Problem (Startseite ändert sich von selbst, Pop-Ups)

#136 also ich habs jetzt kopiert ich weiss net ob das das richtige ist
These are the Current Active Services:

IPV6-HILFSDIENST: 6to4
C:\WINDOWS\system32\svchost.exe -k netsvcs

WINDOWS AUDIO: AudioSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

COMPUTERBROWSER: Browser
C:\WINDOWS\System32\svchost.exe -k netsvcs

KRYPTOGRAFIEDIENSTE: CryptSvc
C:\WINDOWS\system32\svchost.exe -k netsvcs

DHCP-CLIENT: Dhcp
C:\WINDOWS\System32\svchost.exe -k netsvcs

COM+-EREIGNISSYSTEM: EventSystem
C:\WINDOWS\System32\svchost.exe -k netsvcs

KOMPATIBILITÄT FÜR SCHNELLE BENUTZERUMSCHALTUNG: FastUserSwitchingCompatibility
C:\WINDOWS\System32\svchost.exe -k netsvcs

HILFE UND SUPPORT: helpsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

HID INPUT SERVICE: HidServ
C:\WINDOWS\System32\svchost.exe -k netsvcs

RIP-ÜBERWACHUNG: Iprip
C:\WINDOWS\System32\svchost.exe -k netsvcs

SERVER: lanmanserver
C:\WINDOWS\System32\svchost.exe -k netsvcs

ARBEITSSTATIONSDIENST: lanmanworkstation
C:\WINDOWS\System32\svchost.exe -k netsvcs

NETZWERKVERBINDUNGEN: Netman
C:\WINDOWS\System32\svchost.exe -k netsvcs

NLA (NETWORK LOCATION AWARENESS): Nla
C:\WINDOWS\System32\svchost.exe -k netsvcs

VERWALTUNG FÜR AUTOMATISCHE RAS-VERBINDUNG: RasAuto
C:\WINDOWS\System32\svchost.exe -k netsvcs

RAS-VERBINDUNGSVERWALTUNG: RasMan
C:\WINDOWS\System32\svchost.exe -k netsvcs

ROUTING UND RAS: RemoteAccess
C:\WINDOWS\System32\svchost.exe -k netsvcs

TASKPLANER: Schedule
C:\WINDOWS\System32\svchost.exe -k netsvcs

SEKUNDÄRE ANMELDUNG: seclogon
C:\WINDOWS\System32\svchost.exe -k netsvcs

SYSTEMEREIGNISBENACHRICHTIGUNG: SENS
C:\WINDOWS\system32\svchost.exe -k netsvcs

WINDOWS-FIREWALL/GEMEINSAME NUTZUNG DER INTERNETVERBINDUNG: SharedAccess
C:\WINDOWS\System32\svchost.exe -k netsvcs

SHELLHARDWAREERKENNUNG: ShellHWDetection
C:\WINDOWS\System32\svchost.exe -k netsvcs

SYSTEMWIEDERHERSTELLUNGSDIENST: srservice
C:\WINDOWS\System32\svchost.exe -k netsvcs

TELEFONIE: TapiSrv
C:\WINDOWS\System32\svchost.exe -k netsvcs

DESIGNS: Themes
C:\WINDOWS\System32\svchost.exe -k netsvcs

ÜBERWACHUNG VERTEILTER VERKNÜPFUNGEN (CLIENT): TrkWks
C:\WINDOWS\system32\svchost.exe -k netsvcs

WINDOWS-VERWALTUNGSINSTRUMENTATION: winmgmt
C:\WINDOWS\system32\svchost.exe -k netsvcs

SICHERHEITSCENTER: wscsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs

AUTOMATISCHE UPDATES: wuauserv
C:\WINDOWS\system32\svchost.exe -k netsvcs

KONFIGURATIONSFREIE DRAHTLOSE VERBINDUNG: WZCSVC
C:\WINDOWS\System32\svchost.exe -k netsvcs

GATEWAYDIENST AUF ANWENDUNGSEBENE: ALG
C:\WINDOWS\System32\alg.exe

DCOM-SERVER-PROZESSSTART: DcomLaunch
C:\WINDOWS\system32\svchost -k DcomLaunch

TERMINALDIENSTE: TermService
C:\WINDOWS\System32\svchost -k DComLaunch

DNS-CLIENT: Dnscache
C:\WINDOWS\System32\svchost.exe -k NetworkService

EREIGNISPROTOKOLL: Eventlog
C:\WINDOWS\system32\services.exe

PLUG & PLAY: PlugPlay
C:\WINDOWS\system32\services.exe

ETRUST ANTIVIRUS RPC SERVER: InoRPC
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe"

ETRUST ANTIVIRUS REALTIME SERVER: InoRT
"C:\Programme\CA\eTrust Antivirus\InoRT.exe"

ETRUST ANTIVIRUS JOB SERVER: InoTask
"C:\Programme\CA\eTrust Antivirus\InoTask.exe"

TCP/IP-NETBIOS-HILFSPROGRAMM: LmHosts
C:\WINDOWS\System32\svchost.exe -k LocalService

