Hi everybody, i got a problem: At first the old version from sbsd donīt start and also next the new one 1.4. The system is up to date and windows 2000 startes normaly but not in the save mode or smething else. Allways hang on the blue screen and make a memorymirror? or something that i canīt explain in english. I post here also the SBSD log file. Becuse Mc surf from sbsd-team mean here are many trojans and so on and this posting here could be helpfull (and i hope to). Maybe somebody could tell me, what I should do next.
Greetings idan
I try to post the log file from thread sbsd canīt start.
gnnnn.... the logfile is to big!!! What would you do now?
idan
Hello.
This is the malware removal forum, to post here please follow these instructions.
Before you post a log, and who will advise you. (http://forums.spybot.info/showthread.php?t=288)
Copy and Paste the HJT log into this topic by clicking Submit Reply not start new topic. :)
Someone will then take a look at the system as soon as available.
Cheers.
Put in again, twotimes now, and what means no zero posts?
idan
That message was for our Helpers so they did not think you were already being assisted, they look for zero response posts. Now changed to [LOGS]- tashi
Logfile of HijackThis v1.99.1
Scan saved at 14:16:55, on 12.04.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\HanseNet\HANSEN~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\Mixer.exe
C:\Programme\Ahead\InCD\InCD.exe
F:\Programme\Java\jre1.5.0_06\bin\jusched.exe
F:\Programme\iTunes\iTunesHelper.exe
C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
F:\Programme\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 c:\WINNT\system\cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [UIWatcher] C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Outlook.lnk = C:\Programme\Microsoft Office\Office\OUTLOOK.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\WINNT\system32\shdocvw.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/qt505/de/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124355623000
O23 - Service: BitDefender Scan Server (bdss) - Broadcom Corporation - (no file)
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\System32\pctspk.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\HanseNet\HANSEN~1\app\pppoeservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
then now I will post the Runalyzer log for Idanian:
RunAlyzer 0.3. Copyright Đ 2000-2005 Safer Networking Limited. All rights reserved.
SBSD compatible log file. All rights reserved.
This log includes only active entries.
This log includes only unknown and bad entries.
--- Startup entries list ---
Located: File extension handler (user),
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (user),
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: File extension handler (common),
command: "%1" %*
file: "%1" %*
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Print Monitor, Samsung Network Printer Port
command: secmon.dll
file: secmon.dll
size: 307200
MD5: 6861B09928409108877F56ED0CD917FB
Located: Print Monitor, Standard TCP/IP Port
command: tcpmon.dll
file: tcpmon.dll
size: 42768
MD5: 3C3B1785609B511A65AF8EEEE2792376
Located: Print Monitor, BJ Language Monitor
command: cnbjmon.dll
file: cnbjmon.dll
size: 48400
MD5: 52F210506755B1D0463B07F0FAE83C9D
Located: Print Monitor, Local Port
command: localspl.dll
file: localspl.dll
size: 268048
MD5: DBED8CA010295B7984B4170260E2075D
Located: Print Monitor, EPSON V3 2KMonitor302
command: E_SL2302.DLL
file: E_SL2302.DLL
size: 60020
MD5: C5C0F8DBD78A57A6B4B41738B149226D
Located: Print Monitor, PJL Language Monitor
command: pjlmon.dll
file: pjlmon.dll
size: 13072
MD5: 24848E8A7A64C8B51A6E6734687FC637
Located: Print Monitor, USB Monitor
command: usbmon.dll
file: usbmon.dll
size: 11536
MD5: 308D74156D7BF2F36011013B363A4E6D
Located: Print Monitor, Windows NT Fax Monitor
command: msfaxmon.dll
file: msfaxmon.dll
size: 18704
MD5: A0C92D36B946CB1D7CA5B327047F12B3
Located: Known DLLs, oleaut32
command: oleaut32.dll
file: oleaut32.dll
size: 626960
MD5: C2161EE5F97D5C03A0B8EE6BAAD7CF45
