I have a virus called svchost2.exe (or other variants on svchost.exe) that gets periodically detected and deleted by my antivirus.
It usually gets detected together with another virus :
InstallerAppllet.class (detected as : Exploit-ByteVerify)
svchost2.exe (detected as : Backdoor-CGZ)
But at the same moment that my antivirus deletes it, another variant on the name "svchost.exe" is blocked by my firewall. When I deny the access for the program, my internet connection gets disconnected. Her is my Ad-aware log :
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 18, 2005 18:27:01
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:34 %
Total physical memory:523764 kb
Available physical memory:175828 kb
Total page file size:1055744 kb
Available on page file:683536 kb
Total virtual memory:2097024 kb
Available virtual memory:2040624 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
05-18-2005 18:27:01 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 528
ThreadCreationTime : 05-18-2005 15:18:25
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 05-18-2005 15:18:28
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 05-18-2005 15:18:29
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 05-18-2005 15:18:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 05-18-2005 15:18:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 05-18-2005 15:18:30
BasePriority : Normal
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 812
ThreadCreationTime : 05-18-2005 15:18:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 05-18-2005 15:18:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 924
ThreadCreationTime : 05-18-2005 15:18:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 05-18-2005 15:18:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1032
ThreadCreationTime : 05-18-2005 15:18:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1288
ThreadCreationTime : 05-18-2005 15:18:31
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1316
ThreadCreationTime : 05-18-2005 15:18:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1324
ThreadCreationTime : 05-18-2005 15:18:31
BasePriority : Normal
FileVersion : 9.37
ProductVersion : 9.37
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:15 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 1576
ThreadCreationTime : 05-18-2005 15:18:41
BasePriority : Normal
FileVersion : 2, 1, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe
#:16 [frameworkservice.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 1612
ThreadCreationTime : 05-18-2005 15:18:41
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe
#:17 [mcshield.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1652
ThreadCreationTime : 05-18-2005 15:18:43
BasePriority : High
#:18 [naprdmgr.exe]
FilePath : C:\PROGRA~1\NETWOR~1\COMMON~1\
ProcessID : 1728
ThreadCreationTime : 05-18-2005 15:18:43
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : NAI Product Manager
InternalName : Product Manager
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : naPrdMgr.exe
#:19 [vstskmgr.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 1772
ThreadCreationTime : 05-18-2005 15:18:48
BasePriority : Normal
#:20 [mdm.exe]
FilePath : c:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1828
ThreadCreationTime : 05-18-2005 15:18:48
BasePriority : Normal
FileVersion : 7.10.2292
ProductVersion : 7.10.2292
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:21 [sr_service.exe]
FilePath : C:\Program Files\CheckPoint\SecuRemote\bin\
ProcessID : 1940
ThreadCreationTime : 05-18-2005 15:18:49
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : VPN-1 SecuRemote/SecureClient
CompanyName : Check Point Software Technologies
FileDescription : SecureClient Service
InternalName : sr_service
LegalCopyright : Copyright © 2004
OriginalFilename : sr_service.rc
#:22 [sr_watchdog.exe]
FilePath : C:\Program Files\CheckPoint\SecuRemote\bin\
ProcessID : 1960
ThreadCreationTime : 05-18-2005 15:18:49
BasePriority : Normal
FileVersion : 54,8,000,619
ProductVersion : 5.0
ProductName : desktop
CompanyName : Check Point Software Technologies
InternalName : SR_Watchdog
LegalCopyright : © 2004 Copyright Check Point Software Technologies Ltd
#:23 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1972
ThreadCreationTime : 05-18-2005 15:18:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:24 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 2008
ThreadCreationTime : 05-18-2005 15:18:50
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:25 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 196
ThreadCreationTime : 05-18-2005 15:18:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 824
ThreadCreationTime : 05-18-2005 15:18:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3432
ThreadCreationTime : 05-18-2005 16:18:58
BasePriority : Normal
#:28 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3504
ThreadCreationTime : 05-18-2005 16:19:00
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:29 [sr_gui.exe]
FilePath : C:\Program Files\CheckPoint\SecuRemote\bin\
ProcessID : 3528
ThreadCreationTime : 05-18-2005 16:19:02
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : VPN-1 SecuRemote/SecureClient
CompanyName : Check Point Software Technologies
FileDescription : SecureClient Application
InternalName : fwenc
LegalCopyright : Copyright © 2004
OriginalFilename : fwenc.rc
#:30 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3800
ThreadCreationTime : 05-18-2005 16:19:10
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:31 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 3812
ThreadCreationTime : 05-18-2005 16:19:10
BasePriority : Normal
FileVersion : 6.14.10.5120
ProductVersion : 6.14.10.5120
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:32 [hydramd.exe]
FilePath : C:\Program Files\ATI Technologies\ATI HydraVision\
ProcessID : 3820
ThreadCreationTime : 05-18-2005 16:19:11
BasePriority : Normal
FileVersion : 3.21.2108
ProductVersion : 3.21.2108
ProductName : ATI Technologies Inc. HydraVision Viewport
CompanyName : ATI Technologies Inc.
