StartupList report, 25.11.2004, 22:50:39
StartupList version: 1.52.2
Started from : C:\Dokumente und Einstellungen\****** *****\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Canon\MultiPASS4\MPSERVIC.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\fxredir.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\paintms.exe
C:\WINDOWS\log.exe
C:\WINDOWS\sysconfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\SpamPal\spampal.exe
C:\Dokumente und Einstellungen\****** *****\Desktop\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Dokumente und Einstellungen\****** *****\Startmenü\Programme\Autostart]
SpamPal.lnk = C:\Programme\SpamPal\spampal.exe
Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
ISDNWatch.lnk = C:\Programme\Teledat\IWatch.exe
Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SiS Tray = C:\WINDOWS\System32\sistray.EXE
SiS KHooker = C:\WINDOWS\System32\khooker.exe
SiSUSBRG = C:\WINDOWS\sisUSBrg.exe
monitr32 = C:\Programme\Canon\MultiPASS4\monitr32.exe
fxredir = C:\WINDOWS\System32\fxredir.exe
MPTBox = C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
Opware12 = C:\Programme\ScanSoft\OmniPagePro12.0\Opware12.exe
ccApp = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
QuickTime Task = C:\WINDOWS\System32\qttask.exe
dlite = dllmanager.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
dlite = dllmanager.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
dlite = dllmanager.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssstars.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\WINDOWS\nem220.dll (file missing) - {00000010-6F7D-442C-93E3-4A4827C2E4C8}
(no name) - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Programme\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Norton AntiVirus - Meinen Computer prüfen - ****** *****.job
Norton AntiVirus - Meinen Computer prüfen.job
Symantec NetDetect.job
--------------------------------------------------
Enumerating Download Program Files:
[{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WinAdCtlX.dll
CODEBASE =
http://public.windupdates.com/get_f...8bc15ef2ddf450c61f2b25b5b75615e0f8348ae2dc877
d0b70fc9051e923601f7e3f0663710745773b53:391c802b39acc695ee676fd4c28c535f
[Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ISTACT~1.DLL
CODEBASE =
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
[Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\YSBACT~1.DLL
CODEBASE =
http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38028.2485763889
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[StarInstall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\STARIN~1.OCX
CODEBASE =
http://install.power-url.de/StarInstall.ocx
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 6.595 bytes
Report generated in 0,491 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only