Located: Known DLLs, olecnv32
command: olecnv32.dll
file: olecnv32.dll
size: 36624
MD5: 2B7DFA645F9F6D7829458730D27BEA20
Located: Known DLLs, olecli32
command: olecli32.dll
file: olecli32.dll
size: 69392
MD5: DF033E3AB225932C40F58A5F1CDB28CD
Located: Known DLLs, wininet
command: wininet.dll
file: wininet.dll
size: 582144
MD5: 7B1BF7F72192BF7D535ADD02F307042F
Located: Known DLLs, wldap32
command: wldap32.dll
file: wldap32.dll
size: 146704
MD5: 329815B897693148860D3556F32E5AA8
Located: Known DLLs, kernel32
command: kernel32.dll
file: kernel32.dll
size: 768272
MD5: 13D3F73340FCD5E99AA8123DF0EC5059
Located: Known DLLs, ole32
command: ole32.dll
file: ole32.dll
size: 957712
MD5: F1B9E53B1FECDAC4B206EE4E95D08568
Located: Known DLLs, lz32
command: lz32.dll
file: lz32.dll
size: 10000
MD5: D6487EB31F3B12E95A073150144CCCF0
Located: Known DLLs, user32
command: user32.dll
file: user32.dll
size: 420112
MD5: B462F0A99E442DBA27B80130989DDCF9
Located: Known DLLs, shell32
command: shell32.dll
file: shell32.dll
size: 2385168
MD5: 6DA8C183693957F4BF70F854E0F30436
Located: Known DLLs, urlmon
command: urlmon.dll
file: urlmon.dll
size: 461312
MD5: 14FF93A85B41A0CEEAB028B01252A6B1
Located: Known DLLs, url
command: url.dll
file: url.dll
size: 108544
MD5: B9A37F642D45BDA991D2058D57ED17CD
Located: Known DLLs, olethk32
command: olethk32.dll
file: olethk32.dll
size: 70928
MD5: 44A85929F2202C9813F41D443227B9CA
Located: Known DLLs, olesvr32
command: olesvr32.dll
file: olesvr32.dll
size: 22800
MD5: AEF4E84DB2ADDE0674B5B1A2D4E8FD59
Located: Known DLLs, version
command: version.dll
file: version.dll
size: 16144
MD5: 8ED618DBF18AE3EC6B2678F5E94CFF80
Located: Known DLLs, rpcrt4
command: rpcrt4.dll
file: rpcrt4.dll
size: 477968
MD5: 7FC372D600359195222C052519AABF1D
Located: Known DLLs, DllDirectory
command: %SystemRoot%\system32
file: %SystemRoot%\system32
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Known DLLs, comdlg32
command: comdlg32.dll
file: comdlg32.dll
size: 245520
MD5: 59E59B0773F63EF93BFAC7823B72E9F3
Located: Known DLLs, imagehlp
command: imagehlp.dll
file: imagehlp.dll
size: 128784
MD5: 38BFBF7E19D70E64200AEC8AFD39EAE0
Located: Known DLLs, advapi32
command: advapi32.dll
file: advapi32.dll
size: 401680
MD5: 2A9A9BE354826E8EAE0E556D51754399
Located: Known DLLs, gdi32
command: gdi32.dll
file: gdi32.dll
size: 233744
MD5: 17F8047582D8A35241A3B19F17E1E8C4
Located: Safe Boot Shell, AlternateShell
command: cmd.exe
file: cmd.exe
size: 249616
MD5: 37D3CA50DE95F7DD1724364A2E2FCF8E
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver Policy, SCRNSAVE.EXE
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Screen Saver, SCRNSAVE.EXE
where: .DEFAULT...
command: logon.scr
file: logon.scr
size: 130832
MD5: C4D6A6130824A9A0AAF96EBDA928CA0E
Located: Screen Saver, SCRNSAVE.EXE
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: User Shell Policy, Shell
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Run, run
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT Load, load
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: .DEFAULT...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-21-1417001333-507921405-1202660629-500_Classes...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (user), AutoRun
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: CP AutoRun (common), AutoRun
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Boot Execute, BootExecute
command: autocheck autochk *
file: autocheck autochk *
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: GINA, GinaDLL
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: NT System, System
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Task Manager, TaskMan
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Shell, Shell
command: Explorer.exe
file: Explorer.exe
size: 245008
MD5: 9A067872F0A9DC15E93DBEFC9E1453A7
Located: User Init, UserInit
command: C:\WINNT\system32\userinit.exe,
file: C:\WINNT\system32\userinit.exe,
size: 17680
MD5: 11A1AA9DF8C44386F72018D06F2E0E71
Located: Startup (user), Microsoft Outlook.lnk
where: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart...
