- #1
G
Ginelli
Neues Mitglied
Themenersteller
- Dabei seit
- 15.02.2005
- Beiträge
- 1
- Reaktionspunkte
- 0
Logfile of HijackThis v1.98.0
Scan saved at 10:44:03, on 15.02.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVSched32.EXE
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Winamp\Winampa.exe
C:\temp\salm.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\PrecisionTime\PrecisionTime.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\DVDRAMSV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\Programme\ArcorOnline\Arcor.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\DOKUMENTE UND EINSTELLUNGEN\PC HATIFA\DESKTOP\stinger.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Softwin\BitDefender Free Edition\bdnagent.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Dokumente und Einstellungen\PC HATIFA\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: olado Toolbar von Ashampoo - {1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - C:\Programme\Ashampoo\olado Toolbar von Ashampoo\olado.dll
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: EZ-Tracks - {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} - C:\WINDOWS\DOWNLO~1\eztbartb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\Ashampoo\OLADOT~1\olado.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: EZ-Tracks - {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} - C:\WINDOWS\DOWNLO~1\eztbartb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: olado Toolbar von Ashampoo - {1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - C:\Programme\Ashampoo\olado Toolbar von Ashampoo\olado.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe wnim.dll, DllRegisterServer
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [CMESys] C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\Winampa.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Programme\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O9 - Extra->Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://209.8.20.130/dl/adv314/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-511111113458} -
O16 - DPF: {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} (EZ-Tracks) - http://www.ez-tracks.com/Toolbars/EZTWhenU/eztbartb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100292159758
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/aktenkoffer/activex/upload_1119.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96FEB170-3534-4B0D-8AFD-476E7ED3ED58}: NameServer = 195.50.140.252 195.50.140.250
Scan saved at 10:44:03, on 15.02.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVSched32.EXE
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Winamp\Winampa.exe
C:\temp\salm.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\PrecisionTime\PrecisionTime.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\DVDRAMSV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\Programme\ArcorOnline\Arcor.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\DOKUMENTE UND EINSTELLUNGEN\PC HATIFA\DESKTOP\stinger.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Softwin\BitDefender Free Edition\bdnagent.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Dokumente und Einstellungen\PC HATIFA\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: olado Toolbar von Ashampoo - {1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - C:\Programme\Ashampoo\olado Toolbar von Ashampoo\olado.dll
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: EZ-Tracks - {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} - C:\WINDOWS\DOWNLO~1\eztbartb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: ToolHelper - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\Ashampoo\OLADOT~1\olado.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: EZ-Tracks - {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} - C:\WINDOWS\DOWNLO~1\eztbartb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: olado Toolbar von Ashampoo - {1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - C:\Programme\Ashampoo\olado Toolbar von Ashampoo\olado.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe wnim.dll, DllRegisterServer
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [CMESys] C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\Winampa.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Programme\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O9 - Extra->Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - (no file)
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://209.8.20.130/dl/adv314/x.chm::/load.exe
O16 - DPF: {11111111-1111-1111-1111-511111113458} -
O16 - DPF: {4E7BD74F-2B8D-469E-D0EA-ED6DB681A038} (EZ-Tracks) - http://www.ez-tracks.com/Toolbars/EZTWhenU/eztbartb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100292159758
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/aktenkoffer/activex/upload_1119.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_18_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96FEB170-3534-4B0D-8AFD-476E7ED3ED58}: NameServer = 195.50.140.252 195.50.140.250