FileDescription : MultiDesk
InternalName : MultiDesk
LegalCopyright : Copyright © ATI Technologies Inc. 1985-2002
OriginalFilename : HydraMD.exe
Comments : Multiple desktop utility
#:33 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 3852
ThreadCreationTime : 05-18-2005 16:19:11
BasePriority : Normal
#:34 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 3880
ThreadCreationTime : 05-18-2005 16:19:11
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:35 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\
ProcessID : 3904
ThreadCreationTime : 05-18-2005 16:19:12
BasePriority : Normal
FileVersion : 1.0.24.0
ProductVersion : 1.0.24.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004
OriginalFilename : gnotify.exe
#:36 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_05\bin\
ProcessID : 3912
ThreadCreationTime : 05-18-2005 16:19:12
BasePriority : Normal
#:37 [shstat.exe]
FilePath : C:\Program Files\Network Associates\VirusScan\
ProcessID : 3936
ThreadCreationTime : 05-18-2005 16:19:13
BasePriority : Normal
#:38 [updaterui.exe]
FilePath : C:\Program Files\Network Associates\Common Framework\
ProcessID : 3944
ThreadCreationTime : 05-18-2005 16:19:13
BasePriority : Normal
FileVersion : 3.5.0.412
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Common User Interface
InternalName : UpdaterUI
LegalCopyright : Copyright© 2000-2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : UpdaterUI.exe
#:39 [tbmon.exe]
FilePath : C:\Program Files\Common Files\Network Associates\TalkBack\
ProcessID : 3984
ThreadCreationTime : 05-18-2005 16:19:14
BasePriority : Normal
FileVersion : 2.0.275.0
ProductVersion : 2.0.275.0
ProductName : TalkBack Monitor
CompanyName : Network Associates, Inc.
FileDescription : TalkBack Monitor
InternalName : TBMON
LegalCopyright : ©2003 Networks Associates Technology, Inc. All Rights Reserved.
LegalTrademarks : McAfee & Network Associates are registered trademarks of Network Associates and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. © 2003 Network Associates Technology, Inc. All Rights Reserved.
OriginalFilename : TBMON.EXE
#:40 [cnxdsltb.exe]
FilePath : C:\Program Files\Trust\Trust 235A USB ADSL MODEM\
ProcessID : 4016
ThreadCreationTime : 05-18-2005 16:19:14
BasePriority : Normal
FileVersion : 2.099.089.000
ProductVersion : 2.099.089.000
ProductName : Conexant AccessRunner ADSL
CompanyName : Conexant Systems Inc.
FileDescription : TaskBar Application
LegalCopyright : © 1999-2003 Conexant Systems Inc.
#:41 [lwbwheel.exe]
FilePath : C:\Program Files\Trust\250S Series\
ProcessID : 4040
ThreadCreationTime : 05-18-2005 16:19:14
BasePriority : Normal
FileVersion : 9.0.2.0
ProductVersion : 9.0.0.0
FileDescription : Mouse Control Application
LegalCopyright : Copyright 2000 By LEE,WEI-BIN.
#:42 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 448
ThreadCreationTime : 05-18-2005 16:19:15
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:43 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 1556
ThreadCreationTime : 05-18-2005 16:19:16
BasePriority : Normal
#:44 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 05-18-2005 16:19:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:45 [bttray.exe]
FilePath : C:\Program Files\WIDCOMM\Bluetooth Software\
ProcessID : 1156
ThreadCreationTime : 05-18-2005 16:19:18
BasePriority : Normal
FileVersion : 1.3.2.7
ProductVersion : 1.3.2.7
ProductName : Bluetooth Software 1.3.2.7
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright 2000-2002.
OriginalFilename : BTTray.exe
#:46 [msimn.exe]
FilePath : C:\Program Files\Outlook Express\
ProcessID : 1064
ThreadCreationTime : 05-18-2005 16:19:20
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © 2004 Microsoft Corporation. All rights reserved.
OriginalFilename : MSIMN.EXE
#:47 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 1464
ThreadCreationTime : 05-18-2005 16:19:25
BasePriority : Normal
#:48 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2620
ThreadCreationTime : 05-18-2005 16:20:45
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:49 [realevent.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2824
ThreadCreationTime : 05-18-2005 16:22:31
BasePriority : Idle
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Event Launcher
InternalName : wrapperapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realevent.exe
#:50 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3004
ThreadCreationTime : 05-18-2005 16:24:03
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mseaid.gd\glsid
eAcceleration Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mseaid.gd\glsid
Value :
eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\acceleration software international corporation
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thygan@kelkoo[3].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 05-18-2007 13:06:48
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thygan@tradedoubler[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 05-13-2025 15:39:52
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thygan@metriweb[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 05-18-2006 13:31:48
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thygan@kelkoo[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 05-18-2007 13:06:46
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 7
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 7
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
eAcceleration Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mseaid.gd
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 8
18:46:28 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:27.319
Objects scanned:143993
Objects identified:8
Objects ignored:0
New critical objects:8