Searchweb2.com startseite / AdWare.Lop.e |
||
---|---|---|
#0
| ||
24.01.2005, 20:55
...neu hier
Beiträge: 2 |
||
|
||
25.01.2005, 00:01
Ehrenmitglied
Beiträge: 29434 |
#32
Hallo@Olli779
#Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK" #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qltrwrlcbwtl.com/VUpiWWsZccXVf9YC67upQU16tirYWPFJ__7D2H92IXIYBJEBMJvC2gOCei6_1SOX.htm O2 - BHO: (no name) - {A77E8994-659F-900C-D43B-2E5F90FD8892} - C:\DOKUME~1\Alle\ANWEND~1\GREATB~1\OBJ BIB.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [castflag] C:\DOKUME~1\Alle\ANWEND~1\INTERR~1\Nurbshimfree.exe PC neustarten #deinstalliere Messenger Plus! (der ist Schuld an der Verseuchung) und lade das nie wieder KillBox http://www.bleepingcomputer.com/files/killbox.php <Delete File on Reboot und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" kopiere in die Killbox. C:\RECYCLER\Desktop.ini C:\DOKUME~1\Alle\ANWEND~1\INTERR~1\Nurbshimfree.exe C:\DOKUME~1\Alle\ANWEND~1\GREATB~1\OBJ BIB.exe PC neustarten ueberpruefe, ob es geloescht wurde: C:\DOKUME~1\Alle\ANWEND~1\INTERR~1\Nurbshimfree.exe C:\DOKUME~1\Alle\ANWEND~1\GREATB~1\OBJ BIB.exe #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs und poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 25.01.2005 um 00:03 Uhr von Sabina editiert.
|
|
|
||
25.01.2005, 07:18
...neu hier
Beiträge: 5 |
#33
Ich hab das selbe problem bitte helft ich denke ich hab auch nochn wurm
hier ist mein logfile von hijack this danke schonam für die hilfe Logfile of HijackThis v1.99.0 Scan saved at 07:16:31, on 25.01.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Bluetooth Software\bin\by the way.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Dokumente und Einstellungen\Godstalker\Desktop\WIN\WinTK_Standard\modules\traycontrol.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Programme\D-Link\Air Utility\AirCFG.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\Programme\AVPersonal\AVGNT.EXE G:\gamez\hl2\steam.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Bluetooth Software\BTTray.exe C:\WINDOWS\System32\LVComS.exe C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\svchost.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\eMule\emule.exe C:\WINDOWS\system32\wisptis.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\Godstalker\Eigene Dateien\downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=TZPopupKiller:8100 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A7B35B64-02B1-DBFD-9993-AC95B4395EF8} - C:\DOKUME~1\GODSTA~1\ANWEND~1\MESSPL~1\Default Sixth.exe (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [wintktraycontrol] C:\Dokumente und Einstellungen\Godstalker\Desktop\WIN\WinTK_Standard\modules\traycontrol.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CloneCDTray] C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Programme\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [16 show wipe proxy] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Faceacid16show\GREY VIEW.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [gcasServ] "C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [Steam] "g:\gamez\hl2\steam.exe" -silent O4 - HKCU\..\Run: [TZ Popup Killer] C:\Programme\TZ Popup Killer\TZKiller.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\RunOnce: [gi1208754903] "C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\1J24L12B\p95v238\Resume.exe" "I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe" /resume:"C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\1J24L12B" "Bitte die erste Installationsdiskette einlegen oder Netzwerkpfad mit der Datei names I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe eingeben" "Prime95" O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095599909187 O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.lycos.de/app/uploader/FileUploader.cab O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\Bluetooth Software\bin\by the way.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe O23 - Service: Sandra Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
25.01.2005, 09:47
Ehrenmitglied
Beiträge: 29434 |
#34
Hallo@goddie
#Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=TZPopupKiller:8100 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: (no name) - {A7B35B64-02B1-DBFD-9993-AC95B4395EF8} - C:\DOKUME~1\GODSTA~1\ANWEND~1\MESSPL~1\Default Sixth.exe (file missing) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file) O4 - HKLM\..\Run: [wintktraycontrol] C:\Dokumente und Einstellungen\Godstalker\Desktop\WIN\WinTK_Standard\modules\traycontrol.exe O4 - HKLM\..\Run: [16 show wipe proxy] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Faceacid16show\GREY VIEW.exe O4 - HKCU\..\Run: [TZ Popup Killer] C:\Programme\TZ Popup Killer\TZKiller.exe O4 - HKCU\..\RunOnce: [gi1208754903] "C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\1J24L12B\p95v238\Resume.exe" "I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe" /resume:"C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\1J24L12B" "Bitte die erste Installationsdiskette einlegen oder Netzwerkpfad mit der Datei names I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe eingeben" "Prime95" PC neustarten <C:\Programme\TZ Popup Killer\<----loesche/deinstalliere <C:\DOKUME~1\Godstalker\LOKALE~1\Temp\ <----loesche alle Dateien in diesem Ordner loeschen: <C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Faceacid16show\GREY VIEW.exe <C:\Dokumente und Einstellungen\Godstalker\ANWEND~1\MESSPL~1\Default Sixth.exe <C:\Dokumente und Einstellungen\Godstalker\Desktop\WIN\WinTK_Standard\modules\traycontrol.exe <I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe Datenträgerbereinigung: und Löschen der Temporary-Dateien <Start<Ausfuehren--> reinschreiben : cleanmgr loesche nur: #Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. #Click:Temporäre Dateien, o.k #ClaerProg..lade die neuste Version <1.4.0 Final http://www.clearprog.de/downloads.php <und saeubere den Browser. Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera: - Cookies - Verlauf - Temporäre Internetfiles (Cache) - die eingetragenen URLs #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 laden--> updaten-->scannen--PC neustarten--> noch mal scannen--> poste mir das Log vom Scan #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein + poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 25.01.2005 um 09:56 Uhr von Sabina editiert.
|
|
|
||
25.01.2005, 22:37
...neu hier
Beiträge: 2 |
#35
So, nach der Prozedur und nachdem ich subjektiv nicht mehr genervt werde :
Logfile of HijackThis v1.98.0 Scan saved at 22:37:37, on 25.01.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe F:\Programme\Norton\Norton AntiVirus\navapsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe F:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe F:\Programme\AIM\aim.exe F:\Programme\Norton\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe F:\Programme\Telekom\Eumex 404PC\Capictrl.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Internet Explorer\IEXPLORE.EXE F:\Programme\Yahoo!\Messenger\YPager.exe C:\Programme\Internet Explorer\IEXPLORE.EXE H:\Virenscanner\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://F:\Programme\WinSweep\ws.js O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programme\Norton\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Assistent - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton\Norton AntiVirus\NavShExt.dll O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Programme\GMX\GMX Toolbar\toolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe O4 - HKLM\..\Run: [SfWinStartInfo] f:\programme\sfWinStartupInfo.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Programme\Norton\UrlLstCk.exe O4 - HKLM\..\Run: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [AIM] F:\Programme\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: CAPIControl.lnk = ? O4 - Global Startup: Microsoft Office.lnk = F:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SFIRM32 Automat.lnk = F:\Programme\SFAutomat.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Programme\AIM\aim.exe O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104945471597 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Assistent) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1158150-5E08-472A-A28E-0B62868E52BF}: NameServer = 213.168.112.60 194.8.194.60 |
|
|
||
25.01.2005, 23:58
Ehrenmitglied
Beiträge: 29434 |
#36
Hallo@Olli779
Das Log ist sauber. Scanne noch mit AdAware #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 nach dem scannen--> neustarten.--> dann noch mal scannen Gruss __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.01.2005, 19:35
...neu hier
Beiträge: 5 |
#37
so hier ist der log von ad-aware
