Ohne Proxy geht das Surfen nicht :/ |
||
---|---|---|
#0
| ||
23.02.2005, 11:57
...neu hier
Beiträge: 6 |
||
|
||
23.02.2005, 13:07
Member
Beiträge: 1132 |
#2
Schaust Du mal hier nach
http://www.liutilities.com/products/wintaskspro/processlibrary/isass/index.html Zitat isass - isass.exe - Process InformationKönnte vielleicht auch der Sasser Wurm sein!? Gruß Heron __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch |
|
|
||
23.02.2005, 14:03
...neu hier
Themenstarter Beiträge: 6 |
#3
Hab schon dar¬îber gelesen aber versteh den zusammenhang nicht so..und ich wei¬Á nicht ob es die issas.exe oder lsass.exe ist
Zitat Achtung:kann man ja gar nicht unterscheiden xD Gruzz Jini Dieser Beitrag wurde am 23.02.2005 um 14:04 Uhr von Djini editiert.
|
|
|
||
23.02.2005, 15:25
Member
Beiträge: 1132 |
#4
Das Herunterfahren des PC's aber ist verdächtig.
Was sagt HighjackThis? Gruß Heron __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch |
|
|
||
23.02.2005, 17:19
...neu hier
Themenstarter Beiträge: 6 |
||
|
||
23.02.2005, 17:49
Member
Beiträge: 1132 |
#6
Entschuldige, ich dachte Du weißt das.
Lade Dir HighjackThis herunter Version 1.99.1 http://www.downloads.subratam.org/hijackthis.zip http://www.spywareinfo.com/~merijn/files/hijackthis.zip Installiere das Programm in einem eigenen Ordner. Starte das Programm mit der exe-Datei => Scan drücken => Save Log drücken => der Texteditor mit dem Log öffnet sich. Den gesamten Text abkopieren und hierher posten. Ich denke es ist das beste, wenn Du damit einen neuen Thread im "Virus, Trojaner & Malware" Forum mit kurzer Beschreibung Deines Problems eröffnest, weil das nicht in die Thematik dieses Forums passt. Gruß Heron __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch Dieser Beitrag wurde am 23.02.2005 um 17:50 Uhr von Heron editiert.
|
|
|
||
24.02.2005, 09:49
...neu hier
Themenstarter Beiträge: 6 |
#7
Ohman was ist denn nur mit meinem PC los :-( ..erst hatte ich einen Winsock Fehler<-hab ich repariert..Dann kann ich nicht mit meiner ip surfen...und nun hat mein Anti-Virus Backdoor.W32.Robobot.n gefunden .. Ich hoffe ich ich krieg ihn wieder weg ohne zu formartieren denn das wär die Katastrophe für mich
Hab jetzt das HijackThis und der meinte zu mir: Logfile of HijackThis v1.99.1 Scan saved at 09:39:16, on 24.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe C:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\CursorXP\CursorXP.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\windows\System32\nvsvc32.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\windows\System32\taskmgr.exe C:\Programme\Messenger Plus! 3\MsgPlus.exe C:\windows\System32\svchost.exe C:\Programme\eMule\emule.exe C:\Programme\Avant Browser\avant.exe C:\Dokumente und Einstellungen\Geneticstyle\Desktop\Desktop Anwendungen\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.chat-style.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: (no name) - {BF067561-19A0-45E2-A04E-8F3BBA348328} - (no file) O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programme\ReGetDx\iebar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [KAV50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SysMetrix] C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [saap] c:\programme\180searchassistant\saap.exe O4 - HKLM\..\Run: [yxyt] C:\WINDOWS\yxyt.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [VirtualDesktop] "C:\Programme\Tweak-XP Pro 3\virtuald.exe" O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CursorXP] "C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\CursorXP\CursorXP.exe" -s O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_All.htm O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_Link.htm O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU) O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O16 - DPF: ConferenceRoom Java Client - http://irc2.bluewin.ch/java/cr.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=10f08450ab596047f6c94d90b79b47d1 528d9dc4c40924e2499f8b9bd779519ddd40d75 9133a448fde7f410342650f82cf1f1ae7:7ba4efda8 98ff66841613117fb4ea0f9 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://63.236.66.10/em/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} - http://mmm.roings.com/roing.cab O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.ghostsandlegends.com/AxisCamControl.ocx O16 - DPF: {AABB591F-CEB3-404A-A979-AA30B16CB914} (IPLabs Image Uploader 2.5) - http://upload.suger24.de/uploader.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F834FDED-CB7E-4CAC-878B-16089C04EFC7} (Flatcast Producer 4.12) - http://www.flatcast.de/objects/NpFp412.dll O20 - Winlogon Notify: MCPClient - C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Programme\Remote Task Manager\RTMService.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symnumdr - Unknown owner - (no file) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Programme\WebDrive\wdservice.exe (file missing) ganz viel zu sagen hatte er o.O *gg* Oops..Woher kommen denn die ganzen Links? Soll ich die wech machen? Sorry aber die waren im Log schon irgendwie drinne O.o deswegen..(nur auf eigene Gefahr - bzw. lieber nicht raufgehen..nicht dass ihr den Backdoor auch abkriegt!!!) PS. das mit der issas.exe hat sich glaub ich geregelt ..ich hatte irgendeine dumme SearchBar abgekriegt die hab jetzt geblockt&gelöscht...aber jetzt hab ich voll die anderen Sorgen ...Hilfeeee!!!. .. Dieser Beitrag wurde am 24.02.2005 um 09:58 Uhr von Djini editiert.
