Danke für die schnelle Zusendung
Hier mal der Log von Hijack This:
Wie gehe ich dann vor?
Logfile of HijackThis v1.97.7
Scan saved at 22:26:07, on 06.04.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\csrss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\dokume~1\kegelc~1\anwend~1\wininet.exe
C:\WINDOWS\system32\winproc32.exe
C:\WINDOWS\System32\mshta.exe
C:\Dokumente und Einstellungen\Kegelclique\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für Hijack.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http: //4-counter.com/?a=2&b=tut
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //4-counter.com/?b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: // 1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http: //4-counter.com/?a=2&b=tut
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http: //rsjkyw.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //4-counter.com/?a=2&b=tut
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //4-counter.com/?a=2&b=tut
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:// 1-se.com/home.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:// 1-se.com/home.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http: //1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http: //rsjkyw.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http: //1-se.com/srchasst.html (obfuscated)
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\StopzillaBH0.dll
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [System Process] C:\WINDOWS\csrss.exe /i
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [rundll32] C:\Dokumente und Einstellungen\Kegelclique\rundll32.exe
O4 - HKCU\..\Run: [System Update] c:\dokume~1\kegelc~1\anwend~1\wininet.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\winproc32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: Related (HKLM)
O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http: //63.219.181.7/cax.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\ss.MHT!
http://little-flowers-pussy.com/ebook.chm::/loader.exe
O16 - DPF: {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - http: //206.161.120.178/wyns.cab
O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} -
http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
Links editiert