Home » Spyware & Browser Hijacker Support Forum » die url "www.search-links.net" schreibt sich in die adresszeile » Themenansicht

die url "www.search-links.net" schreibt sich in die adresszeile
#0
17.03.2005, 13:09
jörg123
...neu hier

Beiträge: 2
#1 Hallo,

ich habe folgendes problem: sobald ich eine adresse in die adresszeile des ie eingebe, schiebt sich "search-links.net" davor und diese seite wird aufgerufen. auch kann ich die startseite nicht mehr ändern, da sie sich sofort in die o.a. adresse ändert. ich habe bereits ad-aware scannen lassen, sowie die microsoft antispyware. auch das neuinstallieren des browsers hat nichts geholfen.
zuletzt habe ich adware, spybot, spysubstract, cwshredder und highjackthis angewandt (auch im abgesicherten modus). hier mein aktuellstes logfile

Logfile of HijackThis v1.99.1
Scan saved at 22:28:07, on 19.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Code Edit Studio\Ces_Tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Jörg\Eigene Dateien\Eigene Datenquellen\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-links.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-links.net/?my= (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-links.net/?my= (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [CesTray] C:\Programme\Code Edit Studio\Ces_Tray.exe
O4 - HKLM\..\Run: [AnyDVD] "C:\Programme\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Easy-WebPrint Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O13 - DefaultPrefix: http://%73%65%61%72%63%68%2D%6C%69%6E%6B%73%2E%6E%65%74/?my=
O13 - WWW Prefix: http://%73%65%61%72%63%68%2D%6C%69%6E%6B%73%2E%6E%65%74/?my=
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/183bba7734acd9889e06/netzip/RdxIE601_de.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O18 - Protocol: cdtp - {51D6496B-7E89-42F6-9E21-42C504AC8612} - C:\Programme\Gemeinsame Dateien\aps 1.0\apscdtp.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


was kann ich tun?

danke

jörg
Dieser Beitrag wurde am 19.03.2005 um 22:38 Uhr von jörg123 editiert.
Seitenanfang Seitenende
17.03.2005, 23:48
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 http://board.protecus.de/t9391.htm
__________
MfG Argus
Seitenanfang Seitenende
24.03.2005, 15:53
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#3 Hallo@jörg123

Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.org/

C:\Programme\Gemeinsame Dateien\aps 1.0\apscdtp.dll

Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit...
jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-links.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-links.net/?my= (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search-links.net/?my= (obfuscated)

O13 - DefaultPrefix: http://%73%65%61%72%63%68%2D%6C%69%6E%6B%73%2E%6E%65%74/?my=
O13 - WWW Prefix: http://%73%65%61%72%63%68%2D%6C%69%6E%6B%73%2E%6E%65%74/?my=

PC neustarten

Hier das Reg-File, das die Standardwerte unter "DefaultPrefix" und "Prefixes" wieder herstellt.
defaultprefix.reg downloaden.
http://www.wintotal.de/Tipps/Eintrag.php?TID=434

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

CWShredder 2.12 [2004-12-13]
http://www.majorgeeks.com/download3019.html
* Double-click on CWShredder.exe.
* Click "Fix ->" and click "OK" at the prompt.
* CWShredder will scan and clean your system of CWS files.
* Click "Next->" and then "Exit".
Log-->"make Report"

Please download DllCompare from here
http://www.atribune.org/downloads/DllCompare.exe
<klick: Locate.com button.
wenn der Scan beendet ist
<klick:Compare button
<klick: und erstelle das Log--->bitte posten

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.03.2005, 20:45
jörg123
...neu hier

Themenstarter

Beiträge: 2
#4 Hallo Sabina,

ersteinmal vielen dank, dass du dich meines problems angenommen hast. hier das Ergebnis ds scans mit juttis malware und das von adaware:

Service load: 0% 100%

File: apscdtp.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: -

AntiVir No viruses found
Avast No viruses found
AVG Antivirus No viruses found
BitDefender No viruses found
ClamAV No viruses found
Dr.Web No viruses found
F-Prot Antivirus No viruses found
Fortinet No viruses found
Kaspersky Anti-Virus No viruses found
mks_vir No viruses found
NOD32 No viruses found
Norman Virus Control No viruses found

