HideProc.a Trojaner verändert Hintergrund(desktop)

#0
13.01.2005, 23:37
Member

Beiträge: 36
#1 Also ich habe im Inet gesurft und habe mir was komisches eingefangen.
es hat mein desktop verändert und ich kann es nicht ändern.
ich habe schon einiges drüber gelesen aber bei mir sehen die logs anders aus ;) deswegen frage ich nochmal nicht das ich was falsch mache...)
Hoffe ihr könnt mir helfen ist der laptop meiner mom.

als erstes habe ich was gefunden, als ich was gegen den trojaner HideProc.a gesucht habe, es soll angeblich den trojaner entfernen wollte fragen ob das stimmt den ich kann auf dem befallenen pc leider das programm nicht updaten ka wieso, auf dem gesunden pc geht es, aber auf den befalenen nicht.
kann das mal einer cheken ob das programm was bringt?
http://www.emsisoft.de/de/support/malware/?showmalware=updates


achso und dann habe ich irgendwo gelesen das das auch helfen kann
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

kann das sein?

habe xp


Logfile of HijackThis v1.99.0
Scan saved at 21:53:45, on 13.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apihm32.exe
C:\Programme\mobile PhoneTools\CapFax.EXE
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Programme\Winamp\winampa.exe
C:\temp\salm.exe
C:\WINDOWS\System32\Services\{A7CA429A-41F5-48E7-81A7-39D5CD8D2932}\SVCHOST.EXE
C:\WINDOWS\apifd32.exe
C:\Programme\Messenger\msmsgs.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\nourl\NoURL.exe
C:\Programme\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
C:\Programme\Trillian\trillian.exe
C:\WINDOWS\system32\lîgonui.exe
C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\HJT\hijackthis199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {563AC50A-6D00-C342-5EC7-D1C5C40E2122} - C:\WINDOWS\system32\msef32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] REM C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] REM C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CapFax] C:\Programme\mobile PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [shoothe] REM C:\DOKUME~1\LUBAVO~1\ANWEND~1\llstiess.exe -QuieT
O4 - HKLM\..\Run: [Corel Reminder] REM
O4 - HKLM\..\Run: [AttuneClientEngine] REM C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - HKLM\..\Run: [94477480.exe] REM C:\WINDOWS\System32\94477480.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [B.tmp] C:\DOKUME~1\LUBAVO~1\LOKALE~1\Temp\B.tmp.exe 0 28129
O4 - HKLM\..\Run: [javayx32.exe] C:\WINDOWS\system32\javayx32.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{A7CA429A-41F5-48E7-81A7-39D5CD8D2932}\SVCHOST.EXE
O4 - HKLM\..\Run: [crvi.exe] C:\WINDOWS\system32\crvi.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [apifd32.exe] C:\WINDOWS\apifd32.exe
O4 - HKLM\..\RunOnce: [apihm32.exe] C:\WINDOWS\apihm32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoURL] C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\nourl\NoURL.exe
O4 - HKCU\..\Run: [Rura] C:\Dokumente und Einstellungen\Luba von Roden\Anwendungsdaten\cier.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Papojtf] C:\WINDOWS\System32\ligonui.exe
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe"
O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe
O4 - Global Startup: eBay Toolbar.LNK = C:\Programme\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105583648105
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O16 - DPF: {BBCACFA8-B901-451E-A606-0FE678814967} (control to view directory & upload images) - http://www.uboot.com/h/int/applet/photo_activex/PhotoUploader.CAB
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\appvy.exe (file missing)





mfg vitali
Seitenanfang Seitenende
14.01.2005, 14:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@Vitali

#Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"


Lade die Killbox:

http://www.bleepingcomputer.com/files/killbox.php

Deaktivieren Wiederherstellung

«XP
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/gdocid/20030807105707924

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als "fixme.reg" auf dem Desktop speichern.


