.2005
    Beiträge
    7

    Re: Please help with my logfile.

    I had to split up the staruplist logfile into two different posts because it wouldn't allow me to post it as one big thing...So here is Part 1:
    Code:
    StartupList report, 8/2/2005, 5:47:50 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Matt\My Documents\hijackthis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\ojbbjb.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\rdso\eetu.exe
C:\PROGRA~1\COMMON~1\AOL\110423~1\EE\AOLHOS~1.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\COMMON~1\AOL\110423~1\EE\AOLServiceHost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Matt\My Documents\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Matt\Start Menu\Programs\Startup]
AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
Picture Package Menu.lnk = ?
Picture Package VCD Maker.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe
Logitech Utility = Logi_MwX.Exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Default) = C:\WINDOWS\System32\
7Fok3EQ = sorsockx.exe
LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
LogitechGalleryRepair = C:\Program Files\Logitech\Video\ISStart.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
HostManager = C:\Program Files\Common Files\AOL\1104230340\EE\AOLHostManager.exe
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
Desktop Search = C:\WINDOWS\isrvs\desktop.exe
A70F6A1D-0195-42a2-934C-D8AC0F7C08EB = rundll32.exe E6F1873B.DLL,D9EBC318C
98D0CE0C16B1 = rundll32.exe D0CE0C16B1,D0CE0C16B1
WinampAgent = "C:\Program Files\Winamp\Winampa.exe"
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
exp.exe = C:\WINDOWS\System32\exp.exe
WinTask driver = C:\WINDOWS\System32\wintask.exe
Ipwndxzz = C:\Program Files\Hnjus\Lcltpap.exe
VBouncer = C:\PROGRA~1\VBouncer\VirtualBouncer.exe
winsync = C:\WINDOWS\System32\ojbbjb.exe reg_run
ierw.exe = C:\WINDOWS\ierw.exe
f372bd155b80 = C:\WINDOWS\System32\ADPTIF58.exe
mscin = C:\WINDOWS\System32\m190309.EXE
kme = C:\WINDOWS\System32\kme.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Instant Access = rundll32.exe EGDACCESS_1056.dll,InstantAccess
JavaUpdate0.07 = C:\WINDOWS\System32\nuiszp.exe
Hfyrr = C:\WINDOWS\System32\?hkntfs.exe
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
CAS Client = "C:\Program Files\Cas\Client\casclient.exe"
Aida = C:\Program Files\rdso\eetu.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = notepad.exe %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[c5b99fd9-408a-4112-9968-cc8de3c8b1d8] *
StubPath = C:\WINDOWS\System32\obmmbmc.exe

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}] *
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",HideIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

[{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath = rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\SSSTARS.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\winne32.dll - {58D0E142-88E8-BFBD-FF8D-64516042C177}
(no name) - C:\WINDOWS\System32\zrtpo.dll - {95B8A2D1-334B-6FC4-426F-1C5343F353C7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job
RUTASK.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[NDWCab]
CODEBASE = http://www.neededware.com/ndw4.cab
OSD = C:\WINDOWS\Downloaded Program Files\CONFLICT.3\OSD1316.OSD

[{0000000A-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...367/wmavax.CAB

[{00000075-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/voxacm.CAB

[PCPitstop Utility]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://pcpitstop.com/pcpitstop/PCPitStop.CAB

[{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MediaAccX.dll
CODEBASE = http://static.windupdates.com/cab/Me.../bridge-c5.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab

[CInstall Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Install.dll
CODEBASE = http://www.errorguard.com/installation/Install.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

[{3446598E-00E4-4B5E-99A6-87ECCA8324A2}]
CODEBASE = http://akamai.downloadv3.com/binarie...SS_1056_XP.cab

[ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ActiveX.ocx
CODEBASE = http://www.icannnews.com/app/ST/ActiveX.ocx

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

[{886DDE35-E955-11D0-A707-000000521958}]
CODEBASE = http://69.56.176.78/webplugin.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

[mhLabel Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\mhLbl.dll
CODEBASE = http://pcpitstop.com/mhLbl.cab

[{A16E6189-A1DD-4696-9806-0324C145D794}]
CODEBASE = http://www.jraun.com/activex/src/KeyActivexTest.ocx

[{B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4}]
CODEBASE = http://www.alwaysupdatednews.com/install/aun_0035.exe