Statistics
Last piece of malware found was BehavesLike:Trojan.LowZones in IELower.exe, detected by:

Scanner Malware name
AntiVir X
Avast X
AVG Antivirus X
BitDefender BehavesLike:Trojan.LowZones
ClamAV Trojan.Lowzones-2
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus X
mks_vir X
NOD32 probably unknown NewHeur_PE
Norman Virus Control Sandbox: W32/Malware



Ad-Aware SE Build 1.05
Logfile Created on;)onnerstag, 24. März 2005 21:34:26
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R33 16.03.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):47 total references
Windows(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


24.03.2005 21:34:26 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\ahead\nero wave editor\recent file list
Description : list of recently used files in nero wave editor


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\frontpage\editor\recent templates
Description : list of recently used templates in microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\frontpage\editor
Description : default add image directory for microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\frontpage
Description : default save location in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\frontpage\explorer\frontpage explorer\recently created servers
Description : list of recently created servers in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\office\10.0\common\search\last query
Description : last query in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-4139700704-3927480322-513286860-1005\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Jörg\recent
Description : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 580
ThreadCreationTime : 24.03.2005 20:33:48
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 24.03.2005 20:33:49
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 24.03.2005 20:33:51
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 24.03.2005 20:33:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [savedump.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 24.03.2005 20:33:51
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Programm zur Sicherung eines Abbilds
InternalName : savedump
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : savedump.exe

#:6 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 24.03.2005 20:33:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 24.03.2005 20:33:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 944
ThreadCreationTime : 24.03.2005 20:33:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 984
ThreadCreationTime : 24.03.2005 20:33:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1072
ThreadCreationTime : 24.03.2005 20:33:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1100
ThreadCreationTime : 24.03.2005 20:33:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1316
ThreadCreationTime : 24.03.2005 20:33:53
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1352
ThreadCreationTime : 24.03.2005 20:33:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1360
ThreadCreationTime : 24.03.2005 20:33:53
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:15 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1500
ThreadCreationTime : 24.03.2005 20:33:54
BasePriority : Normal


#:16 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1512
ThreadCreationTime : 24.03.2005 20:33:54
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:17 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1532
ThreadCreationTime : 24.03.2005 20:33:54
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:18 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1660
ThreadCreationTime : 24.03.2005 20:33:54
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1712
ThreadCreationTime : 24.03.2005 20:33:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1768
ThreadCreationTime : 24.03.2005 20:33:54
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [fxssvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1848
ThreadCreationTime : 24.03.2005 20:33:55
BasePriority : Normal
FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.2.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Faxdienst
InternalName : FXSSVC.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : FXSSVC.EXE

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 904
ThreadCreationTime : 24.03.2005 20:33:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [slrundll.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 24.03.2005 20:33:56
BasePriority : Normal


#:24 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1908
ThreadCreationTime : 24.03.2005 20:34:03
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:25 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2072
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Normal
FileVersion : 6.14.10.4029
ProductVersion : 6.14.10.4029
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:26 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 2124
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:27 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 2144
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:28 [lxbkbmgr.exe]
FilePath : C:\Programme\Lexmark X1100 Series\
ProcessID : 2160
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Manager Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Manager
InternalName : lxbkbmgr.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmgr.exe

#:29 [ces_tray.exe]
FilePath : C:\Programme\Code Edit Studio\
ProcessID : 2168
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 2.0
ProductName : Code Edit Studio
CompanyName : Alcaland Software
FileDescription : Code Edit Studio Tray Interface
InternalName : Ces_Tray
LegalCopyright : Copyright (C) 2003 Alcaland Software
OriginalFilename : Ces_Tray.exe