REGEDIT4


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\½O.#ž‚„õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\½O.#ž‚„õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\½O.#ž‚„õØ´â]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\½O.#ž‚„õØ´â]

[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ICOO]

[-HKEY_CLASSES_ROOT\CLSID\{4A8DADD4-5A25-4D41-8599-CB7458766220}]



#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pkbor.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {563AC50A-6D00-C342-5EC7-D1C5C40E2122} - C:\WINDOWS\system32\msef32.dll
O4 - HKLM\..\Run: [shoothe] REM C:\DOKUME~1\LUBAVO~1\ANWEND~1\llstiess.exe -QuieT
O4 - HKLM\..\Run: [Corel Reminder] REM
O4 - HKLM\..\Run: [AttuneClientEngine] REM C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - HKLM\..\Run: [94477480.exe] REM C:\WINDOWS\System32\94477480.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [B.tmp] C:\DOKUME~1\LUBAVO~1\LOKALE~1\Temp\B.tmp.exe 0 28129
O4 - HKLM\..\Run: [javayx32.exe] C:\WINDOWS\system32\javayx32.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{A7CA429A-41F5-48E7-81A7-39D5CD8D2932}\SVCHOST.EXE
O4 - HKLM\..\Run: [crvi.exe] C:\WINDOWS\system32\crvi.exe
O4 - HKLM\..\Run: [apifd32.exe] C:\WINDOWS\apifd32.exe
O4 - HKLM\..\RunOnce: [apihm32.exe] C:\WINDOWS\apihm32.exe
O4 - HKCU\..\Run: [Rura] C:\Dokumente und Einstellungen\Luba von Roden\Anwendungsdaten\cier.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Papojtf] C:\WINDOWS\System32\ligonui.exe
O4 - Global Startup: eBay Toolbar.LNK = C:\Programme\eBay\eBay Toolbar\4.4.0.1\ebaytbar.exe
O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll (file missing)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c46.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB
O23 - Service: Network Security Service - Unknown - C:\WINDOWS\appvy.exe (file missing)

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken).
http://www.tu-berlin.de/www/software/virus/savemode.shtml


Die Datei "fixme.reg" auf dem Desktop doppelklicken.


KillBox
<Delete File on Reboot

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\nourl\NoURL.exe
C:\WINDOWS\appvy.exe
C:\Programme\SideFind\sidefind.dll
C:\WINDOWS\System32\ligonui.exe
C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\WINDOWS\System32\tibs3.exe
C:\Dokumente und Einstellungen\Luba von Roden\Anwendungsdaten\cier.exe
C:\WINDOWS\apihm32.exe
C:\WINDOWS\apifd32.exe
C:\WINDOWS\system32\crvi.exe
C:\WINDOWS\System32\Services\{A7CA429A-41F5-48E7-81A7-39D5CD8D2932}\SVCHOST.EXE
C:\WINDOWS\System32\systime.exe
c:\temp\salm.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Programme\Web_Rebates\WebRebates0.exe
C:\progra~1\ddm\sysu.exe
C:\WINDOWS\system32\javayx32.exe
C:\WINDOWS\pkbor.dll
C:\DOKUME~1\LUBAVO~1\LOKALE~1\Temp\B.tmp.exe 0 28129
C:\DOKUME~1\LUBAVO~1\LOKALE~1\Temp\B.tmp.exe
C:\WINDOWS\System32\94477480.exe
C:\DOKUME~1\LUBAVO~1\ANWEND~1\llstiess.exe
C:\WINDOWS\system32\msef32.dll

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken).
http://www.tu-berlin.de/www/software/virus/savemode.shtml

Loesche:
<C:\Programme\SideFind\
<C:\Programme\Web_Rebates
<C:\Dokumente und Einstellungen\Luba von Roden\Anwendungsdaten\cier.exe
<C:\PROGRA~1\COMMON~1\tsa\
<C:\Program Files\Admilli Service\
<C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\nourl\NoURL.exe
<C:\DOKUME~1\LUBAVO~1\ANWEND~1\llstiess.exe

und loesche gleich den gesamten Inhalt der <C:\WINDOWS\Tempor~1\Content.IE5 (lasse nur die index.dat
...die darf nicht geloescht werden)
<C:\Temp <-----alles loeschen, was du findest
<C:\Windows\Temp <----alles loeschen, was du findest
<C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\ <---alles loeschen, was du findest

#C:\Windows\Downloaded Programm Files\ -->löschen (ALLES)

Datenträgerbereinigung: und Löschen der Temporary-Dateien
<Start<Ausfuehren--> reinschreiben : cleanmgr
loesche nur:
#Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
#Click:Temporäre Dateien, o.k

Deinstalliere den Antivirus und lade.
#Testversion "Antivirus Personal 5.0"
http://www.computerbase.de/downloads/software/antivirensoftware/kaspersky_anti-virus/
Kaspersky-Antivirus-Final 5.0 [(Deutsch,10.062 KB, Windows)]

#AdAware (free)
http://www.lavasoft.de/support/download/
VOR jedem Scanvorgang das Programm Updaten!
waehrend des Scanvorganges müssen ALLE sonstige
Anwendungen beendet werden und alle Browserfenster müssen
geschlossen sein!

#Search&Destroy
http://www.safer-networking.org/de/download/index.html

#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs


#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

+ poste das neue Log vom HijackTHis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 14.01.2005 um 14:42 Uhr von Sabina editiert.
Seitenanfang Seitenende
14.01.2005, 15:29
Member

Themenstarter

Beiträge: 36
#3 Oh super danke sehr ;) ich mache mich mal an die arbeit mal sehen ob ich das heute noch schaffe.
Seitenanfang Seitenende
14.01.2005, 21:05
Member

Themenstarter

Beiträge: 36
#4 ok also der hintergrund ist immer noch wie vorher ;)
habe ich vielleicht was falsch gemacht?

ich denke ich habé alle schritte befolgt.




Logfile of HijackThis v1.99.0
Scan saved at 21:03:26, on 14.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\mobile PhoneTools\CapFax.EXE
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Trillian\trillian.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\HJT\hijackthis199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] REM C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] REM C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CapFax] C:\Programme\mobile PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoURL] C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\nourl\NoURL.exe
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105583648105
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {BBCACFA8-B901-451E-A606-0FE678814967} (control to view directory & upload images) - http://www.uboot.com/h/int/applet/photo_activex/PhotoUploader.CAB
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe


mfg vitali
Seitenanfang Seitenende
14.01.2005, 23:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 Hallo@Vitali

Boote in den abgesicherten Modus:

Gehe in die Registry

Start<Ausfuehren<regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
loesche (komplett)

*.frame.crazywinnings.com
*.static.topconverting.com
*.frame.crazywinnings.com (HKLM)
*.static.topconverting.com (HKLM)
-------------------------------------------------------------------------------------------
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->>
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKCU\..\Run: [NoURL] C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\nourl\NoURL.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)

Button "Fix checked"

#Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"

Loesche:
C:\Program Files\Admilli Service\
C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\nourl\NoURL.exe

Boote wieder in den Normalmodus

#Search&Destroy
http://www.safer-networking.org/de/download/index.html
Spybot - Search && Destroy process list report,-->bitte abkopieren und posten

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
poste das Log

+ das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 14.01.2005 um 23:58 Uhr von Sabina editiert.
Seitenanfang Seitenende
15.01.2005, 20:42
Member

Themenstarter

Beiträge: 36
#6 also paar datein die du mir geschreiben hast zu löschen waren nicht mehr da.
mein desktop ist immernoch so wie vorher.

hoffe du findest was;)

danke für deine mühe.