[Java Plug-in 1.4.2]
InProcServer32 = C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
CODEBASE = http://java.sun.com/products/plugin/...ndows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

[SearchHook Class]
InProcServer32 = C:\PROGRA~1\HALFLE~1\HALFLE~1.DLL
CODEBASE = http://www.halflemon.com/Halflemon.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://download.games.yahoo.com/game...ploader_v6.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
    Geändert von Evil_Monkey (03.08.2005 um 03:49 Uhr)
  10. 03.08.2005 03:42 #10
    Evil_Monkey
    Evil_Monkey ist offline
    Einsteiger
    Registriert seit
    01.08.2005
    Beiträge
    7

    Re: Please help with my logfile.

    Here is Part 2:
    Code:
    Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)
AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
BCM V.92 56K Modem: System32\DRIVERS\BCMSM.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
Creative DVD-Audio Device Driver: System32\drivers\ctdvda2k.sys (manual start)
Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start)
Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
Kodak Camera Proxy: System32\DRIVERS\DcCam.sys (system)
DcFpoint: System32\DRIVERS\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)
Legacy Polling Service: System32\DRIVERS\DcLps.sys (manual start)
dcptp: System32\DRIVERS\DcPTP.sys (manual start)
delprot: \SystemRoot\system32\drivers\delprot.sys (system)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\drivers\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
E-mu Plug-in Architecture Driver: System32\drivers\emupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Exportit: System32\DRIVERS\exportit.sys (system)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Creative Hardware Abstract Layer Driver: System32\drivers\ha10kx2k.sys (manual start)
Creative P16V HAL Driver: System32\drivers\hap16v2k.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
I***Eng: C:\WINDOWS\System32\angelex.exe (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
Logitech HID/USB Mouse Filter Driver: System32\DRIVERS\LHidFlt2.Sys (manual start)
Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech Mouse Class Filter Driver: System32\DRIVERS\LMouFlt2.Sys (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVENG.SYS (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVEX15.SYS (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
npkcrypt: \??\C:\Program Files\Gravity\RO\npkcrypt.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
PfModNT: \??\C:\WINDOWS\System32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Logitech QuickCam Communicate: System32\DRIVERS\LVCM.sys (manual start)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)
SAVScan: C:\Program Files\Norton AntiVirus\SAVScan.exe (manual start)
SbcpHid: \??\C:\WINDOWS\System32\Drivers\SbcpHid.sys (system)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ScsiAccess: C:\WINDOWS\System32\ScsiAccess.EXE (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
Sony Digital Imaging Video2: System32\DRIVERS\sonypvs1.sys (manual start)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
ssrtln: system32\drivers\ssrtln.sys (system)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
System Startup Service : C:\WINDOWS\svcproc.exe (autostart)
SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TIEHDUSB: system32\drivers\tiehdusb.sys (manual start)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

0aMCPClient: C:\Program Files\Common Files\stardock\MCPCore.dll
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

dmiipl = C:\WINDOWS\System32\dmiipl.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

kme = C:\WINDOWS\System32\kme.exe

--------------------------------------------------

End of report, 44,943 bytes
Report generated in 0.250 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
Seite 1 von 2 1 2 LetzteLetzte
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

     

Ähnliche Themen

  1. logfile: comp plagued by popups
    Von Unregistered im Forum Archiv
    Antworten: 11
    Letzter Beitrag: 09.07.2005, 03:26
  2. Pc is just crawling!
    Von Joe im Forum Archiv
    Antworten: 23
    Letzter Beitrag: 05.07.2005, 21:10
  3. my log file,any problem?pls help thank in advance
    Von yuckz im Forum Archiv
    Antworten: 17
    Letzter Beitrag: 03.07.2005, 13:52
  4. Hijack schließt sich
    Von Lyt im Forum Archiv
    Antworten: 16
    Letzter Beitrag: 02.06.2005, 16:40
  5. hijackthis log
    Von Unregistered im Forum Archiv
    Antworten: 40
    Letzter Beitrag: 18.04.2005, 14:13

Forumregeln

  • Es ist Ihnen nicht erlaubt, neue Themen zu verfassen.
  • Es ist Ihnen nicht erlaubt, auf Beiträge zu antworten.
  • Es ist Ihnen nicht erlaubt, Anhänge hochzuladen.
  • Es ist Ihnen nicht erlaubt, Ihre Beiträge zu bearbeiten.

Foren-Regeln