ad aware findet alexa bitte mal mein HijackThis logfile überprüfen |
||
---|---|---|
#0
| ||
02.07.2006, 11:51
Member
Beiträge: 43 |
||
|
||
02.07.2006, 13:31
Ehrenmitglied
Beiträge: 29434 |
#2
1.
fixe mit dem hijackThis: O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm 2. PC neustarten 3. lasse AdAware noch einmal scannen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.07.2006, 15:22
Member
Themenstarter Beiträge: 43 |
#3
hallo sabina,
leider wird er immernoch fündig ( log vom ad aware scan: Ad-Aware SE Build 1.06r1 Logfile Created on:Sonntag, 2. Juli 2006 16:10:02 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R113 28.06.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):3 total references MRU List(TAC index:0):25 total references Tracking Cookie(TAC index:3):11 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 02.07.2006 16:10:02 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 376 ThreadCreationTime : 02.07.2006 13:58:08 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 440 ThreadCreationTime : 02.07.2006 13:58:10 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 472 ThreadCreationTime : 02.07.2006 13:58:16 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 516 ThreadCreationTime : 02.07.2006 13:58:16 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 528 ThreadCreationTime : 02.07.2006 13:58:16 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 684 ThreadCreationTime : 02.07.2006 13:58:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 708 ThreadCreationTime : 02.07.2006 13:58:17 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 824 ThreadCreationTime : 02.07.2006 13:58:18 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 852 ThreadCreationTime : 02.07.2006 13:58:18 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1040 ThreadCreationTime : 02.07.2006 13:58:20 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1048 ThreadCreationTime : 02.07.2006 13:58:20 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:12 [aolacsd.exe] FilePath : C:\Programme\Gemeinsame Dateien\AOL\ACS\ ProcessID : 1180 ThreadCreationTime : 02.07.2006 13:58:21 BasePriority : Normal #:13 [zlclient.exe] FilePath : C:\PROGRA~1\ZONELA~1\ZONEAL~1\ ProcessID : 1332 ThreadCreationTime : 02.07.2006 13:58:24 BasePriority : Normal FileVersion : 4.5.532.000 ProductVersion : 4.5.532.000 ProductName : Zone Labs Client CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2003, Zone Labs Inc. OriginalFilename : zlclient.exe #:14 [avkservice.exe] FilePath : C:\Programme\AntiVirenKit\ ProcessID : 1340 ThreadCreationTime : 02.07.2006 13:58:24 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : AVKService Module FileDescription : AVKService Module InternalName : AVKService LegalCopyright : Copyright 2001 OriginalFilename : AVKService.EXE #:15 [avkwctl.exe] FilePath : C:\Programme\AntiVirenKit\ ProcessID : 1356 ThreadCreationTime : 02.07.2006 13:58:25 BasePriority : Normal FileVersion : 2, 0, 0, 0 ProductVersion : 10, 0, 0, 0 ProductName : AVK FileDescription : AVKWCtl Monitor Service InternalName : AVKWCtl OriginalFilename : AVKWCtl.EXE #:16 [aoldial.exe] FilePath : C:\Programme\Gemeinsame Dateien\AOL\ACS\ ProcessID : 1392 ThreadCreationTime : 02.07.2006 13:58:25 BasePriority : Normal FileVersion : 2.6.6.3.DE.55 ProductVersion : 2.6.6.3.DE.55 ProductName : AOL Connectivity Service CompanyName : America Online, Inc FileDescription : AOL Connectivity Service Dialer LegalCopyright : Copyright © 2003 America Online, Inc. OriginalFilename : AOLDial.exe #:17 [avkpop.exe] FilePath : C:\Programme\AntiVirenKit\ ProcessID : 1432 ThreadCreationTime : 02.07.2006 13:58:25 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : AVK CompanyName : G DATA Software AG FileDescription : AVK POP3 Server InternalName : AVKPOP LegalCopyright : Copyright 2001 OriginalFilename : AVKPop.exe #:18 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 1484 ThreadCreationTime : 02.07.2006 13:58:26 BasePriority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:19 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1540 ThreadCreationTime : 02.07.2006 13:58:26 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:20 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1584 ThreadCreationTime : 02.07.2006 13:58:26 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:21 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ProcessID : 1608 ThreadCreationTime : 02.07.2006 13:58:26 BasePriority : Normal FileVersion : 4.5.532.000 ProductVersion : 4.5.532.000 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2003, Zone Labs Inc. OriginalFilename : vsmon.exe #:22 [aoltray.exe] FilePath : C:\Programme\AOL 9.0\ ProcessID : 1720 ThreadCreationTime : 02.07.2006 13:58:29 BasePriority : Normal FileVersion : 9.00.001 ProductVersion : 9.00.001 ProductName : America Online CompanyName : America Online, Inc. FileDescription : AOL Tray Icon InternalName : AolTray LegalCopyright : Copyright (C) America Online, Inc. 1999 - 2004 #:23 [calcheck.exe] FilePath : C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ ProcessID : 1740 ThreadCreationTime : 02.07.2006 13:58:31 BasePriority : Normal FileVersion : 2, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Calendar Checker Application CompanyName : Ulead Systems, Inc. FileDescription : Photo Express -- Calendar Checker InternalName : CalCheck LegalCopyright : Copyright (C) 1992-1998.Ulead Systems, Inc. LegalTrademarks : Ulead Systems, MediaStudio, PhotoImpact and Photo Express are registered trademarks of Ulead Systems, Inc. OriginalFilename : CalCheck.EXE #:24 [ntvdm.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1748 ThreadCreationTime : 02.07.2006 13:58:32 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : NTVDM.EXE InternalName : NTVDM.EXE LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : NTVDM.EXE #:25 [wanmpsvc.exe] FilePath : C:\WINDOWS\ ProcessID : 1796 ThreadCreationTime : 02.07.2006 13:58:37 BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:26 [ocrawr32.exe] FilePath : C:\OPLIMIT\ ProcessID : 1864 ThreadCreationTime : 02.07.2006 13:58:40 BasePriority : Normal FileVersion : 5, 0, 0, 1 ProductVersion : 5, 0, 0, 1 ProductName : OmniPage Limited Edition CompanyName : Caere Corporation FileDescription : Ocraware32 InternalName : Ocraware32 LegalCopyright : Copyright © 1995 Caere Corporation OriginalFilename : Ocrawr32.exe #:27 [wmiprvse.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 2028 ThreadCreationTime : 02.07.2006 13:58:50 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:28 [waol.exe] FilePath : C:\Programme\AOL 9.0\ ProcessID : 1220 ThreadCreationTime : 02.07.2006 14:03:04 BasePriority : Normal #:29 [shellmon.exe] FilePath : C:\Programme\AOL 9.0\ ProcessID : 568 ThreadCreationTime : 02.07.2006 14:03:14 BasePriority : Normal #:30 [aoltpspd.exe] FilePath : C:\Programme\Gemeinsame Dateien\Aol\ ProcessID : 884 ThreadCreationTime : 02.07.2006 14:03:14 BasePriority : Normal FileVersion : 1, 1, 1, 0 ProductVersion : [v1_r1.1-2] On Mon 11/29/2004 19:54:26.07 ProductName : AOL TopSpeed(TM) CompanyName : America Online Inc FileDescription : AOL TopSpeed(TM) InternalName : AOL TopSpeed(TM) LegalCopyright : Copyright © America Online 2003 LegalTrademarks : AOL TopSpeed(TM) OriginalFilename : aoltpspd.exe #:31 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2396 ThreadCreationTime : 02.07.2006 14:09:40 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 3 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@partners.webmasterplan[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:alte hexe@partners.webmasterplan.com/ Expires : 27.08.2015 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@as1.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:120 Value : Cookie:alte hexe@as1.falkag.de/ Expires : 31.08.2006 10:07:18 LastSync : Hits:120 UseCount : 0 Hits : 120 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:110 Value : Cookie:alte hexe@doubleclick.net/ Expires : 24.08.2008 20:54:30 LastSync : Hits:110 UseCount : 0 Hits : 110 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@tradedoubler[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:22 Value : Cookie:alte hexe@tradedoubler.com/ Expires : 03.02.2025 23:20:42 LastSync : Hits:22 UseCount : 0 Hits : 22 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@serving-sys[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:alte hexe@serving-sys.com/ Expires : 01.01.2038 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@adbutler[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:alte hexe@adbutler.de/ Expires : 28.12.2005 15:39:12 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:215 Value : Cookie:alte hexe@2o7.net/ Expires : 10.09.2010 19:17:34 LastSync : Hits:215 UseCount : 0 Hits : 215 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@kelkoo[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:alte hexe@kelkoo.de/ Expires : 23.08.2007 23:08:02 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:348 Value : Cookie:alte hexe@advertising.com/ Expires : 16.06.2011 22:44:40 LastSync : Hits:348 UseCount : 0 Hits : 348 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:53 Value : Cookie:alte hexe@mediaplex.com/ Expires : 22.06.2009 02:00:00 LastSync : Hits:53 UseCount : 0 Hits : 53 Tracking Cookie Object Recognized! Type : IECache Entry Data : alte hexe@adtech[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:866 Value : Cookie:alte hexe@adtech.de/ Expires : 02.01.2016 23:59:10 LastSync : Hits:866 UseCount : 0 Hits : 866 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 11 Objects found so far: 14 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 14 Disk Scan Result for C:\WINDOWS\System32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 14 Disk Scan Result for C:\DOKUME~1\ALTEHE~1\LOKALE~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 14 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 14 MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Alte Hexe\recent Description : list of recently opened documents MRU List Object Recognized! Location: : .DEFAULT\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-18\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-19\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-20\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 39 16:12:00 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:01:57.999 Objects scanned:74795 Objects identified:14 Objects ignored:0 New critical objects:14 hm immernoch 14 infizierte objekte heul ( melaberlin mal wieder ratlos ist ;o) Dieser Beitrag wurde am 02.07.2006 um 19:25 Uhr von melaberlin editiert.
|
|
|
||
02.07.2006, 19:27
Member
Themenstarter Beiträge: 43 |
#4
habe gerade noch mal gescannt ad aware findet das (oder viell. auch was anderes) leider immerwieder auf jeden fall sagt er nicht alles in ordnung alles schön so kann es bleiben (
|
|
|
||
03.07.2006, 13:17
Ehrenmitglied
Beiträge: 29434 |
#5
scanne mit spybot und berichte
http://www.safer-networking.org/en/download/index.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
ad aware findet alexa, wirfst du mal bitte ein blick auf meine logs und sagst mir was ich wenn nötig unternehmen muss?
mein adaware log:
ArchiveData(alexa.bckp)
Referencefile : SE1R47 24.05.2005
======================================================
ALEXA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[1]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar"
obj[2]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"
obj[3]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"
obj[4]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"
obj[5]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"
obj[6]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText"
obj[7]=RegValue : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[8]=RegValue : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
obj[9]=RegValue : S-1-5-21-725345543-1682526488-854245398-1003\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
und hier mein HijackThis logfile :
Logfile of HijackThis v1.99.1
Scan saved at 12:33:47, on 02.07.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVirenKit\AVKService.exe
C:\Programme\AntiVirenKit\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\AntiVirenKit\AVKPOP.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\ntvdm.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Dokumente und Einstellungen\Alte Hexe\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\AntiVirenKit\AVKPOP.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Instant Messenger (TM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{112CE3AC-D968-4CDD-A8E3-C01C7AC0E0CA}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{112CE3AC-D968-4CDD-A8E3-C01C7AC0E0CA}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit\AVKWCtl.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
danke dir im voraus
melaberlin