Ad-Aware SE Build 1.05
Logfile Created on:Samstag, 15. Januar 2005 20:14:13
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R25 11.01.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):70 total references
CoolWebSearch(TAC index:10):67 total references
Ebates MoneyMaker(TAC index:4):1 total references
Hijacker.TopConverting(TAC index:5):9 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
SahAgent(TAC index:9):1 total references
Search Relevancy(TAC index:5):8 total references
Targetsavers(TAC index:8):3 total references
TopMoxie(TAC index:3):7 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


15.01.2005 20:14:13 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 368
ThreadCreationTime : 15.01.2005 18:50:22
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 416
ThreadCreationTime : 15.01.2005 18:50:25
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 440
ThreadCreationTime : 15.01.2005 18:50:26
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 15.01.2005 18:50:26
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung fur Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 15.01.2005 18:50:26
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 15.01.2005 18:50:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 680
ThreadCreationTime : 15.01.2005 18:50:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 812
ThreadCreationTime : 15.01.2005 18:50:28
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 840
ThreadCreationTime : 15.01.2005 18:50:28
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1084
ThreadCreationTime : 15.01.2005 18:50:30
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 15.01.2005 18:50:30
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1196
ThreadCreationTime : 15.01.2005 18:50:30
BasePriority : Normal


#:13 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\
ProcessID : 1268
ThreadCreationTime : 15.01.2005 18:50:30
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1332
ThreadCreationTime : 15.01.2005 18:50:31
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [capfax.exe]
FilePath : C:\Programme\mobile PhoneTools\
ProcessID : 1640
ThreadCreationTime : 15.01.2005 18:50:36
BasePriority : Normal


#:16 [realplay.exe]
FilePath : C:\Programme\Real\RealPlayer\
ProcessID : 1656
ThreadCreationTime : 15.01.2005 18:50:36
BasePriority : Normal
FileVersion : 6.0.9.367
ProductVersion : 6.0.9.367
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:17 [icqlite.exe]
FilePath : C:\Programme\ICQLite\
ProcessID : 1664
ThreadCreationTime : 15.01.2005 18:50:36
BasePriority : Normal
FileVersion : 555
ProductVersion : 1, 0, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe

#:18 [winampa.exe]
FilePath : C:\Programme\Winamp\
ProcessID : 1688
ThreadCreationTime : 15.01.2005 18:50:36
BasePriority : Normal


#:19 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 1712
ThreadCreationTime : 15.01.2005 18:50:37
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:20 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1740
ThreadCreationTime : 15.01.2005 18:50:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:21 [trillian.exe]
FilePath : C:\Programme\Trillian\
ProcessID : 1796
ThreadCreationTime : 15.01.2005 18:50:38
BasePriority : Normal
FileVersion : 3.0.0.967
ProductVersion : 3.0.0.967
ProductName : Trillian
CompanyName : Cerulean Studios
FileDescription : Trillian
InternalName : Trillian
LegalCopyright : © Cerulean Studios, LLC. All rights reserved.
OriginalFilename : Trillian.exe

#:22 [spybotsd.exe]
FilePath : C:\Programme\Spybot - Search & Destroy\
ProcessID : 888
ThreadCreationTime : 15.01.2005 18:51:12
BasePriority : Normal
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ahnlichen Bedrohungen.

#:23 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 1916
ThreadCreationTime : 15.01.2005 19:07:41
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:24 [ad-aware.exe]
FilePath : C:\PROGRA~1\LAVASOFT\AD-AWA~2\
ProcessID : 360
ThreadCreationTime : 15.01.2005 19:13:52
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{487e7682-b976-41fb-a944-e8b83689a454}

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : loader2.loader2ctrl.1

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : loader2.loader2ctrl.1
Value :

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f}
Value :

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1}
Value :

Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4}

Hijacker.TopConverting Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4}
Value :

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : searchrelevancy
Value :

Search Relevancy Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : DisplayName

Search Relevancy Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\search relevancy
Value : UninstallString

TopMoxie Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\untopr1150

TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\untopr1150
Value :

TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\untopr1150
Value : DisplayName

TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\untopr1150
Value : UninstallString

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : partner_id

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : partner_id

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : UID

Targetsavers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "AffiliateID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : AffiliateID

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 23


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : static.topconverting.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com
Value : *

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 25


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : luba von roden@as1.falkag[2].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:luba von roden@as1.falkag.de/
Expires : 13.02.2005 21:03:46
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : luba von roden@servedby.netshelter[2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:luba von roden@servedby.netshelter.net/
Expires : 29.06.2021 14:48:54
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : luba von roden@versiontracker[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:luba von roden@versiontracker.com/
Expires : 15.01.2007 12:09:48
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : luba von roden@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:luba von roden@tribalfusion.com/
Expires : 01.01.2038 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : luba von roden@adtech[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:luba von roden@adtech.de/
Expires : 13.01.2015 20:09:28
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 30



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : oofjy.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : jdjrl.log
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : asrqw.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : mffhk.txt
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : zpium.log
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : lujxk.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : rqbho.log
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : aqeha.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : esaxr.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : cprtg.txt
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : tajqb.txt
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : wcmor.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : ecque.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : petnt.log
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : pumtb.txt
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



CoolWebSearch Object Recognized!
Type : File
Data : eyknl.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : pzoxi.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



SahAgent Object Recognized!
Type : File
Data : lsp_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL


CoolWebSearch Object Recognized!
Type : File
Data : ksvunk.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : dsnzhm.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : vlgfbx.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : fgxue.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : dvxmgi.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : vvpabs.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : owafdv.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : qczzmq.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : jvkfhs.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : tvckjd.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : styjp.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : wvuhg.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : uituap.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : mimzuz.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : fjwewk.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : slfpjo.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : klyudr.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : dmjzfb.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : fqdujq.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : xqvzdt.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : qrgmgd.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : odxtt.dat
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : jicrm.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : pwwfiv.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : appkcf.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : sqipxq.log
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : anpmy.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : lpswm.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



Search Relevancy Object Recognized!
Type : File
Data : SearchRelevancy.xml
Category : Misc
Comment :
Object : C:\Programme\SearchRelevancy\



Ebates MoneyMaker Object Recognized!
Type : File
Data : 1150_1.dat
Category : Data Miner
Comment :
Object : C:\Recycled\Dc11\Sy1150\Sy1150\



180Solutions Object Recognized!
Type : File
Data : Dc28.dll
Category : Data Miner
Comment :
Object : C:\Recycled\



TopMoxie Object Recognized!
Type : File
Data : Dc2388.exe
Category : Data Miner
Comment :
Object : C:\Recycled\



TopMoxie Object Recognized!
Type : File
Data : Dc2777.exe
Category : Data Miner
Comment :
Object : C:\Recycled\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 81

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\Dokumente und Einstellungen\Luba von Roden\Favoriten\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\tsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\tsa
Value : TslHWND

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\tsa
Value : Tsm2HWND

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\tsa
Value : Ts2HWND

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\tsa
Value : Tsl2HWND

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\tsa
Value : Tsp2HWND

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : NewInstall

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : PAPP

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : Path

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : CODE

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : CountryCode

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : RegionCode

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : CityCode

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : MetroCode

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\tsa
Value : ContinentCode

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set

Search Relevancy Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Programme\SearchRelevancy

Search Relevancy Object Recognized!
Type : File
Data : uninstall.exe
Category : Misc
Comment :
Object : C:\Programme\searchrelevancy\



TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\ins
Value : 1150

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : last_conn_h

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : last_conn_l

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : we

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : cdata

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : TimeOffset

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : action_url_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : action_url_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : action_url_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : key_file

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : kw_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : geourl_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : geourl_current_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : actionurl_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : actionurl_current_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : keyword_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : keyword_current_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : recent_shown

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : key_int_high

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\salm
Value : key_int_low

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : last_conn_h

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : last_conn_l

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : we

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : cdata

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : TimeOffset

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : action_url_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : action_url_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : action_url_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : key_file

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : kw_last_chunk

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : geourl_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : geourl_current_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : actionurl_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : actionurl_current_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : keyword_last_full_version

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\sais
Value : keyword_current_version

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
Value : BarSize

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : mt1

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : mt2

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : mt3

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : gma

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : gvi

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : gpi

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : boom

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : boom_ver

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : did

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : duid

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : product_id

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\salm
Value : umt

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt1

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt2

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt3

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gma

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gvi

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gpi

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : did

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : duid

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : product_id

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : umt

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\salm

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\salm
Value : DisplayName

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\salm
Value : UninstallString

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\salm
Value : DisplayIcon

Targetsavers Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\tsl installer

Targetsavers Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\tsl installer
Value : NoRemove

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 92
Objects found so far: 174

20:20:39 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:26.165
Objects scanned:101020
Objects identified:178
Objects ignored:0
New critical objects:178



mfg vitali
Seitenanfang Seitenende
15.01.2005, 21:16
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 #LSPfix.exe
http://www10.brinkster.com/expl0iter/freeatlast/L2M/ts.htm
<"I know what I'm doing"
bringe die "lsp_.dll"
von der linken auf die rechte Seite und loesche die dll


Gehe in die Registry
Start<Ausfuehren<regedit

HKEY_CURRENT_USERSoftware\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
loesche:
static.topconverting.com
----------------------------------------------------------------------------
#Arbeitsplatz -> rechter Mausklick -->Windows Explorer -> "Extras/Ordneroptionen" ->
"Ansicht" -> Haken entfernen bei "Geschützte Systemdateien
ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen"
aktivieren -> "OK"


Loesche:
C:\Programme\searchrelevancy\

KillBox
http://www.bleepingcomputer.com/files/killbox.php

<Delete File on Reboot
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"


oeffne die Killbox (kopiere rein)
C:\WINDOWS\system32\oofjy.dat
C:\WINDOWS\system32\jdjrl.log
C:\WINDOWS\system32\asrqw.dat
C:\WINDOWS\system32\mffhk.txt
C:\WINDOWS\system32\zpium.log
C:\WINDOWS\system32\lujxk.dat
C:\WINDOWS\system32\rqbho.log
C:\WINDOWS\system32\aqeha.dat
C:\WINDOWS\system32\esaxr.dat
C:\WINDOWS\system32\cprtg.txt
C:\WINDOWS\system32\tajqb.txt
C:\WINDOWS\system32\wcmor.dat
C:\WINDOWS\system32\ecque.dat
C:\WINDOWS\system32\petnt.log
C:\WINDOWS\system32\pumtb.txt
C:\WINDOWS\eyknl.txt
C:\WINDOWS\pzoxi.txt
C:\WINDOWS\ksvunk.log
C:\WINDOWS\dsnzhm.log
C:\WINDOWS\vlgfbx.log
C:\WINDOWS\fgxue.txt
C:\WINDOWS\dvxmgi.dat
C:\WINDOWS\vvpabs.dat
C:\WINDOWS\owafdv.txt
C:\WINDOWS\qczzmq.txt
C:\WINDOWS\jvkfhs.txt
C:\WINDOWS\tvckjd.log
C:\WINDOWS\styjp.txt
C:\WINDOWS\wvuhg.dat
C:\WINDOWS\uituap.log
C:\WINDOWS\mimzuz.log
C:\WINDOWS\fjwewk.log
C:\WINDOWS\slfpjo.dat
C:\WINDOWS\klyudr.dat
C:\WINDOWS\dmjzfb.dat
C:\WINDOWS\fqdujq.log
C:\WINDOWS\xqvzdt.dat
C:\WINDOWS\qrgmgd.dat
C:\WINDOWS\odxtt.dat
C:\WINDOWS\jicrm.txt
C:\WINDOWS\pwwfiv.txt
C:\WINDOWS\appkcf.txt
C:\WINDOWS\sqipxq.log
C:\WINDOWS\anpmy.txt
C:\WINDOWS\lpswm.txt
C:\Programme\SearchRelevancy\SearchRelevancy.xml
C:\RECYCLER\Desktop.ini

