Logfiles für HijackThis und CoolWebShredder

Dieses Thema Logfiles für HijackThis und CoolWebShredder im Forum "Sonstiges rund ums Internet" wurde erstellt von antares, 13. Apr. 2004.

Thema: Logfiles für HijackThis und CoolWebShredder Hallo! Hab mir die beiden Tool gezogen, weil sich meine Startseite auch immer wieder ändert.....poste jetzt hier...

  1. Hallo!

    Hab mir die beiden Tool gezogen, weil sich meine Startseite auch immer wieder ändert.....poste jetzt hier mal meine beiden Log-Files, weil ich net weiß, welche Dateien ich wirklich löschen darf und welche mein System benötigt.

    Danke


    Logfile of HijackThis v1.97.7
    Scan saved at 16:31:52, on 13.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\services\services.exe
    C:\software\tools\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\software\tools\dsl_fritz\Awatch.exe
    C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
    C:\Programme\Lexmark X74-X75\lxbbbmon.exe
    C:\software\tools\itools\iTunesHelper.exe
    C:\Programme\AVWin\AVGNT.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\software\adobe\Acrobat\Distillr\AcroTray.exe
    C:\Programme\AVWin\AVGUARD.EXE
    C:\Programme\AVWin\AVWUPSRV.EXE
    C:\WINDOWS\System32\gearsec.exe
    C:\Programme\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\iPod\bin\iPodService.exe
    C:\Programme\Norton Internet Security\NISUM.EXE
    D:\Veronika\privat\down\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //www.couldnotfind.com/search_page.html?&account_id=137837
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http: //www.couldnotfind.com/search_page.html?&account_id=137837
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //www.coolsearch.biz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //www.couldnotfind.com/search_page.html?&account_id=137837
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http: //4-counter.com/?a=2&b=cr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //4-counter.com/?a=2&b=cr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //4-counter.com/?a=2&b=cr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //4-counter.com/?a=2&b=cr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http: //www.coolsearch.biz
    F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\software\tools\ws_ftp_pro\wsbho2K0.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\software\office\WordPerfect Office 11\Programs\QFSCHD110.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\software\tools\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AWatch] c:\software\tools\dsl_fritz\Awatch.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\software\tools\quicktime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\software\tools\itools\iTunesHelper.exe
    O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\services.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVWin\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVWUpd32] C:\PROGRA~1\AVWin\Avwupd32.EXE /min
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
    O4 - HKCU\..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe /background
    O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\services.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\software\adobe\Acrobat\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\software\office\OFFICE~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: Recherchieren (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
    O10 - Broken Internet access because of LSP provider->avsda.dll' missing
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dkvaget/x.chm::/load.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http:// w*w.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BE37EAA9-A3C3-4462-9867-4CF3FBA9CED2}: NameServer = 192.168.122.252,192.168.122.253




    CWShredder v1.56.2 scan only reportPlease understand that a CWShredder->Scan only' report
    might not be sufficient to troubleshoot an infected system.
    You can use HijackThis for that:
    http://www.merijn.org/files/hijackthis.zip
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip

    Windows XP (5.01.2600 SP1)
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system32
    AppData folder: C:\Dokumente und Einstellungen\<User>\Anwendungsdaten
    Username:

    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer,SearchURL
    Infected data: http:// 4-counter.com/?a=2&b=cr
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
    Infected data: http:// w*w.couldnotfind.com/search_page.html?&account_id=137837
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
    Infected data: http:// w*w.couldnotfind.com/search_page.html?&account_id=137837
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
    Infected data: http:// 4-counter.com/?a=2&b=cr
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
    Infected data: http:// 4-counter.com/?a=2&b=cr
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    Infected data: http:// w*w.couldnotfind.com/search_page.html?&account_id=137837
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    Infected data: http:// 4-counter.com/?a=2&b=cr
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL
    Infected data: http:// 4-counter.com/?a=2&b=cr
    Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (55 bytes, A)
    CWS.Yexe Registry value: HKCU\..\Run [xpsystem] C:\WINDOWS\System32\services\services.exe
    CWS.Yexe Registry value: HKLM\..\Run [xpsystem] C:\WINDOWS\System32\services\services.exe
    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
    Found CWS.Olehelp file: C:\WINDOWS\system32\olehelp.exe (0 bytes, A)
    Found CWS.Yexe file: C:\WINDOWS\system32\services\services.exe (47616 bytes, A, running)
    Registry value: DefaultPrefix (should be http://) [] http://
    Registry value: WWW Prefix (should be http://) [www] http://
    Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    Registry value: Home Prefix (should be http://) [home] http://
    Found Win.ini file: C:\WINDOWS\win.ini (550 bytes, A)
    Found System.ini file: C:\WINDOWS\system.ini (296 bytes, A)
    CWS.Yexe Registry key: HKLM\..\BHOs\{5321E378-FFAD-4999-8C62-03CA8155F0B3}

    - END OF REPORT -


    Links editiert
     
  2. Mein Rat an dich, laß CoolWebShredder erstmal machen und danach scannst du dein System nochmals mit HijackThis und postet das Log dann nochmals.
    Sonst gibt das hier nur Kuddelmuddel. ;)
     
  3. Ok, hab den CoolWebShredder mal machen lassen und jetzt nochmal den HiJackThis.

    Die Datei, die nach Durchlauf vom WebShredder kam, hatte diesen Inhalt:

    Done!
    Removed from your system:
    - CWS.Yexe
    - 8 infected IE registry values

    Windows XP (5.01.2600 SP1)
    CWShredder v1.56.2
    Written by Merijn - merijn@spywareinfo.com

    For any additional help with this program or removing CWS, visit:
    http://forums.spywareinfo.com/

    For information and documentation on the Coolwebsearch
    trojan and its variants, visit:
    http://www.spywareinfo.com/~merijn/cwschronicles.html

    For donations to help support CWShredder, visit:
    http://www.spywareinfo.com/~merijn/donate.html



    Und hier ist das neue LogFile:

    Logfile of HijackThis v1.97.7
    Scan saved at 21:56:13, on 13.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\software\tools\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\software\tools\dsl_fritz\Awatch.exe
    C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
    C:\software\tools\itools\iTunesHelper.exe
    C:\Programme\AVWin\AVGNT.EXE
    C:\Programme\Lexmark X74-X75\lxbbbmon.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\software\adobe\Acrobat\Distillr\AcroTray.exe
    C:\Programme\AVWin\AVGUARD.EXE
    C:\Programme\AVWin\AVWUPSRV.EXE
    C:\WINDOWS\System32\gearsec.exe
    C:\Programme\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\iPod\bin\iPodService.exe
    C:\Programme\Norton Internet Security\NISUM.EXE
    D:\Veronika\privat\down\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //www.coolsearch.biz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http: //www.coolsearch.biz
    F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\software\tools\ws_ftp_pro\wsbho2K0.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\software\office\WordPerfect Office 11\Programs\QFSCHD110.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\software\tools\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AWatch] c:\software\tools\dsl_fritz\Awatch.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\software\tools\quicktime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\software\tools\itools\iTunesHelper.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVWin\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVWUpd32] C:\PROGRA~1\AVWin\Avwupd32.EXE /min
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
    O4 - HKCU\..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe /background
    O4 - Global Startup: Acrobat Assistant.lnk = C:\software\adobe\Acrobat\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\software\office\OFFICE~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: Recherchieren (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
    O10 - Broken Internet access because of LSP provider->avsda.dll' missing
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dkvaget/x.chm::/load.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http:// w*w.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BE37EAA9-A3C3-4462-9867-4CF3FBA9CED2}: NameServer = 192.168.122.252,192.168.122.253


    Links editiert
     
  4. fixen

    fixen

    ist mir nicht geheuer ???

    fixen

    Dialer :(

    TrojanDownloader :mad:


    pan_fee
     
  5. So hier das neue Logfile vom HiJack, nachdem ich die Dateien gelöscht hab:


    Logfile of HijackThis v1.97.7

    Scan saved at 22:27:39, on 13.04.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Programme\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Programme\AVWin\AVGUARD.EXE
    C:\Programme\AVWin\AVWUPSRV.EXE
    C:\Programme\Norton Internet Security\ccPxySvc.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Programme\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\software\tools\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\software\tools\dsl_fritz\Awatch.exe
    C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
    C:\Programme\Lexmark X74-X75\lxbbbmon.exe
    C:\software\tools\itools\iTunesHelper.exe
    C:\Programme\AVWin\AVGNT.EXE
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\software\adobe\Acrobat\Distillr\AcroTray.exe
    C:\Programme\SpywareGuard\sgmain.exe
    C:\Programme\iPod\bin\iPodService.exe
    C:\Programme\SpywareGuard\sgbhp.exe
    D:\Veronika\privat\down\HijackThis.exe