command: C:\WINNT\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\outicon.exe
file: C:\WINNT\Installer\{00000407-78E1-11D2-B60F-006097C998E7}\outicon.exe
size: 104960
MD5: DA5A1242C2B4F60E1C51D7F684DB5283
Located: Startup (common), EPSON Status Monitor 3 Environment Check 2.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
file: C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
size: 113152
MD5: 65976E71A627A558842D95F8942496A4
Located: HK_CU:Run, UIWatcher
where: S-1-5-21-1417001333-507921405-1202660629-500...
command: C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
file: C:\Programme\ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
size: 585728
MD5: A22763562C9A906A02B3A0383BADF8E7
Located: HK_CU:Run, NVIEW
where: S-1-5-21-1417001333-507921405-1202660629-500...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, iTunesHelper
command: "F:\Programme\iTunes\iTunesHelper.exe"
file: F:\Programme\iTunes\iTunesHelper.exe
size: 278528
MD5: 8778072A594E1310C0B7D0A93771E8BD
Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINNT\system32\nwiz.exe
size: 372736
MD5: 97AB6A203CF69E33D35AF0ACE2C6C196
Located: HK_LM:Run, NVCLOCK
command: rundll32 nvclock.dll,fnNvclock
file: C:\WINNT\system32\nvclock.dll
size: 69632
MD5: FAC29140F37F3F3DD07D3F2A1772E073
Located: HK_LM:Run, CountrySelection
command: pctptt.exe
file: C:\WINNT\system32\pctptt.exe
size: 68096
MD5: 19A402B61982F410AFA908A5D19B17DF
Located: HK_LM:Run, SunJavaUpdateSched
command: F:\Programme\Java\jre1.5.0_06\bin\jusched.exe
file: F:\Programme\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
Located: HK_LM:Run, Cmaudio
command: RunDll32 c:\WINNT\system\cmicnfg.cpl,CMICtrlWnd
file: c:\WINNT\system\cmicnfg.cpl
size: 425984
MD5: E9FA3675AEFBBFDB91B8727499C743C2
--- Startup entries list ---
Located: CP AutoRun (common), AutoRun
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
BHOs:
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
Path: C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 23.11.2002 22:34:42
Date (last access): 04.04.2006 21:41:54
Date (last write): 16.04.2001 16:39:02
Filesize: 37808
Attributes: archive
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1
{53707962-6F74-2D53-2644-206D7942484F} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Programme\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 31.03.2006 23:41:50
Date (last access): 04.04.2006 21:41:54
Date (last write): 31.05.2005 01:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: F:\Programme\Java\jre1.5.0_06\bin\
Long name: ssv.dll
Short name:
Date (created): 10.11.2005 13:03:56
Date (last access): 04.04.2006
Date (last write): 10.11.2005 13:22:10
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5
{32683183-48a0-441b-a342-7c2a440a9478} (Media Band)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name: Media Band
CLSID name: Media Band
Path: %SystemRoot%\system32\
Long name: browseui.dll
MD5: 7E2ABB322287B7313314C136D9238C4A
Filesize: 1017856
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} (File and Folders Search ActiveX Control)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name:
CLSID name: File and Folders Search ActiveX Control
Path: C:\WINNT\system32\
Long name: SHELL32.DLL
Short name:
Date (created): 23.09.2005 13:03:10
Date (last access): 04.04.2006 21:38:24
Date (last write): 23.09.2005 13:03:10
Filesize: 2385168
Attributes: archive
MD5: 6DA8C183693957F4BF70F854E0F30436
CRC32: F5DB6F7E
Version: 5.0.3900.7071
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} (Explorer-Band)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
BHO name:
CLSID name: Explorer-Band
Path: %SystemRoot%\system32\
Long name: shdocvw.dll
MD5: BE7F5939F68580A67D63308FC2FF55E1
Filesize: 1339392
{166B1BCA-3F9C-11CF-8075-444553540000} (Macromedia Shockwave Director 9.0)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Macromedia Shockwave Director 9.0
CLSID name: Shockwave ActiveX Control
Path: C:\WINNT\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 12.11.2003 22:30:54
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.02.2003 06:02:58
Filesize: 32768
Attributes: archive
MD5: 92FA0AE21D3A08B65D291724AA7D0E43
CRC32: 7B63A9DB
Version: 8.5.1.102
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Microsoft Windows Media Player 6.4)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Microsoft Windows Media Player 6.4
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980