|
|
|
||
24.02.2005, 10:48
Member
Beiträge: 1132 |
#8
Ohman was ist denn nur mit meinem PC los :-( ..erst hatte ich einen Winsock Fehler<-hab ich repariert..Dann kann ich nicht mit meiner ip surfen...und nun hat mein Anti-Virus Backdoor.W32.Robobot.n gefunden .. Ich hoffe ich ich krieg ihn wieder weg ohne zu formartieren denn das wär die Katastrophe für mich
Hab jetzt das HijackThis und der meinte zu mir: Logfile of HijackThis v1.99.1 Scan saved at 09:39:16, on 24.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe C:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\CursorXP\CursorXP.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\windows\System32\nvsvc32.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\windows\System32\taskmgr.exe C:\Programme\Messenger Plus! 3\MsgPlus.exe C:\windows\System32\svchost.exe C:\Programme\eMule\emule.exe C:\Programme\Avant Browser\avant.exe C:\Dokumente und Einstellungen\Geneticstyle\Desktop\Desktop Anwendungen\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.easywebsearch.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.chat-style.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: (no name) - {BF067561-19A0-45E2-A04E-8F3BBA348328} - (no file) O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programme\ReGetDx\iebar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [KAV50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SysMetrix] C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [saap] c:\programme\180searchassistant\saap.exe O4 - HKLM\..\Run: [yxyt] C:\WINDOWS\yxyt.exe O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [VirtualDesktop] "C:\Programme\Tweak-XP Pro 3\virtuald.exe" O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CursorXP] "C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\CursorXP\CursorXP.exe" -s O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_All.htm O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_Link.htm O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU) O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O16 - DPF: ConferenceRoom Java Client - http://irc2.bluewin.ch/java/cr.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6.cab - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=10f08450ab596047f6c94d90b79b47d1528 d9dc4c40924e2499f8b9bd779519ddd40d7591 33a448fde7f410342650f82cf1f1ae7:7ba4efda898ff66841613117fb4ea0f9 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://63.236.66.10/em/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} - http://mmm.roings.com/roing.cab O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.ghostsandlegends.com/AxisCamControl.ocx O16 - DPF: {AABB591F-CEB3-404A-A979-AA30B16CB914} (IPLabs Image Uploader 2.5) - http://upload.suger24.de/uploader.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/dlaccell.CAB O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O16 - DPF: {F834FDED-CB7E-4CAC-878B-16089C04EFC7} (Flatcast Producer 4.12) - http://www.flatcast.de/objects/NpFp412.dll O20 - Winlogon Notify: MCPClient - C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Programme\Remote Task Manager\RTMService.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symnumdr - Unknown owner - (no file) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Programme\WebDrive\wdservice.exe (file missing) ganz viel zu sagen hatte er o.O *gg* Oops..Woher kommen denn die ganzen Links? Soll ich die wech machen? Sorry aber die waren im Log schon irgendwie drinne O.o deswegen..(nur auf eigene Gefahr - bzw. lieber nicht raufgehen..nicht dass ihr den Backdoor auch abkriegt!!!) PS. das mit der issas.exe hat sich glaub ich geregelt ..ich hatte irgendeine dumme SearchBar abgekriegt die hab jetzt geblockt&gelöscht...aber jetzt hab ich voll die anderen Sorgen ...Hilfeeee!!!. __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch Dieser Beitrag wurde am 24.02.2005 um 11:10 Uhr von Heron editiert.
|
|
|
||
24.02.2005, 19:08
...neu hier
Themenstarter Beiträge: 6 |
#9
ERstmal muss ich sagen..danke für deine Hilfe Heron..ist echt nett von dir :-)
Soo..Hat übels lange gedauert alles rumzuscannen aber ich hoffe es hat sich gelohnt Ad-Aware hat im abgesichrtem Modus vieeel gefunden naja wie immer aber diesmal waren es über 100 Ad´s ..Spy S&D aber auch..hab allex gefixed ausser ein Ding was in der HKEY_LOCAL_MACHINE war der konnte das nicht fixen ..hatte erst bisschen Angst den zu löschen hab ich auch erst nicht gemacht aber nach dem Neustart war er irgendwie von alleine weg bzw. hat er nicht wiedergefunden Das mit dem HiJackThis Fix Tool hat alles ganz gut geklappt aber ich konnte die dann Manuell im Active-X Ordner nicht wiederfinden ?! Ist normal dass die nicht mehr da waren oder? Nach dem Kaspersky Scan - auch nix gefunden Hier kommt jetzt ein Log von Ad-Aware beim scannen wo ich noch im Abgesichrtem Modus war (also das erste mal gescannt) Lavasoft Ad-Aware Professional Build 1.03 Logfile created ononnerstag, 24. Februar 2005 14:51:39 Using definitions file:SE1R28 16.02.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:8):3 total references Alexa(TAC index:5):3 total references AltnetBDE(TAC index:4):1 total references BargainBuddy(TAC index:8):11 total references BlazeFind(TAC index:5):5 total references CoolWebSearch(TAC index:10):2 total references Favoriteman(TAC index:8):1 total references Holystic-Dialer(TAC index:5):1 total references istbar.dotcomToolbar(TAC index:5):3 total references istbar(TAC index:6):1 total references MainPean Dialer(TAC index:5):1 total references MRU List(TAC index:0):54 total references TopMoxie(TAC index:3):1 total references Tracking Cookie(TAC index:3):66 total references WinAD(TAC index:7):2 total references WindUpdates(TAC index:8):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware Settings =========================== Set : Unload recognized processes & modules during scan Set : Ignore spanned files when scanning cab archives Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Show splash screen Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects 24.02.2005 14:51:39 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\swhois3\recent Description : smart whois recent typed urls list MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\ahead\nero wave editor\recent file list Description : list of recently used files in nero wave editor MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\ulead systems\ulead photoimpact\8.0\recent file list Description : list of recently used files in ulead photoimpact MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\editor\insert hyperlink\recently used urls Description : list of recently used urls in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\editor Description : default add image directory for microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\editor Description : last used folder in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\editor\recently used urls Description : list of recently used urls in microsoft frontpage MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\editor Description : folder of the last used web in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\office\11.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent page list Description : list of recently used pages in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\mediaplayer\player\recenturllist Description : list of recently used web addresses in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\mediaplayer\preferences Description : last search path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\frontpage\editor\insert image\recently used urls Description : list of recently used urls in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\winrar\dialogedithistory\extrpath Description : winrar "extract-to" history MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Geneticstyle\Anwendungsdaten\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Geneticstyle\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 160 ThreadCreationTime : 24.02.2005 13:48:40 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\windows\system32\ ProcessID : 208 ThreadCreationTime : 24.02.2005 13:48:52 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\windows\system32\ ProcessID : 232 ThreadCreationTime : 24.02.2005 13:48:55 BasePriority : High #:4 [services.exe] FilePath : C:\windows\system32\ ProcessID : 276 ThreadCreationTime : 24.02.2005 13:49:02 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\windows\system32\ ProcessID : 288 ThreadCreationTime : 24.02.2005 13:49:03 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\windows\system32\ ProcessID : 452 ThreadCreationTime : 24.02.2005 13:49:09 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\windows\system32\ ProcessID : 492 ThreadCreationTime : 24.02.2005 13:49:11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [kavmm.exe] FilePath : C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\ ProcessID : 532 ThreadCreationTime : 24.02.2005 13:49:12 BasePriority : Normal FileVersion : 5.0.20.0 ProductVersion : 5.0.20.0 ProductName : Kaspersky Anti-Virus Personal Pro 5.0 CompanyName : Kaspersky Lab InternalName : KAVMM LegalCopyright : Copyright © Kaspersky Lab 1996-2004. LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab. OriginalFilename : KAVMM.EXE #:9 [sdmcp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Stardock\ ProcessID : 716 ThreadCreationTime : 24.02.2005 13:49:46 BasePriority : Normal FileVersion : 0, 0, 5, 8 ProductVersion : 0, 0, 5, 8 ProductName : Stardock MCP Core Services (System Extensions and Hooks) CompanyName : Stardock FileDescription : MCPServer InternalName : MCP LegalCopyright : Copyright © 2002 OriginalFilename : SDMCP.exe #:10 [explorer.exe] FilePath : C:\windows\ ProcessID : 812 ThreadCreationTime : 24.02.2005 13:49:50 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:11 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Professional\ ProcessID : 1160 ThreadCreationTime : 24.02.2005 13:50:52 BasePriority : Normal FileVersion : 6.2.0.161 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:12 [spybotsd.exe] FilePath : C:\Programme\Spybot - Search & Destroy\ ProcessID : 1164 ThreadCreationTime : 24.02.2005 13:50:53 BasePriority : Normal FileVersion : 1, 3, 0, 12 ProductVersion : 1, 3, 0, 12 ProductName : SpyBot-S&D CompanyName : Safer Networking Limited FileDescription : Spybot - Search & Destroy InternalName : SpybotSD LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : SpyBotSD.exe Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen. Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 54 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions AltnetBDE Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\altnet BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : winadx.installer Holystic-Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : hol5_vxiewer.full.1 istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{386a771c-e96a-421f-8ba7-32f1b706892f} istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f} MainPean Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\intexusdial WindUpdates Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bridgex.installer 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "partner_id" Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : partner_id Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-2070620897-4265909289-572454927-1005\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerID" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UtilFolder" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UtilFolder BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerName" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHit" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BuildNumber" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UninstallUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstallUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UniqueKeyUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKeyUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHitUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHitUrl Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 21 Objects found so far: 75 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 75 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 66 Objects found so far: 141 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» TopMoxie Object Recognized! Type : File Data : WebRebates0.exe.q_985E000_q Category : Data Miner Comment : Object : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\ WinAD Object Recognized! Type : File Data : Winad.exe.q_E275E00_q Category : Malware Comment : Object : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\ BlazeFind Object Recognized! Type : File Data : backup-20050224-120627-532.dll Category : Malware Comment : Object : C:\Dokumente und Einstellungen\Geneticstyle\Desktop\Desktop Anwendungen\hijackthis\backups\ WinAD Object Recognized! Type : File Data : ClientCom.dll Category : Malware Comment : Object : C:\program files\Winad Client\ CoolWebSearch Object Recognized! Type : File Data : rundlg32.dll Category : Malware Comment : Object : C:\WINDOWS\Downloaded Program Files\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Search Bar FileDescription : Search Bar plug-in for Internet Explorer InternalName : ToolBar LegalCopyright : Copyright © 2004 OriginalFilename : ToolBand.dll BlazeFind Object Recognized! Type : File Data : Key2.txt Category : Malware Comment : Object : C:\WINDOWS\ BargainBuddy Object Recognized! Type : File Data : exdl.ex$ Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exul.ex$ Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Favoriteman Object Recognized! Type : File Data : SHAgentNew.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : exe_in_dll Module FileDescription : exe_in_dll Module InternalName : exe_in_dll LegalCopyright : Copyright 2001 OriginalFilename : exe_in_dll.DLL Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 150 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Not Avaliable Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 150 Scanning Hosts file...... Hosts file location:"C:\windows\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 150 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler BlazeFind Object Recognized! Type : File Data : ide21201.vxd Category : Malware Comment : Object : C:\windows\System32\ istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll WindUpdates Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\windupdates BargainBuddy Object Recognized! Type : File Data : bbchk.exe Category : Malware Comment : Object : C:\windows\System32\ FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 7 Objects found so far: 157 15:30:15 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:38:35.250 Objects scanned:253706 Objects identified:103 Objects ignored:0 New critical objects:103 Denn noch ein Screenshot von Spy SD: (was er nicht fixen konnte) HiJackThis Log: ogfile of HijackThis v1.99.1 Scan saved at 19:03:27, on 24.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\Gemeinsame Dateien\Stardock\SDMCP.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\Programme\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\windows\System32\nvsvc32.exe C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe C:\windows\Explorer.EXE C:\Programme\Messenger Plus! 3\MsgPlus.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\CursorXP\CursorXP.exe C:\windows\System32\taskmgr.exe C:\Programme\Avant Browser\avant.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\windows\System32\svchost.exe C:\Dokumente und Einstellungen\Geneticstyle\Desktop\Desktop Anwendungen\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: (no name) - {BF067561-19A0-45E2-A04E-8F3BBA348328} - (no file) O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programme\ReGetDx\iebar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Programme\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [KAV50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SysMetrix] C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [VirtualDesktop] "C:\Programme\Tweak-XP Pro 3\virtuald.exe" O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CursorXP] "C:\Dokumente und Einstellungen\Geneticstyle\Desktop\StyleZz\CursorXP\CursorXP.exe" -s O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_All.htm O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_Link.htm O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing) O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\swiehlp.exe (file missing) O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU) O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O16 - DPF: ConferenceRoom Java Client - http://irc2.bluewin.ch/java/cr.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.ghostsandlegends.com/AxisCamControl.ocx O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O20 - Winlogon Notify: MCPClient - C:\Programme\Gemeinsame Dateien\Stardock\mcpstub.dll O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Programme\Remote Task Manager\RTMService.exe (file missing) O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symnumdr - Unknown owner - (no file) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Programme\WebDrive\wdservice.exe (file missing) zu lspfix...Hab mir die TxT Datei vorgelesen habs auch so angewendet wie dort steht aber irgendwie hat er 0 gefixed-.- oder ich hab das doch nicht ganz verstanden?? Dieser Beitrag wurde am 24.02.2005 um 19:36 Uhr von Djini editiert.
|
|
|
||
24.02.2005, 19:38
Member
Beiträge: 1132 |
#10
Mann da hat sich ja ganz schön was angesammelt! Ich kann garnicht glauben, dass Kaspersky von dem allem nichts mitbekommen hat!
Das mit LSPfix ist ok Die mit Spybot S&D gefundenen Objekte werden nicht beim scannen gelöscht, sondern Du musst die Objekte markieren und dann "Next" drücken. DSO-Exploit ist ein Bug im Programm, kannst Du ignorieren. Falls es immer noch Probleme gibt, dann schau mal in der Log Datei für das Fixen mit S&D nach => Fixes.txt wo es hängt. Höre zum ersten Mal, dass S&D nicht löscht! Fixe noch mit HJT O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.ghostsandlegends.com/AxisCamControl.ocx und alle Einträge, die am Ende "(no file)" haben (sind unnötig!) Scanne Dein System noch mit (Virenwächter vorübergehend deaktivieren) Stinger http://vil.nai.com/vil/stinger/ AboutBuster http://www.spychecker.com/program/aboutbuster.html CWShredder http://www.majorgeeks.com/download3019.html Berichte ob die Tools etwas gefunden haben anschließend noch mal mit Spybot scannen und Objekte löschen, falls die vorgenannten Tools (insbesondere CWShredder) etwas gefunden haben. Wenn Du ein weiteres tun möchtest, würde ich Dir einen Onlinescan mit den nachfolgenden Tools noch empfehlen (am Besten dazu vorübergehend den Virenwächter deaktivieren): McAfee FreeScan www.mcafee.com/myapps/mfs/default.asp f-secure http://support.f-secure.com/enu/home/ols.shtml Panda http://www.pandasoftware.com/activescan/com/activescan_principal.htm BitDefender www.bitdefender.com/scan/Msie/index.php Wenn Du das alles durch hast aktuelles HJT Log posten Macht der PC noch Zicken? Gruß Heron __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch Dieser Beitrag wurde am 24.02.2005 um 19:50 Uhr von Heron editiert.
|
|
|
||
24.02.2005, 19:46
...neu hier
Themenstarter Beiträge: 6 |
#11
Ok..danke ..mach ich gleich
Hmm Pc macht "noch" keine Probs aber dass mit der IP dass ich über die surfen kann geht immer noch net kann nicht mal auf meinen FTP server rauf wo ich grad die TXT Datei uploaden wollte :/ |
|
|
||
Ich hab ein Problem mit meiner IP und zwar:
Ich hatte vor ner Woche einen HTTP Proxy verwendet(mehrmals)
Dann nach einem Neustart hab ich festgestellt dass ich mit meiner IP nicht mehr Surfen kann der Transfer tut einfach nicht..Zwar bin ich im Internet normal mit meiner IP verbunden aber Browser/Msn Messenger/paar andere Programme schreiben mir dass ich keine Verbindung hab! Nuir wenn ich wieder diese Proxy iP einstell tut sich wieder was. Hab schon Winsock neu raufgemacht..Firewall deinstalliert..Nach Viren gescannt..Weiß einer wie ich das wieder beheben kann?!
Hier paar Infos:
OS:Windows XP Home SP1
Firewall:Outpost (deinstalliert)
Anti-VirusKaspersky Anti Virus Personal Pro
Router:NETGEAR
Meist verwendeter Browser:Avantbrowser
Hab jetzt was neues entdeckt und zwar...wenn ich bisschen mit dem Transfer rumspiele und andere Proxys adden will kommt nach einer zeit sowas: isass.exe - Fehler in Anwendung und denn wenn man auf ok macht startet der PC neu :/