PC neustarten

Dann scanne noch mal mit AdAware + as neue Log vom HijackThis und berichte.
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 15.01.2005 um 21:20 Uhr von Sabina editiert.
Seitenanfang Seitenende
16.01.2005, 14:20
Member

Themenstarter

Beiträge: 36
#8 also ich habe lsp_.dll nicht :/ habe nur
mswsock.dll, winrnr.dll, rsvpsp.dll



static.topconverting.com habe ich leider auch nicht gefunden
Dieser Beitrag wurde am 16.01.2005 um 14:37 Uhr von Vitali editiert.
Seitenanfang Seitenende
16.01.2005, 14:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9 o.k, dann fuehre alles aus, was ich sonst noch geschrieben habe und poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.01.2005, 15:00
Member

Themenstarter

Beiträge: 36
#10 ok also als ich killerbox rebooten wollte kann das:

Pending File Rename Options registry data has beent removed by External process


was soll das bedeuten?
muss ich jezt alles nochmal reinkopieren?


mfg vitali
Seitenanfang Seitenende
16.01.2005, 15:06
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 nein, das bedeutet, dass beim Neustart (beim Booten) die einkopierte Datei geloescht wird)

Kopiere alle ein und erst bei der letzten bestaetige mit yes, dass Neugestartet werden soll
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.01.2005, 15:28
Member

Themenstarter

Beiträge: 36
#12 ja das kamm ja bei der lezten datei. ich habe alles einkopiert und als ich dann reboot ja gedr§îckt habe, kamm der text


muss ich killerbox vielleicht im abgesicherten modus machen?


hm also die datein bei killerbox gibts nicht, habe ich jezt gemerkt.

mir ist aufgefallen, dass wenn ich ICQ starte f¨¹r kurzen moment da wo icq hinkommt schibt sich der komisch hintergrund zur¨¹ck, und man sieht den eigentlich hintergrund. sobald icq geladen wurde, kommt der komische hintergrund wieder.
Dieser Beitrag wurde am 16.01.2005 um 17:12 Uhr von Vitali editiert.
Seitenanfang Seitenende
16.01.2005, 18:38
Member

Themenstarter

Beiträge: 36
#13 http://www.smart-security.info/?affid=11OXC9

auchso was war glaube ich der link der im desktop stand.
Seitenanfang Seitenende
16.01.2005, 19:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 Hallo@Vitali

1. Update den Antivirus
+ konfiguriere unter "Options"

[X] Speicher
[X] Bootsektor Suchlaufwerke
[ ] Unbekannte Bootsektoren melden
[X] Alle Dateien
[ ] Programmdateien

2.Gehe in den abgesicherten Modus

3. Mache einen Komplettscann

4. Poste mir das Log vom Scann + das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 16.01.2005 um 19:18 Uhr von Sabina editiert.
Seitenanfang Seitenende
17.01.2005, 01:48
Member

Themenstarter

Beiträge: 36
#15 Logfile of HijackThis v1.99.0
Scan saved at 01:17:48, on 17.01.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
C:\Dokumente und Einstellungen\Luba von Roden\Eigene Dateien\HJT\hijackthis199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aon.at/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] REM C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] REM C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] REM C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CapFax] C:\Programme\mobile PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe"
O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105583648105
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {BBCACFA8-B901-451E-A606-0FE678814967} (control to view directory & upload images) - http://www.uboot.com/h/int/applet/photo_activex/PhotoUploader.CAB
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe



achso das antivirus hat nix gefunden
Dieser Beitrag wurde am 17.01.2005 um 01:48 Uhr von Vitali editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: