Searchweb2.com startseite / AdWare.Lop.e

#0
24.01.2005, 20:55
...neu hier

Beiträge: 2
#31 Logfile of HijackThis v1.98.0
Scan saved at 20:53:19, on 24.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
F:\Programme\ICQLite\ICQLite.exe
C:\Programme\Messenger Plus! 3\MsgPlus.exe
F:\Programme\AIM\aim.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Programme\Telekom\Eumex 404PC\Capictrl.exe
C:\Programme\Sitecom\Bluetooth Software\bin\by the way.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\MSN Messenger\msnmsgr.exe
F:\Programme\Norton\Norton AntiVirus\navapsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Programme\Norton\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Virenscanner\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qltrwrlcbwtl.com/VUpiWWsZccXVf9YC67upQU16tirYWPFJ__7D2H92IXIYBJEBMJvC2gOCei6_1SOX.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://F:\Programme\WinSweep\ws.js
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A77E8994-659F-900C-D43B-2E5F90FD8892} - C:\DOKUME~1\Alle\ANWEND~1\GREATB~1\OBJ BIB.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programme\Norton\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Assistent - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Programme\GMX\GMX Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [SfWinStartInfo] f:\programme\sfWinStartupInfo.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Programme\Norton\UrlLstCk.exe
O4 - HKLM\..\Run: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] F:\Programme\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [castflag] C:\DOKUME~1\Alle\ANWEND~1\INTERR~1\Nurbshimfree.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SFIRM32 Automat.lnk = F:\Programme\SFAutomat.exe
O4 - Global Startup: SpySubtract.lnk = C:\program files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Programme\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104945471597
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Assistent) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1158150-5E08-472A-A28E-0B62868E52BF}: NameServer = 213.168.112.60 194.8.194.60



Kann mir mal jemand dazu helfen??? Abgesehen davon das diverese Scanner nix finden und meine Favoriten geändert sind und ich den Driss uach nicht löschen kann, hab ich dsa gefühl das nach jedem Neustart das selbe bei Hijack gefunden wird... ;)
Seitenanfang Seitenende
25.01.2005, 00:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#32 Hallo@Olli779

#Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"



#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qltrwrlcbwtl.com/VUpiWWsZccXVf9YC67upQU16tirYWPFJ__7D2H92IXIYBJEBMJvC2gOCei6_1SOX.htm
O2 - BHO: (no name) - {A77E8994-659F-900C-D43B-2E5F90FD8892} - C:\DOKUME~1\Alle\ANWEND~1\GREATB~1\OBJ BIB.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [castflag] C:\DOKUME~1\Alle\ANWEND~1\INTERR~1\Nurbshimfree.exe

PC neustarten

#deinstalliere Messenger Plus! (der ist Schuld an der Verseuchung) und lade das nie wieder

KillBox
http://www.bleepingcomputer.com/files/killbox.php

<Delete File on Reboot

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

kopiere in die Killbox.

C:\RECYCLER\Desktop.ini
C:\DOKUME~1\Alle\ANWEND~1\INTERR~1\Nurbshimfree.exe
C:\DOKUME~1\Alle\ANWEND~1\GREATB~1\OBJ BIB.exe

PC neustarten

ueberpruefe, ob es geloescht wurde:

C:\DOKUME~1\Alle\ANWEND~1\INTERR~1\Nurbshimfree.exe
C:\DOKUME~1\Alle\ANWEND~1\GREATB~1\OBJ BIB.exe

#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs

und poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 25.01.2005 um 00:03 Uhr von Sabina editiert.
Seitenanfang Seitenende
25.01.2005, 07:18
...neu hier

Beiträge: 5
#33 Ich hab das selbe problem bitte helft ich denke ich hab auch nochn wurm
hier ist mein logfile von hijack this danke schonam für die hilfe


Logfile of HijackThis v1.99.0
Scan saved at 07:16:31, on 25.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Bluetooth Software\bin\by the way.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Dokumente und Einstellungen\Godstalker\Desktop\WIN\WinTK_Standard\modules\traycontrol.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programme\D-Link\Air Utility\AirCFG.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Programme\AVPersonal\AVGNT.EXE
G:\gamez\hl2\steam.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\eMule\emule.exe
C:\WINDOWS\system32\wisptis.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Godstalker\Eigene Dateien\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=TZPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A7B35B64-02B1-DBFD-9993-AC95B4395EF8} - C:\DOKUME~1\GODSTA~1\ANWEND~1\MESSPL~1\Default Sixth.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [wintktraycontrol] C:\Dokumente und Einstellungen\Godstalker\Desktop\WIN\WinTK_Standard\modules\traycontrol.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Programme\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [16 show wipe proxy] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Faceacid16show\GREY VIEW.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Steam] "g:\gamez\hl2\steam.exe" -silent
O4 - HKCU\..\Run: [TZ Popup Killer] C:\Programme\TZ Popup Killer\TZKiller.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [gi1208754903] "C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\1J24L12B\p95v238\Resume.exe" "I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe" /resume:"C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\1J24L12B" "Bitte die erste Installationsdiskette einlegen oder Netzwerkpfad mit der Datei names I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe eingeben" "Prime95"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095599909187
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.lycos.de/app/uploader/FileUploader.cab
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\Bluetooth Software\bin\by the way.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Seitenanfang Seitenende
25.01.2005, 09:47
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#34 Hallo@goddie

#Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK


#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=TZPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {A7B35B64-02B1-DBFD-9993-AC95B4395EF8} - C:\DOKUME~1\GODSTA~1\ANWEND~1\MESSPL~1\Default Sixth.exe (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O4 - HKLM\..\Run: [wintktraycontrol] C:\Dokumente und Einstellungen\Godstalker\Desktop\WIN\WinTK_Standard\modules\traycontrol.exe
O4 - HKLM\..\Run: [16 show wipe proxy] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Faceacid16show\GREY VIEW.exe
O4 - HKCU\..\Run: [TZ Popup Killer] C:\Programme\TZ Popup Killer\TZKiller.exe
O4 - HKCU\..\RunOnce: [gi1208754903] "C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\1J24L12B\p95v238\Resume.exe" "I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe" /resume:"C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\1J24L12B" "Bitte die erste Installationsdiskette einlegen oder Netzwerkpfad mit der Datei names I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe eingeben" "Prime95"

PC neustarten

<C:\Programme\TZ Popup Killer\<----loesche/deinstalliere

<C:\DOKUME~1\Godstalker\LOKALE~1\Temp\ <----loesche alle Dateien in diesem Ordner

loeschen:
<C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Faceacid16show\GREY VIEW.exe
<C:\Dokumente und Einstellungen\Godstalker\ANWEND~1\MESSPL~1\Default Sixth.exe
<C:\Dokumente und Einstellungen\Godstalker\Desktop\WIN\WinTK_Standard\modules\traycontrol.exe
<I:\pcgh_sohe_grafik\cd1\Tools\Benchmarks\Prime95 23.8\p95v238.exe

Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k


#ClaerProg..lade die neuste Version <1.4.0 Final

http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs


#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
laden--> updaten-->scannen--PC neustarten--> noch mal scannen--> poste mir das Log vom Scan

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

+ poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 25.01.2005 um 09:56 Uhr von Sabina editiert.
Seitenanfang Seitenende
25.01.2005, 22:37
...neu hier

Beiträge: 2
#35 So, nach der Prozedur und nachdem ich subjektiv nicht mehr genervt werde ;) :

Logfile of HijackThis v1.98.0
Scan saved at 22:37:37, on 25.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
F:\Programme\Norton\Norton AntiVirus\navapsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
F:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
F:\Programme\AIM\aim.exe
F:\Programme\Norton\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
F:\Programme\Telekom\Eumex 404PC\Capictrl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
F:\Programme\Yahoo!\Messenger\YPager.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Virenscanner\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://F:\Programme\WinSweep\ws.js
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programme\Norton\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Assistent - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_18_0.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - C:\Programme\GMX\GMX Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [SfWinStartInfo] f:\programme\sfWinStartupInfo.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Programme\Norton\UrlLstCk.exe
O4 - HKLM\..\Run: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] F:\Programme\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SFIRM32 Automat.lnk = F:\Programme\SFAutomat.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Programme\AIM\aim.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104945471597
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Assistent) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1158150-5E08-472A-A28E-0B62868E52BF}: NameServer = 213.168.112.60 194.8.194.60
Seitenanfang Seitenende
25.01.2005, 23:58
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#36 Hallo@Olli779

Das Log ist sauber. ;)

Scanne noch mit AdAware
#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
nach dem scannen--> neustarten.--> dann noch mal scannen

Gruss
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.01.2005, 19:35
...neu hier

Beiträge: 5
#37 so hier ist der log von ad-aware



Ad-Aware SE Build 1.05
Logfile Created on:Mittwoch, 26. Januar 2005 19:30:37
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R26 25.01.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):51 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


26.01.2005 19:30:37 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1044
ThreadCreationTime : 26.01.2005 18:27:06
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 26.01.2005 18:27:08
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1140
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1184
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1348
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1548
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [stylexpservice.exe]
FilePath : C:\Programme\TGTSoft\StyleXP\
ProcessID : 1580
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : Normal
FileVersion : 0, 20, 0, 3000
ProductVersion : 0, 20, 0, 3000
ProductName : StyleXPService Module
FileDescription : StyleXPService Module
InternalName : StyleXPService
LegalCopyright : Copyright 2001
OriginalFilename : StyleXPService.EXE

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1608
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1636
ThreadCreationTime : 26.01.2005 18:27:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 416
ThreadCreationTime : 26.01.2005 18:27:10
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 440
ThreadCreationTime : 26.01.2005 18:27:10
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 26.01.2005 18:27:10
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 912
ThreadCreationTime : 26.01.2005 18:27:15
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:16 [avguard.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1820
ThreadCreationTime : 26.01.2005 18:28:15
BasePriority : Normal


#:17 [avwupsrv.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1912
ThreadCreationTime : 26.01.2005 18:28:45
BasePriority : Normal


#:18 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1956
ThreadCreationTime : 26.01.2005 18:28:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [by the way.exe]
FilePath : C:\Programme\Bluetooth Software\bin\
ProcessID : 2008
ThreadCreationTime : 26.01.2005 18:28:46
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Support Server
InternalName : by the way
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : by the way.EXE

#:20 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\
ProcessID : 312
ThreadCreationTime : 26.01.2005 18:28:46
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:21 [nprotect.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\
ProcessID : 352
ThreadCreationTime : 26.01.2005 18:28:46
BasePriority : Normal
FileVersion : 17.0.0.82
ProductVersion : 17.0.0.82
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation
LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation.
OriginalFilename : NPROTECT.EXE

#:22 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 672
ThreadCreationTime : 26.01.2005 18:28:49
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:23 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\
ProcessID : 1228
ThreadCreationTime : 26.01.2005 18:28:49
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation
OriginalFilename : NOPDB.dll

#:24 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 26.01.2005 18:28:50
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1112
ThreadCreationTime : 26.01.2005 18:28:50
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:26 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 856
ThreadCreationTime : 26.01.2005 18:28:50
BasePriority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe

#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2284
ThreadCreationTime : 26.01.2005 18:28:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [cthelper.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2672
ThreadCreationTime : 26.01.2005 18:28:59
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright (C) 2002
OriginalFilename : CtHelper.EXE

#:29 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 2728
ThreadCreationTime : 26.01.2005 18:29:00
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:30 [clonecdtray.exe]
FilePath : C:\Programme\Elaborate Bytes\CloneCD\
ProcessID : 2744
ThreadCreationTime : 26.01.2005 18:29:00
BasePriority : Normal


#:31 [aircfg.exe]
FilePath : C:\Programme\D-Link\Air Utility\
ProcessID : 2752
ThreadCreationTime : 26.01.2005 18:29:00
BasePriority : Normal
FileVersion : 3, 1, 5, 30626
ProductVersion : 3, 1, 5, 30626
ProductName : Wireless LAN Monitor
CompanyName : D-Link
FileDescription : D-Link Wireless LAN Monitor
InternalName : WlanMonitor
LegalCopyright : Copyright 2002(C), D-Link. All Rights Reserved.
LegalTrademarks : D-Link
OriginalFilename : WlanMon.EXE

#:32 [icqlite.exe]
FilePath : C:\Programme\ICQLite\
ProcessID : 2768
ThreadCreationTime : 26.01.2005 18:29:00
BasePriority : Normal
FileVersion : 555
ProductVersion : 1, 0, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe

#:33 [jusched.exe]
FilePath : C:\Programme\Java\j2re1.4.2_06\bin\
ProcessID : 2788
ThreadCreationTime : 26.01.2005 18:29:01
BasePriority : Normal


#:34 [logitray.exe]
FilePath : C:\Programme\Logitech\Video\
ProcessID : 2824
ThreadCreationTime : 26.01.2005 18:29:02
BasePriority : Normal
FileVersion : 8.1.1.1100
ProductVersion : 8.1.1.1100
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe

#:35 [zlclient.exe]
FilePath : C:\Programme\Zone Labs\ZoneAlarm\
ProcessID : 2868
ThreadCreationTime : 26.01.2005 18:29:03
BasePriority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe

#:36 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2928
ThreadCreationTime : 26.01.2005 18:29:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:37 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 2944
ThreadCreationTime : 26.01.2005 18:29:04
BasePriority : Normal
FileVersion : 6.0
ProductVersion : QuickTime 6.0
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:38 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2980
ThreadCreationTime : 26.01.2005 18:29:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:39 [gcasserv.exe]
FilePath : C:\Programme\GIANT Company Software\GIANT AntiSpyware\
ProcessID : 3012
ThreadCreationTime : 26.01.2005 18:29:05
BasePriority : Idle
FileVersion : 1.00.0338
ProductVersion : 1.00.0338
ProductName : GIANT AntiSpyware Service
CompanyName : GIANT Company Software inc.
FileDescription : GIANT AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2001-2004, GIANT Company Software Inc. All rights reserved.
LegalTrademarks : GIANT Company, GIANT Company Software, GIANT AntiSpyware, SpyNet are trademarks of GIANT Company Software inc.
OriginalFilename : gcasServ.exe
Comments : GIANT AntiSpyware created by GIANT Company Software inc.

#:40 [avgnt.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 3032
ThreadCreationTime : 26.01.2005 18:29:06
BasePriority : Normal


#:41 [steam.exe]
FilePath : G:\gamez\hl2\
ProcessID : 3056
ThreadCreationTime : 26.01.2005 18:29:06
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe

#:42 [stylexp.exe]
FilePath : C:\Programme\TGTSoft\StyleXP\
ProcessID : 3072
ThreadCreationTime : 26.01.2005 18:29:06
BasePriority : Normal
FileVersion : 0, 21, 0, 0
ProductVersion : 0, 21, 0, 0
ProductName : StyleXP Application
FileDescription : StyleXP Application
InternalName : StyleXP
LegalCopyright : Copyright (c) 2001-2004 TGT Soft Corp
OriginalFilename : StyleXP.EXE

#:43 [bttray.exe]
FilePath : C:\Programme\Bluetooth Software\
ProcessID : 3156
ThreadCreationTime : 26.01.2005 18:29:08
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTTray.exe

#:44 [em_exec.exe]
FilePath : C:\Programme\Logitech\MouseWare\system\
ProcessID : 3796
ThreadCreationTime : 26.01.2005 18:29:14
BasePriority : Normal
FileVersion : 9.79.025
ProductVersion : 9.79.025
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : (C) 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:45 [btstac~1.exe]
FilePath : C:\PROGRA~1\BLUETO~1\
ProcessID : 3884
ThreadCreationTime : 26.01.2005 18:29:16
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Stack COM Server
InternalName : BTStackServer
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTStackServer.exe

#:46 [lvcoms.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3988
ThreadCreationTime : 26.01.2005 18:29:16
BasePriority : Normal
FileVersion : 8.1.3.1003
ProductVersion : 8.1.3.1003
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : (c) 1996-2003 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:47 [gcasdtserv.exe]
FilePath : C:\Programme\GIANT Company Software\GIANT AntiSpyware\
ProcessID : 2628
ThreadCreationTime : 26.01.2005 18:29:20
BasePriority : Normal
FileVersion : 1.00.0397
ProductVersion : 1.00.0397
ProductName : GIANT AntiSpyware
CompanyName : GIANT Company Software inc.
FileDescription : GIANT AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2001-2004, GIANT Company Software Inc. All rights reserved.
LegalTrademarks : GIANT Company, GIANT Company Software, GIANT AntiSpyware, SpyNet are trademarks of GIANT Company Software inc.
OriginalFilename : gcasDtServ.exe
Comments : GIANT AntiSpyware created by GIANT Company Software inc.

#:48 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3248
ThreadCreationTime : 26.01.2005 18:29:36
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : wuauclt.exe

#:49 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1780
ThreadCreationTime : 26.01.2005 18:29:48
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:50 [ymsgr_tray.exe]
FilePath : C:\PROGRA~1\Yahoo!\MESSEN~1\
ProcessID : 1988
ThreadCreationTime : 26.01.2005 18:29:59
BasePriority : Normal


#:51 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3404
ThreadCreationTime : 26.01.2005 18:30:05
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:52 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3120
ThreadCreationTime : 26.01.2005 18:30:31
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\DOKUME~1\GODSTA~1\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\jasc\paint shop pro 8\recent file list
Description : list of recently used files in jasc paint shop pro


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\jasc\animation shop 3\recent file list
Description : list of recently used files in jasc animation shop


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\jasc\animation shop 3\saveasdialog
Description : list of recently saved files in jasc animation shop


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent open locations in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\jasc\animation shop 3\fileopendialog
Description : list of recently opened files in jasc animation shop


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-861567501-1972579041-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Godstalker\recent
Description : list of recently opened documents



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 51

19:32:33 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:56.188
Objects scanned:91741
Objects identified:0
Objects ignored:0
New critical objects:0


und die log von hijack this

Logfile of HijackThis v1.99.0
Scan saved at 19:34:34, on 26.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Bluetooth Software\bin\by the way.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Programme\D-Link\Air Utility\AirCFG.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Programme\AVPersonal\AVGNT.EXE
G:\gamez\hl2\steam.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Bluetooth Software\BTTray.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\LVComS.exe
C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Dokumente und Einstellungen\Godstalker\Eigene Dateien\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Programme\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Steam] "g:\gamez\hl2\steam.exe" -silent
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095599909187
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.lycos.de/app/uploader/FileUploader.cab
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:\Programme\Bluetooth Software\bin\by the way.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StyleXPService - Unknown - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Seitenanfang Seitenende
26.01.2005, 19:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#38 Hallo@goddie

Das Log ist sauber ;)

Surfe nicht mehr mit dem IE

#Alternativbrowser zum IE
Firefox
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 26.01.2005 um 19:39 Uhr von Sabina editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: