---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:02:39 PM, 03/07/2005
+ Report-Checksum: 66615491
+ Date of database: 04/07/2005
+ Version of scan engine: v3.0
+ Duration: 124 min
+ Scanned Files: 43081
+ Speed: 5.77 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
D:\
+ Scan result:
No infected files found!
::Report End
---------------------------
ActiveScan Report
---------------------------
Scan finished
Scan report
No viruses have been found!
System Files Messages
Scanned Yes 87103 1
Infected - 0 0
Suspicious - 0 0
Disinfected 0 0
-----------------------------
HijackThis Log Report
-----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:08:06 PM, on 04/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ADinf32] "C:\Program Files\ADinf\APEEEKCB.EXE" "-a"
O4 - HKCU\..\Run: [AD_SCHED] "C:\Program Files\Common Files\ADT Shared\Scheduler\ADSched.exe"
O4 - HKCU\..\Run: [AD_AGENT] "C:\Program Files\ADinf\AD_AGENT.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .adp: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {64BF0FA0-FEBF-11D3-AAE7-00C04F6EA180} (LDBC Map Viewer) -
http://ldbcweb.landdata.gov.bc.ca:8001/ ... elease.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--------------------------
Ad-Aware SE Build 1.06r1
--------------------------
Logfile Created on:July 4, 2005 5:27:47 PM
Using definitions file:SE1R52 30.06.2005
References detected during the scan:
Alexa(TAC index:5):1 total references
Tracking Cookie(TAC index:3):1 total references
Ad-Aware SE Settings
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
04/07/2005 5:27:47 PM - Scan started. (Full System Scan)
Listing running processes
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 148
ThreadCreationTime : 04/07/2005 11:35:10 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 172
ThreadCreationTime : 04/07/2005 11:35:16 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 192
ThreadCreationTime : 04/07/2005 11:35:18 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 220
ThreadCreationTime : 04/07/2005 11:35:20 PM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 232
ThreadCreationTime : 04/07/2005 11:35:20 PM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 412
ThreadCreationTime : 04/07/2005 11:35:25 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 440
ThreadCreationTime : 04/07/2005 11:35:27 PM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:8 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 500
ThreadCreationTime : 04/07/2005 11:35:30 PM
BasePriority : Normal
#:9 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 520
ThreadCreationTime : 04/07/2005 11:35:30 PM
BasePriority : High
FileVersion : 4, 6, 652, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswServ.exe
#:10 [dcfssvc.exe]
FilePath : C:\WINNT\System32\DRIVERS\
ProcessID : 548
ThreadCreationTime : 04/07/2005 11:35:32 PM
BasePriority : Normal
FileVersion : 1.1.4100.0
ProductVersion : 3.2.0400.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright (C) Eastman Kodak Co. 2000-1
OriginalFilename : DcFsSvc.exe
#:11 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 564
ThreadCreationTime : 04/07/2005 11:35:32 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:12 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 588
ThreadCreationTime : 04/07/2005 11:35:34 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:13 [ptssvc.exe]
FilePath : C:\Program Files\KODAK\KODAK Picture Transfer Software\
ProcessID : 628
ThreadCreationTime : 04/07/2005 11:35:35 PM
BasePriority : Normal
FileVersion : 2.0.0300
ProductVersion : 2.0.0300
ProductName : KODAK PTS service
CompanyName : KODAK
FileDescription : ptssvc
InternalName : ptssvc
LegalCopyright : Copyright © 2001 Eastman Kodak Company
OriginalFilename : ptssvc.exe
#:14 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 696
ThreadCreationTime : 04/07/2005 11:35:35 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:15 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 672
ThreadCreationTime : 04/07/2005 11:35:36 PM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:16 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 764
ThreadCreationTime : 04/07/2005 11:35:38 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE
#:17 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 848
ThreadCreationTime : 04/07/2005 11:35:39 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright (C) Microsoft Corp. 1995-1999
#:18 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 864
ThreadCreationTime : 04/07/2005 11:35:39 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:19 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1072
ThreadCreationTime : 04/07/2005 11:37:41 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:20 [pctspk.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1396
ThreadCreationTime : 04/07/2005 11:37:45 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : pctvoice Application
FileDescription : pctvoice MFC Application
InternalName : pctvoice
LegalCopyright : Copyright (C) 2001
OriginalFilename : pctvoice.EXE
#:21 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 1404
ThreadCreationTime : 04/07/2005 11:37:45 PM
BasePriority : Normal
FileVersion : 4, 6, 652, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswDisp.exe
#:22 [ezsp_px.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1412
ThreadCreationTime : 04/07/2005 11:37:46 PM
BasePriority : Normal
#:23 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\
ProcessID : 1432
ThreadCreationTime : 04/07/2005 11:37:47 PM
BasePriority : Normal
FileVersion : 6.0.0.2003051500
ProductVersion : 6.0.0.0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
#:24 [backweb-7288971.exe]
FilePath : C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\
ProcessID : 1080
ThreadCreationTime : 04/07/2005 11:37:47 PM
BasePriority : Normal
#:25 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1460
ThreadCreationTime : 04/07/2005 11:42:55 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:26 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1116
ThreadCreationTime : 04/07/2005 11:47:02 PM
BasePriority : Normal
#:27 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 424
ThreadCreationTime : 04/07/2005 11:47:04 PM
BasePriority : Normal
Memory scan result:
New critical objects: 0
Objects found so far: 0
Started registry scan
Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1844237615-813497703-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
New critical objects: 1
Objects found so far: 1
Started deep registry scan
Deep registry scan result:
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
Tracking cookie scan result:
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files (C:)
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : guest@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\guest\Cookies\guest@mediaplex[1].txt
Disk Scan Result for C:\
New critical objects: 0
Objects found so far: 2
Deep scanning and examining files (D:)
Disk Scan Result for D:\
New critical objects: 0
Objects found so far: 2
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
Hosts file scan result:
1 entries scanned.
New critical objects:0
Objects found so far: 2
Performing conditional scans...
Conditional scan result:
New critical objects: 0
Objects found so far: 2
5:38:50 PM Scan Complete
Summary Of This Scan
Total scanning time:00:11:02.773
Objects scanned:79154
Objects identified:2
Objects ignored:0
New critical objects:2