#:30 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2204
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:31 [gcasserv.exe]
FilePath : C:\Programme\Microsoft AntiSpyware\
ProcessID : 2212
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:32 [lxbkbmon.exe]
FilePath : C:\Programme\Lexmark X1100 Series\
ProcessID : 2224
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Normal
FileVersion : 0.1.1.1
ProductVersion : 0.1.1.1
ProductName : Button Monitor Executable
CompanyName : Lexmark International, Inc.
FileDescription : Lexmark X1100 Series Button Monitor
InternalName : lxbkbmon.exe
LegalCopyright : (C) 2002 Lexmark International, Inc.
OriginalFilename : lxbkbmon.exe

#:33 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2244
ThreadCreationTime : 24.03.2005 20:34:04
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:34 [wincinemamgr.exe]
FilePath : C:\Programme\InterVideo\Common\Bin\
ProcessID : 2452
ThreadCreationTime : 24.03.2005 20:34:06
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright (C) 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:35 [wlancfg5.exe]
FilePath : C:\Program Files\NETGEAR\MA521 Configuration Utility\
ProcessID : 2460
ThreadCreationTime : 24.03.2005 20:34:06
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ClientCU Application
FileDescription : ClientCU MFC Application
InternalName : ClientCU
LegalCopyright : Copyright (C) 2003
OriginalFilename : ClientCU.EXE

#:36 [spysub.exe]
FilePath : C:\Program Files\interMute\SpySubtract\
ProcessID : 2484
ThreadCreationTime : 24.03.2005 20:34:06
BasePriority : Normal
FileVersion : 1, 0, 1, 49
ProductVersion : 2.60
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright (c) 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe

#:37 [gcasdtserv.exe]
FilePath : C:\Programme\Microsoft AntiSpyware\
ProcessID : 2540
ThreadCreationTime : 24.03.2005 20:34:06
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:38 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4040
ThreadCreationTime : 24.03.2005 20:34:17
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data : http://%73%65%61%72%63%68%2d%6c%69%6e%6b%73%2e%6e%65%74/?my=
Category : Vulnerability
Comment : URL Prefix Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\url\defaultprefix
Value :
Data : http://%73%65%61%72%63%68%2d%6c%69%6e%6b%73%2e%6e%65%74/?my=

Windows Object Recognized!
Type : RegData
Data : http://%73%65%61%72%63%68%2d%6c%69%6e%6b%73%2e%6e%65%74/?my=
Category : Vulnerability
Comment : URL Prefix Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\url\prefixes
Value : www
Data : http://%73%65%61%72%63%68%2d%6c%69%6e%6b%73%2e%6e%65%74/?my=

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 49


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 49




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49

21:44:17 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:50.843
Objects scanned:114888
Objects identified:2
Objects ignored:0
New critical objects:2
Dieser Beitrag wurde am 24.03.2005 um 21:50 Uhr von jörg123 editiert.
Seitenanfang Seitenende
25.03.2005, 11:37
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 Hallo@jörg123

arbeite bitte die anderen Tools noch ab und poste mir alles, denn ich kann nur aus dem Log vom HijackTHis den Hijacker nicht identifizieren.

Hier das Reg-File, das die Standardwerte unter "DefaultPrefix" und "Prefixes" wieder herstellt.
defaultprefix.reg downloaden.
http://www.wintotal.de/Tipps/Eintrag.php?TID=434

CWShredder 2.12 [2004-12-13]
http://www.majorgeeks.com/download3019.html
* Double-click on CWShredder.exe.
* Click "Fix ->" and click "OK" at the prompt.
* CWShredder will scan and clean your system of CWS files.
* Click "Next->" and then "Exit".
Log-->"make Report"

Please download DllCompare from here
http://www.atribune.org/downloads/DllCompare.exe
<klick: Locate.com button.
wenn der Scan beendet ist
<klick:Compare button
<klick: und erstelle das Log--->bitte posten

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
--

--------------------------------------------------------------

http://www.silentrunners.org/sr_download.html
gehe auf:
Zitat:
Click here to download a zip file.


hier die Erklaerung:
http://www.silentrunners.org/sr_scriptuse.html

klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor-->
und poste alles, was angezeigt wird.
_________________________________________________________________
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1