Ad-Aware SE Build 1.05 Logfile Created on:Mittwoch, 26. Januar 2005 19:30:37 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R26 25.01.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):51 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 26.01.2005 19:30:37 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 1044 ThreadCreationTime : 26.01.2005 18:27:06 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1116 ThreadCreationTime : 26.01.2005 18:27:08 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 1140 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1184 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1196 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1348 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1408 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1548 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [stylexpservice.exe] FilePath : C:\Programme\TGTSoft\StyleXP\ ProcessID : 1580 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : Normal FileVersion : 0, 20, 0, 3000 ProductVersion : 0, 20, 0, 3000 ProductName : StyleXPService Module FileDescription : StyleXPService Module InternalName : StyleXPService LegalCopyright : Copyright 2001 OriginalFilename : StyleXPService.EXE #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1608 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1636 ThreadCreationTime : 26.01.2005 18:27:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [lexbces.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 416 ThreadCreationTime : 26.01.2005 18:27:10 BasePriority : Normal FileVersion : 8.16 ProductVersion : 8.16 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 440 ThreadCreationTime : 26.01.2005 18:27:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [lexpps.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 540 ThreadCreationTime : 26.01.2005 18:27:10 BasePriority : Normal FileVersion : 8.16 ProductVersion : 8.16 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LEXPPS.EXE InternalName : LEXPPS LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc. OriginalFilename : LEXPPS.EXE Comments : MarkVision for Windows '95 New P2P Server (32-bit) #:15 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 912 ThreadCreationTime : 26.01.2005 18:27:15 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:16 [avguard.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 1820 ThreadCreationTime : 26.01.2005 18:28:15 BasePriority : Normal #:17 [avwupsrv.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 1912 ThreadCreationTime : 26.01.2005 18:28:45 BasePriority : Normal #:18 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1956 ThreadCreationTime : 26.01.2005 18:28:46 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:19 [by the way.exe] FilePath : C:\Programme\Bluetooth Software\bin\ ProcessID : 2008 ThreadCreationTime : 26.01.2005 18:28:46 BasePriority : Normal FileVersion : 1.4.2 Build 10 ProductVersion : 1.4.2 Build 10 ProductName : Bluetooth Software 1.4.2 Build 10 CompanyName : WIDCOMM, Inc. FileDescription : Bluetooth Support Server InternalName : by the way LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003. OriginalFilename : by the way.EXE #:20 [mdm.exe] FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\ ProcessID : 312 ThreadCreationTime : 26.01.2005 18:28:46 BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:21 [nprotect.exe] FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\ ProcessID : 352 ThreadCreationTime : 26.01.2005 18:28:46 BasePriority : Normal FileVersion : 17.0.0.82 ProductVersion : 17.0.0.82 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation. OriginalFilename : NPROTECT.EXE #:22 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 672 ThreadCreationTime : 26.01.2005 18:28:49 BasePriority : Normal FileVersion : 6.14.10.6693 ProductVersion : 6.14.10.6693 ProductName : NVIDIA Driver Helper Service, Version 66.93 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 66.93 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:23 [nopdb.exe] FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\ ProcessID : 1228 ThreadCreationTime : 26.01.2005 18:28:49 BasePriority : Normal FileVersion : 7.00.0.24 ProductVersion : 7.00.0.24 ProductName : Norton Speed Disk CompanyName : Symantec Corporation FileDescription : NOPDB InternalName : NOPDB LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation OriginalFilename : NOPDB.dll #:24 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 876 ThreadCreationTime : 26.01.2005 18:28:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:25 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1112 ThreadCreationTime : 26.01.2005 18:28:50 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:26 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ProcessID : 856 ThreadCreationTime : 26.01.2005 18:28:50 BasePriority : Normal FileVersion : 5.1.033.000 ProductVersion : 5.1.033.000 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : vsmon.exe #:27 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2284 ThreadCreationTime : 26.01.2005 18:28:54 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:28 [cthelper.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2672 ThreadCreationTime : 26.01.2005 18:28:59 BasePriority : Normal FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : CtHelper Application CompanyName : Creative Technology Ltd FileDescription : CtHelper Application InternalName : CtHelper LegalCopyright : Copyright (C) 2002 OriginalFilename : CtHelper.EXE #:29 [realsched.exe] FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\ ProcessID : 2728 ThreadCreationTime : 26.01.2005 18:29:00 BasePriority : Normal FileVersion : 0.1.0.3034 ProductVersion : 0.1.0.3034 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:30 [clonecdtray.exe] FilePath : C:\Programme\Elaborate Bytes\CloneCD\ ProcessID : 2744 ThreadCreationTime : 26.01.2005 18:29:00 BasePriority : Normal #:31 [aircfg.exe] FilePath : C:\Programme\D-Link\Air Utility\ ProcessID : 2752 ThreadCreationTime : 26.01.2005 18:29:00 BasePriority : Normal FileVersion : 3, 1, 5, 30626 ProductVersion : 3, 1, 5, 30626 ProductName : Wireless LAN Monitor CompanyName : D-Link FileDescription : D-Link Wireless LAN Monitor InternalName : WlanMonitor LegalCopyright : Copyright 2002(C), D-Link. All Rights Reserved. LegalTrademarks : D-Link OriginalFilename : WlanMon.EXE #:32 [icqlite.exe] FilePath : C:\Programme\ICQLite\ ProcessID : 2768 ThreadCreationTime : 26.01.2005 18:29:00 BasePriority : Normal FileVersion : 555 ProductVersion : 1, 0, 0 ProductName : ICQLite CompanyName : ICQ Ltd. FileDescription : ICQLite InternalName : ICQ Lite LegalCopyright : Copyright (C) 2002 OriginalFilename : ICQLite.exe #:33 [jusched.exe] FilePath : C:\Programme\Java\j2re1.4.2_06\bin\ ProcessID : 2788 ThreadCreationTime : 26.01.2005 18:29:01 BasePriority : Normal #:34 [logitray.exe] FilePath : C:\Programme\Logitech\Video\ ProcessID : 2824 ThreadCreationTime : 26.01.2005 18:29:02 BasePriority : Normal FileVersion : 8.1.1.1100 ProductVersion : 8.1.1.1100 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : ImageStudio Tray Application InternalName : LogiTray.exe LegalCopyright : (c) 1996-2003 Logitech. All rights reserved. OriginalFilename : LogiTray.exe #:35 [zlclient.exe] FilePath : C:\Programme\Zone Labs\ZoneAlarm\ ProcessID : 2868 ThreadCreationTime : 26.01.2005 18:29:03 BasePriority : Normal FileVersion : 5.1.033.000 ProductVersion : 5.1.033.000 ProductName : Zone Labs Client CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : zlclient.exe #:36 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2928 ThreadCreationTime : 26.01.2005 18:29:04 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:37 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 2944 ThreadCreationTime : 26.01.2005 18:29:04 BasePriority : Normal FileVersion : 6.0 ProductVersion : QuickTime 6.0 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2002 OriginalFilename : QTTask.exe #:38 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2980 ThreadCreationTime : 26.01.2005 18:29:05 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:39 [gcasserv.exe] FilePath : C:\Programme\GIANT Company Software\GIANT AntiSpyware\ ProcessID : 3012 ThreadCreationTime : 26.01.2005 18:29:05 BasePriority : Idle FileVersion : 1.00.0338 ProductVersion : 1.00.0338 ProductName : GIANT AntiSpyware Service CompanyName : GIANT Company Software inc. FileDescription : GIANT AntiSpyware Service InternalName : gcasServ LegalCopyright : Copyright © 2001-2004, GIANT Company Software Inc. All rights reserved. LegalTrademarks : GIANT Company, GIANT Company Software, GIANT AntiSpyware, SpyNet are trademarks of GIANT Company Software inc. OriginalFilename : gcasServ.exe Comments : GIANT AntiSpyware created by GIANT Company Software inc. #:40 [avgnt.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 3032 ThreadCreationTime : 26.01.2005 18:29:06 BasePriority : Normal #:41 [steam.exe] FilePath : G:\gamez\hl2\ ProcessID : 3056 ThreadCreationTime : 26.01.2005 18:29:06 BasePriority : Normal FileVersion : 1.0.0.0 ProductVersion : 1.0.0.0 ProductName : Steam CompanyName : Valve Corporation FileDescription : Steam LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved. OriginalFilename : Steam.exe #:42 [stylexp.exe] FilePath : C:\Programme\TGTSoft\StyleXP\ ProcessID : 3072 ThreadCreationTime : 26.01.2005 18:29:06 BasePriority : Normal FileVersion : 0, 21, 0, 0 ProductVersion : 0, 21, 0, 0 ProductName : StyleXP Application FileDescription : StyleXP Application InternalName : StyleXP LegalCopyright : Copyright (c) 2001-2004 TGT Soft Corp OriginalFilename : StyleXP.EXE #:43 [bttray.exe] FilePath : C:\Programme\Bluetooth Software\ ProcessID : 3156 ThreadCreationTime : 26.01.2005 18:29:08 BasePriority : Normal FileVersion : 1.4.2 Build 10 ProductVersion : 1.4.2 Build 10 ProductName : Bluetooth Software 1.4.2 Build 10 CompanyName : WIDCOMM, Inc. FileDescription : Bluetooth Tray Application InternalName : BTTray LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003. OriginalFilename : BTTray.exe #:44 [em_exec.exe] FilePath : C:\Programme\Logitech\MouseWare\system\ ProcessID : 3796 ThreadCreationTime : 26.01.2005 18:29:14 BasePriority : Normal FileVersion : 9.79.025 ProductVersion : 9.79.025 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : (C) 1987-2003 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team #:45 [btstac~1.exe] FilePath : C:\PROGRA~1\BLUETO~1\ ProcessID : 3884 ThreadCreationTime : 26.01.2005 18:29:16 BasePriority : Normal FileVersion : 1.4.2 Build 10 ProductVersion : 1.4.2 Build 10 ProductName : Bluetooth Software 1.4.2 Build 10 CompanyName : WIDCOMM, Inc. FileDescription : Bluetooth Stack COM Server InternalName : BTStackServer LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003. OriginalFilename : BTStackServer.exe #:46 [lvcoms.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3988 ThreadCreationTime : 26.01.2005 18:29:16 BasePriority : Normal FileVersion : 8.1.3.1003 ProductVersion : 8.1.3.1003 ProductName : Logitech QuickCam CompanyName : Logitech Inc. FileDescription : LVCom Server InternalName : LVComS.exe LegalCopyright : (c) 1996-2003 Logitech. All rights reserved. OriginalFilename : LVComS.exe #:47 [gcasdtserv.exe] FilePath : C:\Programme\GIANT Company Software\GIANT AntiSpyware\ ProcessID : 2628 ThreadCreationTime : 26.01.2005 18:29:20 BasePriority : Normal FileVersion : 1.00.0397 ProductVersion : 1.00.0397 ProductName : GIANT AntiSpyware CompanyName : GIANT Company Software inc. FileDescription : GIANT AntiSpyware Data Service InternalName : gcasDtServ LegalCopyright : Copyright © 2001-2004, GIANT Company Software Inc. All rights reserved. LegalTrademarks : GIANT Company, GIANT Company Software, GIANT AntiSpyware, SpyNet are trademarks of GIANT Company Software inc. OriginalFilename : gcasDtServ.exe Comments : GIANT AntiSpyware created by GIANT Company Software inc. #:48 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3248 ThreadCreationTime : 26.01.2005 18:29:36 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Automatische Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : wuauclt.exe #:49 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1780 ThreadCreationTime : 26.01.2005 18:29:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:50 [ymsgr_tray.exe] FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\ ProcessID : 1988 ThreadCreationTime : 26.01.2005 18:29:59 BasePriority : Normal #:51 [iexplore.exe] FilePath : C:\Programme\Internet Explorer\ ProcessID : 3404 ThreadCreationTime : 26.01.2005 18:30:05 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : IEXPLORE.EXE #:52 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3120 ThreadCreationTime : 26.01.2005 18:30:31 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Disk Scan Result for C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Disk Scan Result for C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\powerpoint\recent templates Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbar MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\creative tech\creative wavestudio\settings Description : list of recently used directories in creative wavestudio MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\jasc\paint shop pro 8\recent file list Description : list of recently used files in jasc paint shop pro MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\jasc\animation shop 3\recent file list Description : list of recently used files in jasc animation shop MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\jasc\animation shop 3\saveasdialog Description : list of recently saved files in jasc animation shop MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\macromedia\dreamweaver 6\recent file list Description : list of recently used files in macromedia dreamweaver MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent open locations in realplayer MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\jasc\animation shop 3\fileopendialog Description : list of recently opened files in jasc animation shop MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\powerpoint\recent typeface list Description : list of recently used typefaces in microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Godstalker\recent Description : list of recently opened documents Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 51 19:32:33 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:56.188 Objects scanned:91741 Objects identified:0 Objects ignored:0 New critical objects:0 und die log von hijack this Logfile of HijackThis v1.99.0 Scan saved at 19:34:34, on 26.01.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Bluetooth Software\bin\by the way.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Programme\D-Link\Air Utility\AirCFG.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe C:\Programme\AVPersonal\AVGNT.EXE G:\gamez\hl2\steam.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Bluetooth Software\BTTray.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\LVComS.exe C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Dokumente und Einstellungen\Godstalker\Eigene Dateien\downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\SBAudigy\Program\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CloneCDTray] C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe O4 - HKLM\..\Run: [D-Link Air Utility] C:\Programme\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [gcasServ] "C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [Steam] "g:\gamez\hl2\steam.exe" -silent O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095599909187 O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.lycos.de/app/uploader/FileUploader.cab O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\Bluetooth Software\bin\by the way.exe O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Sandra Data Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe O23 - Service: Sandra Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
||
26.01.2005, 19:39
Ehrenmitglied
Beiträge: 29434 |
#38
Hallo@goddie
Das Log ist sauber Surfe nicht mehr mit dem IE #Alternativbrowser zum IE Firefox http://www.mozilla-europe.org/de/ Installation+Konfiguration Firefox http://www.pcwelt.de/know-how/software/103924/index1.html __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 26.01.2005 um 19:39 Uhr von Sabina editiert.
|
|
|
||
Scan saved at 20:53:19, on 24.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
F:\Programme\ICQLite\ICQLite.exe
C:\Programme\Messenger Plus! 3\MsgPlus.exe
F:\Programme\AIM\aim.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Programme\Telekom\Eumex 404PC\Capictrl.exe
C:\Programme\Sitecom\Bluetooth Software\bin\by the way.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\MSN Messenger\msnmsgr.exe
F:\Programme\Norton\Norton AntiVirus\navapsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Programme\Norton\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Virenscanner\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qltrwrlcbwtl.com/VUpiWWsZccXVf9YC67upQU16tirYWPFJ__7D2H92IXIYBJEBMJvC2gOCei6_1SOX.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://F:\Programme\WinSweep\ws.js
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A77E8994-659F-900C-D43B-2E5F90FD8892} - C:\DOKUME~1\Alle\ANWEND~1\GREATB~1\OBJ BIB.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programme\Norton\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Assistent - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Programme\GMX\GMX Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [SfWinStartInfo] f:\programme\sfWinStartupInfo.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Programme\Norton\UrlLstCk.exe
O4 - HKLM\..\Run: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] F:\Programme\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [castflag] C:\DOKUME~1\Alle\ANWEND~1\INTERR~1\Nurbshimfree.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SFIRM32 Automat.lnk = F:\Programme\SFAutomat.exe
O4 - Global Startup: SpySubtract.lnk = C:\program files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Programme\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104945471597
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Assistent) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1158150-5E08-472A-A28E-0B62868E52BF}: NameServer = 213.168.112.60 194.8.194.60
Kann mir mal jemand dazu helfen??? Abgesehen davon das diverese Scanner nix finden und meine Favoriten geändert sind und ich den Driss uach nicht löschen kann, hab ich dsa gefühl das nach jedem Neustart das selbe bei Hijack gefunden wird...