{283807B5-2C60-11D0-A31D-00AA00B92C03} (DirectAnimation)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: DirectAnimation
CLSID name:
Path: C:\WINNT\System32\
Long name: DANIM.DLL
Short name:
Date (created): 10.12.1999 14:00:00
Date (last access): 04.04.2006 21:42:54
Date (last write): 20.10.2005 20:08:50
Filesize: 988160
Attributes: archive
MD5: 91F45524319609780FC1CB67259F8D94
CRC32: 06DE728D
Version: 6.3.1.148
{685e3910-1f77-49b9-9434-50bcd95c51ab} (KB905495)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: KB905495
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{82ced0ff-a00d-4405-ba5f-ef4699159333} (KB896727)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: KB896727
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{ae594d5e-dd07-4e54-8252-daa5aebbd4ec} (KB905915)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: KB905915
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{D27CDB6E-AE6D-11cf-96B8-444553540000} (Macromedia Shockwave Flash)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Macromedia Shockwave Flash
CLSID name: Shockwave Flash Object
Path: C:\WINNT\system32\
Long name: Flash.ocx
Short name:
Date (created): 03.03.2005 18:25:04
Date (last access): 04.04.2006 21:42:54
Date (last write): 22.10.2004 21:49:00
Filesize: 1004760
Attributes: archive
MD5: B18356A63521D643BFA01FC1EECFD24E
CRC32: 8DF05CF5
Version: 7.0.19.0
{eddbec60-89cb-44ef-8291-0850fd28ff6a} (Q832894)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name: Q832894
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmp.dll
Short name:
Date (created): 03.08.2004 23:56:48
Date (last access): 04.04.2006 21:42:54
Date (last write): 19.12.2005 20:30:46
Filesize: 4730880
Attributes: archive
MD5: CDACF0544AFF72460F4545C63BA999A5
CRC32: BC53AFD8
Version: 9.0.0.3344
>{26923b43-4d38-484f-9b9e-de460746276c} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} (Microsoft NetShow Player)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Microsoft NetShow Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmpdxm.dll
Short name:
Date (created): 11.09.2002 16:11:40
Date (last access): 04.04.2006 21:42:54
Date (last write): 11.12.2002 18:34:40
Filesize: 225280
Attributes: archive
MD5: 7D959D56ABA264D671EEF0C5584BF80C
CRC32: 655E5F08
Version: 9.0.0.2980
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6A5110B5-E14B-4268-A065-EF89FF33C325} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{6BF52A52-394A-11d3-B153-00C04F79FAA6} (Windows Media Player)
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name: Windows Media Player
Path: C:\WINNT\system32\
Long name: wmp.dll
Short name:
Date (created): 03.08.2004 23:56:48
Date (last access): 04.04.2006 21:42:54
Date (last write): 19.12.2005 20:30:46
Filesize: 4730880
Attributes: archive
MD5: CDACF0544AFF72460F4545C63BA999A5
CRC32: BC53AFD8
Version: 9.0.0.3344
{7790769C-0471-11d2-AF11-00C04FA35D02} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{89820200-ECBD-11cf-8B85-00AA005B4340} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{89820200-ECBD-11cf-8B85-00AA005B4383} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Active Setup\Installed Components\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (Sun Java Konsole)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name: Sun Java Konsole
CLSID name: Web Browser Applet Control
Path: C:\Programme\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 03.06.2005 04:52:58
Date (last access): 04.04.2006 21:42:56
Date (last write): 03.06.2005 05:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5
{ECC5777A-6E88-BFCE-13CE-81F134789E8B} (&EasyFreeWebCam)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name: &EasyFreeWebCam
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
CmdMapping ()
location: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
CmdMapping ()
location: HKEY_USERS\S-1-5-21-1417001333-507921405-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\
BHO name:
CLSID name:
MD5: D41D8CD98F00B204E9800998ECF8427E
{B41DB860-8EE4-11D2-9906-E49FADC173CA} (WinRAR shell extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: WinRAR shell extension
CLSID name: WinRAR
Path: C:\Programme\WinRAR\
Long name: RarExt.dll
Short name:
Date (created): 27.11.2002 21:49:38
Date (last access): 04.04.2006 21:42:56
Date (last write): 10.11.2002 17:37:38
Filesize: 118784
Attributes: archive
MD5: 359EC49B44F17BE0ABE0A9047582552A
CRC32: 85AD1900
{F5D92341-0A64-11D0-9956-0000E8096023} (CD Copy Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: CD Copy Shell Extension