SSDP-SUCHDIENST: SSDPSRV
C:\WINDOWS\System32\svchost.exe -k LocalService

WEBCLIENT: WebClient
C:\WINDOWS\System32\svchost.exe -k LocalService

EREIGNISPROTOKOLL-ÜBERWACHUNG: LogWatch
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe

MACHINE DEBUG MANAGER: MDM
"C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"

IPSEC-DIENSTE: PolicyAgent
C:\WINDOWS\System32\lsass.exe

GESCHÜTZTER SPEICHER: ProtectedStorage
C:\WINDOWS\system32\lsass.exe

SICHERHEITSKONTENVERWALTUNG: SamSs
C:\WINDOWS\system32\lsass.exe

REMOTEPROZEDURAUFRUF (RPC): RpcSs
C:\WINDOWS\system32\svchost -k rpcss

QOS-RSVP: RSVP
C:\WINDOWS\System32\rsvp.exe

SMARTCARD: SCardSvr
C:\WINDOWS\System32\SCardSvr.exe

EINFACHE TCP/IP-DIENSTE: SimpTcp
C:\WINDOWS\System32\tcpsvcs.exe

SNMP-DIENST: SNMP
C:\WINDOWS\System32\snmp.exe

DRUCKWARTESCHLANGE: Spooler
C:\WINDOWS\system32\spoolsv.exe

WINDOWS USER MODE DRIVER FRAMEWORK: UMWdf
C:\WINDOWS\system32\wdfmgr.exe

#137 Hallo@NoYz

Deaktivieren Wiederherstellung
«XP
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924

Um die Diensteverwaltung explizit aufzurufen, geben Sie unter Start > Ausführen den Befehl services.msc ein.

So wird der Dienst deaktiviert:
Start-> Einstellungen-> Systemsteuerung-> Verwaltung-> Computerverwaltung und dann den Eintrag Dienste auswählen. Nun werden alle laufenden Dienste angezeigt. Hier den Punkt "ZESOFT" aussuchen. Wenn unter Status "gestartet" steht, mit der rechten Maustaste anklicken und die Option "Eigenschaften" auswählen. Nicht "Den Dienst beenden" auswählen, denn dann wird der ZESOFT beim nächsten Systemstart erneut ausgeführt.

Als Starttyp "deaktiviert" auswählen und den Dienststatus mit "Beenden" schliessen. Jetzt noch "Übernehmen" anklicken. Der.ZESOFT läuft nicht mehr im Hintergrund und wird auch nicht mehr bei einem Neustart ausgeführt.

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwantsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - C:\Programme\ClearSearch\CSIE.DLL
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\Programme\MediaLoads Enhanced\ME2.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem300.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\Downloaded Program Files\bridge.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\Programme\Bargain Buddy\bin2\apuc.dll (file missing)
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [updater] C:\Programme\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [efsomxnu] C:\WINDOWS\system32\vmmymutl.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/trad3rp.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c388.cab
O16 - DPF: {35F59C80-C1F2-4EEA-9981-686C7D5A9277} (VacPro.emsat_ver3) - http://www.advnt01.com/dialer/emsat_ver3.CAB
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/mp3.ocx
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.stardialer.de/StarInstall.ocx
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab

PC neustarten

-->Löschen/mit der Killbox:
http://www.bleepingcomputer.com/files/killbox.php
geh auf Delete File on Reboot und klick auf das rote Kreuz,
wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\Downloaded Program Files\rundlg32.dll
C:\Programme\ClearSearch\CSIE.DLL
C:\WINDOWS\bi.dll
C:\WINDOWS\System32\ATPART~1.DLL
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
C:\Programme\MediaLoads Enhanced\ME2.DLL
C:\WINDOWS\wsem300.dll
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\Programme\Web_Rebates\WebRebates0.exe
C:\Programme\Bargain Buddy\bin2\apuc.dll
c:\temp\msbb.exe
C:\Programme\Common files\updater\wupdater.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\zeta.exe
C:\WINDOWS\system32\vmmymutl.exe
C:\Programme\BullsEye Network\bin\bargains.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe

PC neustarten -->gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml
(F8 druecken,wenn der PC hochfaehrt den abgesicherten Modus waehlen, sich als Administrator anmelden)

#Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"

Loesche:
C:\Programme\Common files\
C:\Programme\BullsEye Network
C:\Program Files\Windows ControlAd
C:\Programme\Bargain Buddy
C:\Programme\MediaLoads Enhanced
C:\Programme\ClearSearch
C:\Programme\Web_Rebates

Loesche alles,was du nicht zuordnen kannstdort sind drei oder vier Dialer)
C:\WINDOWS\Downloaded Program Files\

Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k

gehe wieder in den Normalmodus und lade:
#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1

dann arbeite das bitte ab:
#eScan-Erkennungstool
http://www.rokop-security.de/board/index.php?showtopic=3867

Wenn man infizierte Dateien in dem "eScan- Log" finden will, sollte
man nach infected suchen und die Einträge hier posten, bzw
die Dateien im abgesicherten Modus loeschen

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein
und poste das neue Log noch einmal.
__________
MfG Sabina

rund um die PC-Sicherheit

#138 hi ich bin grad ma bei dem schritt mit dem ad ware prog und das programm hat über 500 critical objects gefunden soll ich die alle löschen oder nur bestimmte dateien?
es sind ziemlich viele und ich weiss net ob ich misc,data miner oder malware löschen soll pls help,)

#139 alles in Quarantaene verschieben und wenn dann noch alles funktioniert---> loeschen
__________
MfG Sabina

rund um die PC-Sicherheit

#140 hi sabina alles in ordnung habs geschekt danke alles geht wieder VIELEN DANK!!! hier ist meine neue log:
Logfile of HijackThis v1.99.0
Scan saved at 19:51:15, on 19.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\CA\eTrust Antivirus\Realmon.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis199[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Echzeitüberwachung.lnk = C:\Programme\CA\eTrust Antivirus\Realmon.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: PowerCinema Service.lnk = C:\Programme\Home Cinema\PowerCinema\PCMService.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {95E5A0FC-6CFB-4EB6-B649-7A9AA877A7A9} (Pcksloader Control) - http://www.pckindersicherung.de/pcks/pcks.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AC96CE7-F972-4DF6-BF51-D31EA5E0C76B}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE60CE46-C8A7-4F46-9B82-19496EE1E875}: NameServer = 195.50.140.250 145.253.2.203
O23 - Service: CA-Lizenz-Client - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\system32\angelex.exe (file missing)
O23 - Service: Ereignisprotokoll-Überwachung - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: X10 Device Network Service - Unknown - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)

#141 Hallo@NoYz

Fixe:
R3 - Default URLSearchHook is missing
neustarten

#Trend-Micro (Online)
http://de.trendmicro-europe.com/enterprise/products/housecall_pre.php

dann arbeite das bitte ab:
#eScan-Erkennungstool
http://www.rokop-security.de/board/index.php?showtopic=3867

Wenn man infizierte Dateien in dem "eScan- Log" finden will, sollte
man nach infected suchen und die Einträge hier posten

#Alternativbrowser zum IE
Firefox
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html
__________
MfG Sabina

rund um die PC-Sicherheit

#142 thx sabina hab alles gemacht!

#143 und ?????''Wurde noch was gefunden ?
__________
MfG Sabina

rund um die PC-Sicherheit

#144 nö danke alles wieder ok

#145 Hallo, ich habe auch das Problem mit der Startseite.

Kann mir da jemand helfen?

Habe schon einige Sachen, wie in der vorangegangenen Beiträgen beschrieben, gemacht. Weiß aber nicht, ob jetzt alles in Ordung ist...


Logfile of HijackThis v1.99.0
Scan saved at 12:13:51, on 29.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\program files\altnet\points manager\points manager.exe
C:\Programme\Messenger\msmsgs.exe
D:\FinePixViewer\QuickDCF.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Teledat\WCOM\SYSTEM\RVSCC.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\TELEDAT\WCOM\SYSTEM\CCUI.EXE
C:\Programme\Teledat\WCOM\SYSTEM\RVSRmd.exe
C:\Programme\Teledat\WCOM\SYSTEM\CCSRV.EXE
C:\PROGRA~1\Teledat\WCOM\SYSTEM\ADBSERV.EXE
C:\Programme\Teledat\WCOM\SYSTEM\CCSRV.EXE
C:\Programme\Internet Explorer\iexplore.exe
D:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=107312
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
F1 - win.ini: run= C:\WESTWOOD\ALARM\INSTICON.EXE
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programme\ISTbar\istbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CommCenter] "C:\Programme\Teledat\WCOM\SYSTEM\ccui.exe"
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: AOL 7.0 - {FC38ED9F-BCF8-4E1D-AAE6-D4C40A94A8EF} - C:\Programme\AOL 7.0\aol.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=41175144d329ec2fa8acf696
f1d2dda5cce112aae5247202f9b0e81cbaae21a36d33a6636d10c66c83e7e59fae96fc
7bb98f2f:a3d46d85250213fcc0de3673ae9ac4b9
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netvenda.com/sites/games-intl/de/games4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56CAC6FF-7D0C-499C-863A-4FB1682647AE}: NameServer = 217.237.150.33 217.237.151.161
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: RVS CommCenter - Unknown - C:\Programme\Teledat\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - RVS Datentechnik GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer - RVS Datentechnik GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#146 Hallo@Marc XX

Deaktivieren Wiederherstellung
«XP
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924

Start<Ausfuehren schreibe rein: cmd
kopiere rein:

regsvr32 /u xplugin.dll
klicke: enter

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=107312

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
F1 - win.ini: run= C:\WESTWOOD\ALARM\INSTICON.EXE
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programme\ISTbar\istbar.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=41175144d329ec2fa8acf696
f1d2dda5cce112aae5247202f9b0e81cbaae21a36d33a6636d10c66c83e7e59fae96fc
7bb98f2f:a3d46d85250213fcc0de3673ae9ac4b9
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content2.netvenda.com/sites/games-intl/de/games4.cab
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll

PC neustarten

KillBox
http://www.bleepingcomputer.com/files/killbox.php
http://download.broadbandmedic.com/
geh auf
<Delete File on Reboot
<Unregister .dll before deleting.”
und klick auf das rote Kreuz,
wenn gefragt wird, ob reboot-> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\System32\xplugin.dll
C:\Programme\NaviSearch\bin\nls.exe
C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
C:\Programme\ISTsvc\istsvc.exe
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\System32\apuc.dll
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\msbe.dll

PC neustarten

Lade:mwav.exe
http://bilder.informationsarchiv.net/Nikitas_Tools/
bevor du das laedst, lege den ordner c:\bases an, dann lade mwav.exe und oeffne den eScan
mache ein update, indem du die datei kavupd.exe(in c:\bases ) startest (DOS-Modus)

gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml

#C:\Windows\Downloaded Programm Files\ -->löschen (ALLE)

Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k

Loesche:/deinstalliere
C:\Programme\ISTsvc\ <-- kompletten Ordner loeschen
C:\Programme\NaviSearch\ <-- kompletten Ordner loeschen
C:\Programme\Common files\SearchUpgrader\ <-- kompletten Ordner loeschen
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe <-- kompletten Ordner loeschen
C:\Programme\MyWay\myBar\ <-- kompletten Ordner loeschen
C:\program files\altnet\points manager\points manager.exe <-- kompletten Ordner loeschen
C:\PROGRA~1\PERFEC~1\ <-- kompletten Ordner loeschen

und den Scanner mit der "mwav.exe" starten. Alle Häkchen setzen :
Auswählen: "all files", Memory, Startup-Folders, Registry, System Folders,
Services, Drive/All Local drives, Folder [C:\WINDOWS], Include SubDirectory
-->und "Scan " klicken.

gehe wieder in den Normalmodus

#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!

#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs
- Autovervollständigen-Einträge in Web-Formularen des IE (bisher
nur Win9x/ME)
- Download-Listen des Netscape/Opera

#Hoster-Tool : http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

mache bitte folgendes:
nun öffnest du mit dem editor, die mwav.txt und gehst unter bearbeiten -> suchen, hier gibst du infected ein

jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
und ganz unten steht die zusammenfassung, diese auch hier posten

zusammen mit dem neuen Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#147 Ok, vielen dank erst Mal. Ich hoffe, ich habe das alles richtig gemacht ...

Hier sin die infizierten dateien:

C:\PROGRA~2\Altnet\DOWNLO~1\asmps.dll
C:\PROGRA~1\COMMON~1\SEARCH~1\SEARCH~1.EXE
C:\PROGRA~1\GEMEIN~1\CMEII\CMEIIAPI.dll
C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe
c:\PROGRA~1\GEMEIN~1\cmeii\gappmgr.dll
c:\PROGRA~1\GEMEIN~1\cmeii\GCONTR~1.DLL
C:\PROGRA~1\GEMEIN~1\CMEII\GIocl.dll
c:\PROGRA~1\GEMEIN~1\cmeii\gdwldeng.dll
C:\PROGRA~1\GEMEIN~1\CMEII\GIOCLC~1.DLL
c:\PROGRA~1\GEMEIN~1\cmeii\gmtproxy.dll
C:\PROGRA~1\GEMEIN~1\CMEII\GObjs.dll infected
C:\PROGRA~1\GEMEIN~1\CMEII\GStore.dll infected
c:\PROGRA~1\GEMEIN~1\cmeii\GSTORE~1.DLL
C:\PROGRA~1\GEMEIN~1\CMEII\Gtools.dll
C:\PROGRA~1\GEMEIN~1\GMT\EGGCEN~1.DLL
C:\PROGRA~1\GEMEIN~1\GMT\EGIEEN~1.DLL
C:\PROGRA~1\GEMEIN~1\GMT\EGIEPR~1.DLL
C:\PROGRA~1\GEMEIN~1\GMT\EGNSEN~1.DLL
C:\PROGRA~1\GEMEIN~1\GMT\GatorRes.dll
C:\PROGRA~1\GEMEIN~1\GMT\GMT.exe
C:\Programme\ISTsvc\istsvc.exe
C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\apuc.dll
C:\WINDOWS\System32\msbe.dll
C:\Programme\ISTsvc\istsvc.exe
C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe
C:\Programme\NaviSearch\bin\nls.exe
C:\PROGRA~1\COMMON~1\SEARCH~1\SEARCH~1.EXE
C:\WINDOWS\System32\apuc.dll
C:\WINDOWS\System32\apuc.dll
C:\WINDOWS\System32\exul.exe
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\mscb.dll
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\System32\sysupd1003.exe
C:\WINDOWS\System32\xplugin.dll
C:\DOKUME~1\MARCHE~1\LOKALE~1\Temp\ADMCache\admFA.tmp
C:\DOKUME~1\MARCHE~1\LOKALE~1\Temp\msldf.exe
C:\DOKUME~1\MARCHE~1\LOKALE~1\Temp\xwxload.exe
C:\DOKUME~1\MARCHE~1\LOKALE~1\Temp\__unin__.exe C:\DOKUME~1\MARCHE~1\LOKALE~1\TEMPOR~1\Content.IE5\O789ABCV\send_car_int[1].html
C:\DOKUME~1\MARCHE~1\LOKALE~1\TEMPOR~1\Content.IE5\WKWA6C2G\send_car_int[1].html
C:\WINDOWS\System32\exdl.exe
C:\DOKUME~1\MARCHE~1\LOKALE~1\Temp\perfectnavUninstall.exe
C:\!Submit\admFA.tmp
C:\!Submit\apuc.dll
C:\!Submit\CMESys.exe
C:\!Submit\istsvc.exe
C:\!Submit\msbe.dll
C:\!Submit\mscb.dll
C:\!Submit\msldf.exe
C:\!Submit\MYBAR.DLL
C:\!Submit\nls.exe
C:\!Submit\nvms.dll
C:\!Submit\SearchUpgrader.exe
C:\!Submit\send_car_int[1].html
C:\!Submit\sysupd1003.exe
C:\!Submit\xplugin.dll
C:\!Submit\xwxload.exe
C:\!Submit\__unin__.exe
C:\Dokumente und Einstellungen\Marc Heltemes\Lokale Einstellungen\Temp\perfectnavUninstall.exe
C:\program files\Windows TaskAd\WinProject.dll
C:\program files\Windows TaskAd\WinSched.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected
C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll
C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected
C:\WINDOWS\system32\exdl.exe
C:\WINDOWS\Temp\Altnet\adm.exe
C:\WINDOWS\Temp\Altnet\adm25.dll
C:\WINDOWS\Temp\Altnet\adm4.dll
C:\WINDOWS\Temp\Altnet\admprog.dll
C:\WINDOWS\Temp\Altnet\Setup.exe
D:\Anti- Virus\backups\backup-20041229-223714-731.dll
C:\WINDOWS\system32\exdl.exe infected
C:\WINDOWS\Temp\Altnet\adm.exe
C:\WINDOWS\Temp\Altnet\adm25.dll
C:\WINDOWS\Temp\Altnet\adm4.dll
C:\WINDOWS\Temp\Altnet\admprog.dll
C:\WINDOWS\Temp\Altnet\Setup.exe

ZUSAMMENFASSUNG:

Thu Dec 30 00:07:45 2004 => ***** Scanning complete. *****

Thu Dec 30 00:07:45 2004 => Total Files Scanned: 65153
Thu Dec 30 00:07:45 2004 => Total Virus(es) Found: 54
Thu Dec 30 00:07:45 2004 => Total Disinfected Files: 0
Thu Dec 30 00:07:45 2004 => Total Files Renamed: 0
Thu Dec 30 00:07:45 2004 => Total Deleted Files: 0
Thu Dec 30 00:07:45 2004 => Total Errors: 0
Thu Dec 30 00:07:45 2004 => Time Elapsed: 00:52:21
Thu Dec 30 00:07:45 2004 => Virus Database Date: 2004/12/29
Thu Dec 30 00:07:45 2004 => Virus Database Count: 114131

Thu Dec 30 00:07:45 2004 => Scan Completed.

HIJACKTHIS:

Logfile of HijackThis v1.99.0
Scan saved at 01:08:22, on 30.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programme\Messenger\msmsgs.exe
D:\FinePixViewer\QuickDCF.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\twain_32\CIS600X\WATCH.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Teledat\WCOM\SYSTEM\RVSCC.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programme\TELEDAT\WCOM\SYSTEM\CCUI.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\Teledat\WCOM\SYSTEM\ADBSERV.EXE
C:\Programme\Teledat\WCOM\SYSTEM\RVSRmd.exe
C:\Programme\Teledat\WCOM\SYSTEM\CCSRV.EXE
C:\Programme\Teledat\WCOM\SYSTEM\CCSRV.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\notepad.exe
D:\Anti- Virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=107312
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CommCenter] "C:\Programme\Teledat\WCOM\SYSTEM\ccui.exe"
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe
O4 - Global Startup: CommCenter.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: AOL 7.0 - {FC38ED9F-BCF8-4E1D-AAE6-D4C40A94A8EF} - C:\Programme\AOL 7.0\aol.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{56CAC6FF-7D0C-499C-863A-4FB1682647AE}: NameServer = 217.237.150.33 217.237.151.161
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: RVS CommCenter - Unknown - C:\Programme\Teledat\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - RVS Datentechnik GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer - RVS Datentechnik GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#148 Hallo@Marc XX

Fixe mit dem HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=107312neustarten

PC neustarten

gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken
--------------------------------------------------------------------------------------------
poste mir bitte das Log von diesem Scann:
Please download DllCompare from here
http://www.atribune.org/downloads/DllCompare.exe
klick: Locate.com button.
wenn der Scan beendet ist
klick:Compare button
klick: und erstelle das Log--->bitte posten

#AboutBuster erstelle das Log--->bitte posten
1) Download the tool About:Buster created by Rubber Ducky. (Download here)
http://zerosrealm.com/index.php?page=dllfix
www.malwarebytes.biz/AboutBuster.zip

#Ad-aware SE Personal 1.05 Updatederstelle das Log--->bitte posten
http://fileforum.betanews.com/detail/965718306/1
__________
MfG Sabina

rund um die PC-Sicherheit

#149 Ok, vielen, vielen Dank nochmal.
Hier das erste Log:

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found "
________________________________________________

1.188 items found: 1.188 files, 0 directories.
Total of file sizes: 224.366.879 bytes 213,97 M

Administrator Account = True

--------------------End log---------------------


AboutBuster funktioniert nicht:

Run-time error `339` :
Component `MSCOMCTL.OCX`or one of its dependencies not correctly registered: a file is missing or invalid.

Hier ist das andere Log:

Ad-Aware SE Build 1.05
Logfile Created on:Freitag, 31. Dezember 2004 14:59:43
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R24 29.12.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):11 total references
AltnetBDE(TAC index:4):34 total references
BargainBuddy(TAC index:8):80 total references
BlazeFind(TAC index:5):4 total references
Claria(TAC index:7):13 total references
CoolWebSearch(TAC index:10):35 total references
Cydoor(TAC index:7):462 total references
Dialer(TAC index:5):9 total references
eUniverse(TAC index:10):15 total references
istbar.dotcomToolbar(TAC index:5):15 total references
istbar(TAC index:6):55 total references
MRU List(TAC index:0):33 total references
Other(TAC index:5):1 total references
Possible Browser Hijack attempt(TAC index:3):11 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


31.12.2004 14:59:43 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 332
ThreadCreationTime : 31.12.2004 13:32:39
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 388
ThreadCreationTime : 31.12.2004 13:32:41
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 412
ThreadCreationTime : 31.12.2004 13:32:42
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 456
ThreadCreationTime : 31.12.2004 13:32:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 468
ThreadCreationTime : 31.12.2004 13:32:42
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 31.12.2004 13:32:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 656
ThreadCreationTime : 31.12.2004 13:32:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 780
ThreadCreationTime : 31.12.2004 13:32:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 804
ThreadCreationTime : 31.12.2004 13:32:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1020
ThreadCreationTime : 31.12.2004 13:32:44
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 31.12.2004 13:32:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1176
ThreadCreationTime : 31.12.2004 13:32:44
BasePriority : Normal
FileVersion : 5.0.05
ProductVersion : 5.0.05
ProductName : Avance Sound Manager
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2002 Avance Logic, Inc.
OriginalFilename : ALSMTray.exe
Comments : Avance AC97 Audio Sound Manager

#:13 [sointgr.exe]
FilePath : C:\WINDOWS\
ProcessID : 1192
ThreadCreationTime : 31.12.2004 13:32:45
BasePriority : Normal


#:14 [type32.exe]
FilePath : C:\Programme\Microsoft IntelliType Pro\
ProcessID : 1228
ThreadCreationTime : 31.12.2004 13:32:45
BasePriority : Normal


#:15 [point32.exe]
FilePath : C:\Programme\Microsoft IntelliPoint\
ProcessID : 1236
ThreadCreationTime : 31.12.2004 13:32:45
BasePriority : Normal


#:16 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1252
ThreadCreationTime : 31.12.2004 13:32:45
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:17 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1264
ThreadCreationTime : 31.12.2004 13:32:45
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:18 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1272
ThreadCreationTime : 31.12.2004 13:32:45
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:19 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0\bin\
ProcessID : 1288
ThreadCreationTime : 31.12.2004 13:32:45
BasePriority : Normal


#:20 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 1296
ThreadCreationTime : 31.12.2004 13:32:45
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:21 [quickdcf.exe]
FilePath : D:\FinePixViewer\
ProcessID : 1404
ThreadCreationTime : 31.12.2004 13:32:46
BasePriority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2003 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe

#:22 [findfast.exe]
FilePath : C:\Programme\Microsoft Office\Office\
ProcessID : 1412
ThreadCreationTime : 31.12.2004 13:32:46
BasePriority : Normal
FileVersion : 8.0
ProductVersion : 8.0
ProductName : Microsoft® Indexerstellung
CompanyName : Microsoft Corporation
FileDescription : Microsoft Office-Indexerstellung
InternalName : FINDFAST
LegalCopyright : Copyright © Microsoft Corp. 1995-1997
OriginalFilename : FINDFAST.EXE

#:23 [osa.exe]
FilePath : C:\Programme\Microsoft Office\Office\
ProcessID : 1420
ThreadCreationTime : 31.12.2004 13:32:46
BasePriority : Normal


#:24 [watch.exe]
FilePath : C:\WINDOWS\twain_32\CIS600X\
ProcessID : 1436
ThreadCreationTime : 31.12.2004 13:32:46
BasePriority : Normal
FileVersion : 1, 2, 2, 0
ProductVersion : 1, 2, 2, 0
ProductName : Watch Dog
CompanyName : Common Group
FileDescription : Watch Dog
InternalName : Gloria
LegalCopyright : Copyright (C) 1998
OriginalFilename : WATCH.EXE

#:25 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1580
ThreadCreationTime : 31.12.2004 13:32:47
BasePriority : Normal
FileVersion : 8, 0, 0, 20
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1712
ThreadCreationTime : 31.12.2004 13:32:48
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:27 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1748
ThreadCreationTime : 31.12.2004 13:32:48
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:28 [rvsinst.exe]
FilePath : C:\Programme\Teledat\WCOM\SYSTEM\
ProcessID : 1796
ThreadCreationTime : 31.12.2004 13:32:48
BasePriority : Normal


#:29 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1868
ThreadCreationTime : 31.12.2004 13:32:49
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:30 [rvscc.exe]
FilePath : C:\Programme\Teledat\WCOM\SYSTEM\
ProcessID : 2028
ThreadCreationTime : 31.12.2004 13:32:53
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : RvsCC Module
FileDescription : RvsCC Module
InternalName : RvsCC
LegalCopyright : Copyright 2001
OriginalFilename : RvsCC.EXE

#:31 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 848
ThreadCreationTime : 31.12.2004 13:32:57
BasePriority : High


#:32 [ccui.exe]
FilePath : C:\Programme\TELEDAT\WCOM\SYSTEM\
ProcessID : 692
ThreadCreationTime : 31.12.2004 13:32:58
BasePriority : Normal
FileVersion : 3.01.6349
ProductVersion : 3.01
ProductName : RVS-COM
CompanyName : RVS Datentechnik GmbH, München
FileDescription : RVS CommCenter
InternalName : CCUI
LegalCopyright : Copyright © 1988-2001 by RVS Datentechnik GmbH, München
OriginalFilename : CCUI.EXE

#:33 [adbserv.exe]
FilePath : C:\PROGRA~1\Teledat\WCOM\SYSTEM\
ProcessID : 1576
ThreadCreationTime : 31.12.2004 13:33:02
BasePriority : Normal
FileVersion : 3.01.6349
ProductVersion : 3.01
ProductName : RVS-COM
CompanyName : RVS Datentechnik GmbH, München
FileDescription : RVS Addressbook Server
InternalName : ADBSERV
LegalCopyright : Copyright © 1988-2001 by RVS Datentechnik GmbH, München
OriginalFilename : ADBSERV.EXE

#:34 [rvsrmd.exe]
FilePath : C:\Programme\Teledat\WCOM\SYSTEM\
ProcessID : 1564
ThreadCreationTime : 31.12.2004 13:33:02
BasePriority : Normal
FileVersion : 3.01.6349
ProductVersion : 3.01
ProductName : RVS-COM
CompanyName : RVS Datentechnik GmbH, München
FileDescription : RVS Reminder
InternalName : RVSRmd
LegalCopyright : Copyright © 1988-2001 by RVS Datentechnik GmbH, München
OriginalFilename : RVSRmd.EXE

#:35 [ccsrv.exe]
FilePath : C:\Programme\Teledat\WCOM\SYSTEM\
ProcessID : 1768
ThreadCreationTime : 31.12.2004 13:33:03
BasePriority : Normal
FileVersion : 3.01.6349
ProductVersion : 3.01
ProductName : RVS-COM
CompanyName : RVS Datentechnik GmbH, München
FileDescription : RVS CommCenter Port Server
InternalName : CCSRV
LegalCopyright : Copyright © 1988-2001 by RVS Datentechnik GmbH, München
OriginalFilename : CCSRV.EXE

#:36 [ccsrv.exe]
FilePath : C:\Programme\Teledat\WCOM\SYSTEM\
ProcessID : 1856
ThreadCreationTime : 31.12.2004 13:33:05
BasePriority : Normal
FileVersion : 3.01.6349
ProductVersion : 3.01
ProductName : RVS-COM
CompanyName : RVS Datentechnik GmbH, München
FileDescription : RVS CommCenter Port Server
InternalName : CCSRV
LegalCopyright : Copyright © 1988-2001 by RVS Datentechnik GmbH, München
OriginalFilename : CCSRV.EXE

#:37 [firefox.exe]
FilePath : C:\Programme\Mozilla Firefox\
ProcessID : 2132
ThreadCreationTime : 31.12.2004 13:33:10
BasePriority : Normal


#:38 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2448
ThreadCreationTime : 31.12.2004 13:34:10
BasePriority : Normal
FileVersion : 5.4.3630.1106 (xpsp1.020828-1920)
ProductVersion : 5.4.3630.1106
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Client des automatischen Updates von Windows Update
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

#:39 [ad-aware.exe]
FilePath : D:\ANTI-V~1\AD-AWA~1\
ProcessID : 2792
ThreadCreationTime : 31.12.2004 13:56:44
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm4.adm4.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\adm25.adm25.1
Value :

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\adm.exe
Value : AppID

AltnetBDE Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe

AltnetBDE Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\altnet signing module.exe
Value : AppID

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3}

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3}

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\0

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher.1
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : cb.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : cb.urlcatcher.1
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : cb.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : cb.urlcatcher
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : apuc.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : apuc.urlcatcher.1
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : apuc.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : apuc.urlcatcher
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : MainDir

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : Binary

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : ConfigUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : ADDataUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : SoftwareUpdateQueryUrl

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : ServerPath

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : ServerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : ADDataVersion

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : ServerPort

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : UpdateQueryDuration

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : UpdateQueryFailedDuration

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : BuildNumber

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : PartnerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : PartnerID

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : UniqueKey

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : LastQueryTime

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : errorCheck

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navisearch
Value : ConfigVersion

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cashback

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cashback
Value : BuildNumber

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : BuildNumber

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wintaskadx.installer

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wintaskadx.installer
Value :

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : uets

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMI

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : LastInstall

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : PAK

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SSeq

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : SEvt

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xplugin.xfilter.1

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xplugin.xfilter.1
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xplugin.xfilter

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : xplugin.xfilter
Value :

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ee79d398-aaaf-47b1-8c9e-11f7d4c9111b}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4f7681e5-6caf-478d-9cb8-4ca593bee7fb}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4f7681e5-6caf-478d-9cb8-4ca593bee7fb}
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{4f7681e5-6caf-478d-9cb8-4ca593bee7fb}
Value : AppID

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : Last

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : Period

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : Version

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : ID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : hlid

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : slid

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : ulid

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : seln

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : upln

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : UID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : erru

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tmksoft\xplugin
Value : fid

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{ac3f36d4-f905-4fe9-a926-eb937e66f591}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\appid\{ac3f36d4-f905-4fe9-a926-eb937e66f591}
Value :

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-56604596-3479383672-3529363498-1005\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-56604596-3479383672-3529363498-1005\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-56604596-3479383672-3529363498-1005\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-56604596-3479383672-3529363498-1005\software\cydoor
Value : ConnType

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : AdwrCnt

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : D:\cff\Kazaa\kazaa.exe

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : D:\Kazaa\kazaa.exe

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-56604596-3479383672-3529363498-1005\\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-56604596-3479383672-3529363498-1005\\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-56604596-3479383672-3529363498-1005\\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-56604596-3479383672-3529363498-1005\\software\cydoor
Value : ConnType

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : ieloaderctl.ieloaderctl

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : ieloaderctl.ieloaderctl
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : ieloaderctl.ieloaderctl.1

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : Cytainment
Rootkey : HKEY_CLASSES_ROOT
Object : ieloaderctl.ieloaderctl.1
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Digital Simplex Dialer, Steve Harer, Florida
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0f4a7b40-eeee-11cf-a3a9-00a0c9034920}

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : Digital Simplex Dialer, Steve Harer, Florida
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0f4a7b40-eeee-11cf-a3a9-00a0c9034920}
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Digital Simplex Dialer, Steve Harer, Florida
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c60bc918-ddbb-0704-0b53-2c8830e9faec}

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : Digital Simplex Dialer, Steve Harer, Florida
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c60bc918-ddbb-0704-0b53-2c8830e9faec}
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : Digital Simplex Dialer, Steve Harer, Florida
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{000000aa-ddbb-0704-0b53-2c8830e9faec}

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.perfectnavbho

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.perfectnavbho
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.perfectnavbho.1

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.perfectnavbho.1
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}
Value :

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}

eUniverse Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : Install_Dir

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : EXEName

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : VersionNumber

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : cid

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : installDate

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : puid

eUniverse Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\searchupgrader
Value : LastUpdateAttempt

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer

istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer
Value :

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}

istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}
Value :

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}

istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}
Value :

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :

#150 Hallo@Marc XX

Gehe in die Registry

Start<Ausfuehren< schreib rein regedit
die Registry oeffnet sich

klicke dich durch zu folgenden Schluesseln und loesche sie auf der rechten Seite der Registry

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\clsid\
{c95fe080-8f5d-11d2-a20b-00aa003c157a}

HKEY_LOCAL_MACHINE\software\classes\
adm4.adm4

HKEY_LOCAL_MACHINE\software\classes\
adm25.adm25

HKEY_LOCAL_MACHINE\software\classes\
appid\adm.exe

HKEY_LOCAL_MACHINE\software\classes\
appid\altnet signing module.exe

HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3}

HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}

HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3}

HKEY_LOCAL_MACHINE\software\
bargains

HKEY_CLASSES_ROOT\
wintaskadx.installer

HKEY_CLASSES_ROOT
xplugin.xfilter.1

HKEY_CLASSES_ROOT
Object : typelib\{ee79d398-aaaf-47b1-8c9e-11f7d4c9111b}

HKEY_CLASSES_ROOT
Object : clsid\{4f7681e5-6caf-478d-9cb8-4ca593bee7fb}

HKEY_CLASSES_ROOT
Object : interface\{0f4a7b40-eeee-11cf-a3a9-00a0c9034920}

HKEY_LOCAL_MACHINE
Object : software\searchupgrader

HKEY_CLASSES_ROOT\
istbar.dotcomToolbar

HKEY_CLASSES_ROOT\
eUniverse

HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}

Fixe mit dem HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=107312neustarten

PC neustarten

Suche und loesche:
C:\Programme\ISTbar
C:\Programme\ISTsvc
<----- die kompletten Ordner loeschen


dann lade und scanne.
#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!

gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken

und poste das Log vom HijackThis noch einmal
--------------------------------------------------------------------------------------
Tip:
surfe nicht mehr mit dem IE
#Alternativbrowser zum IE
Firefox
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html
__________
MfG Sabina

rund um die PC-Sicherheit