CLSID name: CD Copy Shell Extension
Path: C:\WINNT\system32\Shellext\
Long name: CDWshext.dll
Short name:
Date (created): 24.02.2003 10:48:50
Date (last access): 04.04.2006 21:42:56
Date (last write): 24.02.2003 10:48:50
Filesize: 100352
Attributes: archive
MD5: AB31F68BA5F055977B851023063EFCD0
CRC32: 27434D34
Version: 6.0.0.0
and the rest without services so far:
{F5D92341-0A64-11D0-9956-0000E8096023} (CD Copy Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: CD Copy Shell Extension
CLSID name: CD Copy Shell Extension
Path: C:\WINNT\system32\Shellext\
Long name: CDWshext.dll
Short name:
Date (created): 24.02.2003 10:48:50
Date (last access): 04.04.2006 21:42:56
Date (last write): 24.02.2003 10:48:50
Filesize: 100352
Attributes: archive
MD5: AB31F68BA5F055977B851023063EFCD0
CRC32: 27434D34
Version: 6.0.0.0
{F5D92342-0A64-11D0-9956-0000E8096023} (CD Wizard Shell Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: CD Wizard Shell Extension
CLSID name: CD Wizard Shell Extension
Path: C:\WINNT\system32\Shellext\
Long name: CDWshext.dll
Short name:
Date (created): 24.02.2003 10:48:50
Date (last access): 04.04.2006 21:42:56
Date (last write): 24.02.2003 10:48:50
Filesize: 100352
Attributes: archive
MD5: AB31F68BA5F055977B851023063EFCD0
CRC32: 27434D34
Version: 6.0.0.0
{F5D92344-0A64-11D0-9956-0000E8096023} (InstantWrite Shellextension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: InstantWrite Shellextension
CLSID name: InstantWrite Shellextension
Path: C:\WINNT\system32\ShellExt\
Long name: iwshex.dll
Short name:
Date (created): 21.07.2004 11:36:20
Date (last access): 04.04.2006 21:42:56
Date (last write): 21.07.2004 11:36:20
Filesize: 640000
Attributes: archive
MD5: CE3F09C449C3AE6E6D5F555B5777645D
CRC32: 9C4C39E7
Version: 4.0.0.58
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} (BitDefender Antivirus v7)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
BHO name: BitDefender Antivirus v7
CLSID name: BitDefender Antivirus v7
MD5: D41D8CD98F00B204E9800998ECF8427E
--- Browser helper object list ---
--- ActiveX list ---
{41564D57-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wmvadvd.inf
Codebase: http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
MD5: D41D8CD98F00B204E9800998ECF8427E
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: F:\Programme\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10.11.2005 13:03:56
Date (last access): 04.04.2006
Date (last write): 10.11.2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: F:\Programme\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10.11.2005 13:03:56
Date (last access): 04.04.2006
Date (last write): 10.11.2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Path: F:\Programme\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 10.11.2005 13:03:56
Date (last access): 04.04.2006
Date (last write): 10.11.2005 13:22:10
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5
LonnyRJones
2006-04-13, 00:28
Post reports from one or better yet both of these free online scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx
select all drives, scan, Try to cure/repair, if it cannot choose delete! If it cannot delete tell us the files names and locations.
here is the result from panda:
Incident Status Location
Adware:adware/bookedspace Not disinfected C:\WINNT\bs.dll
The other one scans no virus or something else, and there was no log, report or so.
Not realy helpfull, isnīt it?
idanian
LonnyRJones
2006-04-13, 14:07
Can you delete that file ?
Scan with hijackthis place a check next to these items and hit fix checked
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O23 - Service: BitDefender Scan Server (bdss) - Broadcom Corporation - (no file)
==============
Restart the PC
Have you uninstalled SpyBot without using Ashampoo UnInstaller, reboot the pc and installed again ?
Hi Lonny,
now it works. sbsd started. What it was, i only follow your instructions? I delete the spyfile, scan and fix checks like suggested and that it was. restart the pc and install sbsd again, and ... no plroblem... Thanks very much.
By the side, sbsd found nothing else. How good.
idanian
LonnyRJones
2006-04-15, 05:42
I didnt think deleting the file would solve the problem but it seam's to have helped.
Post back in a few days and let us know how that PC os acting
This topic will be archived to prevent others with similar issues posting in it.
If you need it re-opened please send me a pm and provide a link to the thread.