    F1 - win.ini: run=C:\WINDOWS\System32\services\services.exe
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\software\tools\ws_ftp_pro\wsbho2K0.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\software\office\WordPerfect Office 11\Programs\QFSCHD110.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\software\tools\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [AWatch] c:\software\tools\dsl_fritz\Awatch.exe
    O4 - HKLM\..\Run: [Lexmark X74-X75] C:\Programme\Lexmark X74-X75\lxbbbmgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] C:\software\tools\quicktime\qttask.exe -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\software\tools\itools\iTunesHelper.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVWin\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVWUpd32] C:\PROGRA~1\AVWin\Avwupd32.EXE /min
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
    O4 - HKCU\..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe /background
    O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\software\adobe\Acrobat\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\software\office\OFFICE~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: Recherchieren (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BE37EAA9-A3C3-4462-9867-4CF3FBA9CED2}: NameServer = 192.168.122.252,192.168.122.253
     
  6. Und hier nochmal das Logfile von adaware (auf zwei Teile, weil es zu lang ist)

    Lavasoft Ad-aware Personal Build 6.181

    Logfile created on :Dienstag, 13. April 2004 22:15:37
    Created with Ad-aware Personal, free for private use.
    Using reference-file :01R217 08.09.2003
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    13.04.2004 22:15:37 - Scan started. (Smart mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 13.04.2004 19:19:19
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 13.04.2004 19:19:22
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13.04.2004 19:19:22
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Anwendung f
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Betriebssystem Microsoft
    Created on : 29.08.2002 12:00:00
    Last accessed : 13.04.2004 19:16:20
    Last modified : 29.08.2002 12:00:00

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13.04.2004 19:19:22
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 29.08.2002 12:00:00
    Last accessed : 13.04.2004 20:15:37
    Last modified : 29.08.2002 12:00:00

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13.04.2004 19:19:23
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 29.08.2002 12:00:00
    Last accessed : 13.04.2004 19:21:59
    Last modified : 29.08.2002 12:00:00

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13.04.2004 19:19:23
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 29.08.2002 12:00:00
    Last accessed : 13.04.2004 19:21:59
    Last modified : 29.08.2002 12:00:00

    #:7 [lexbces.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13.04.2004 19:19:24
    BasePriority : Normal
    FileSize : 296 KB
    FileVersion : 7.4
    ProductVersion : 7.4
    Copyright : (C) 1993 - 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : LexBce Service
    InternalName : LexBce Service
    OriginalFilename : LexBceS.exe
    ProductName : MarkVision for Windows (32 bit)
    Created on : 14.10.2002 20:03:18
    Last accessed : 13.04.2004 20:15:37
    Last modified : 14.10.2002 20:03:18

    #:8 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13.04.2004 19:19:24
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 29.08.2002 12:00:00
    Last accessed : 13.04.2004 19:16:40
    Last modified : 29.08.2002 12:00:00

    #:9 [lexpps.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13.04.2004 19:19:24
    BasePriority : Normal
    FileSize : 170 KB
    FileVersion : 7.4
    ProductVersion : 7.4
    Copyright : (C) 1993 - 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : LEXPPS.EXE
    InternalName : LEXPPS
    OriginalFilename : LEXPPS.EXE
    ProductName : MarkVision for Windows (32 bit)
    Created on : 14.10.2002 20:00:41
    Last accessed : 13.04.2004 19:23:17
    Last modified : 14.10.2002 20:00:41
     
  7. 2. Teil:


    #:10 [ccevtmgr.exe]
    FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
    ThreadCreationTime : 13.04.2004 19:19:24
    BasePriority : Normal
    FileSize : 313 KB
    FileVersion : 1.05.2
    ProductVersion : 1.05.2
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Event Manager Service
    InternalName : ccEvtMgr
    OriginalFilename : ccEvtMgr.exe
    ProductName : Event Manager
    Created on : 24.03.2003 14:10:14
    Last accessed : 13.04.2004 19:17:11
    Last modified : 24.03.2003 14:10:14

    #:11 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 13.04.2004 19:19:34
    BasePriority : Normal
    FileSize : 983 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Betriebssystem Microsoft
    Created on : 29.08.2002 12:00:00
    Last accessed : 13.04.2004 20:10:04
    Last modified : 29.08.2002 12:00:00

    #:12 [em_exec.exe]
    FilePath : C:\software\tools\MOUSEW~1\SYSTEM\
    ThreadCreationTime : 13.04.2004 19:19:34
    BasePriority : Normal
    FileSize : 28 KB
    FileVersion : 9.70.216
    ProductVersion : 9.70
    Copyright : Copyright
    CompanyName : Logitech Inc.
    FileDescription : Control Center
    InternalName : EM_EXEC
    OriginalFilename : EM_EXEC.CPP
    ProductName : MouseWare
    Created on : 27.12.2003 12:53:40
    Last accessed : 13.04.2004 19:19:18
    Last modified : 01.07.2002 08:50:00

    #:13 [awatch.exe]
    FilePath : C:\software\tools\dsl_fritz\
    ThreadCreationTime : 13.04.2004 19:19:34
    BasePriority : Normal
    FileSize : 496 KB
    FileVersion : 3.04.04
    ProductVersion : 3.04.04
    Copyright : Copyright
    CompanyName : AVM Berlin
    FileDescription : ADSLWatch
    InternalName : ADSLWatch
    OriginalFilename : AWatch.EXE
    ProductName : ADSLWatch
    Created on : 05.02.2004 12:03:32
    Last accessed : 13.04.2004 20:13:58
    Last modified : 10.06.2003 14:52:12

    #:14 [lxbbbmgr.exe]
    FilePath : C:\Programme\Lexmark X74-X75\
    ThreadCreationTime : 13.04.2004 19:19:35
    BasePriority : Normal
    FileSize : 56 KB
    FileVersion : 1.0.6.0
    ProductVersion : 1.0.6.0
    Copyright : (C) 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : Lexmark X74-X75 Button Manager
    InternalName : lxbbbmgr.exe
    OriginalFilename : lxbbbmgr.exe
    ProductName : Button Manager Executable
    Created on : 14.10.2002 20:12:33
    Last accessed : 13.04.2004 19:19:18
    Last modified : 14.10.2002 20:12:33

    #:15 [ituneshelper.exe]
    FilePath : C:\software\tools\itools\
    ThreadCreationTime : 13.04.2004 19:19:35
    BasePriority : Normal
    FileSize : 224 KB
    FileVersion : 4.2.0.72
    ProductVersion : 4.2.0.72
    CompanyName : Apple Computer, Inc.
    FileDescription : iTunesHelper Module
    InternalName : iTunesHelper
    OriginalFilename : iTunesHelper.exe
    ProductName : iTunes
    Created on : 23.12.2003 19:14:32
    Last accessed : 13.04.2004 19:19:18
    Last modified : 23.12.2003 19:14:32

    #:16 [avgnt.exe]
    FilePath : C:\Programme\AVWin\
    ThreadCreationTime : 13.04.2004 19:19:35
    BasePriority : Normal
    FileSize : 144 KB
    FileVersion : 6.24.02.00
    ProductVersion : 6.24.02.00
    Copyright : Copyright
    CompanyName : H+BEDV Datentechnik GmbH
    FileDescription : AntiVir Guard/XP Control Program
    InternalName : AVGNT
    OriginalFilename : AVGNT.EXE
    ProductName : AntiVir Guard Control Program
    Created on : 06.04.2004 12:39:16
    Last accessed : 13.04.2004 19:19:35
    Last modified : 06.04.2004 12:39:16

    #:17 [lxbbbmon.exe]
    FilePath : C:\Programme\Lexmark X74-X75\
    ThreadCreationTime : 13.04.2004 19:19:35
    BasePriority : Normal
    FileSize : 48 KB
    FileVersion : 1.0.6.0
    ProductVersion : 1.0.6.0
    Copyright : (C) 2002 Lexmark International, Inc.
    CompanyName : Lexmark International, Inc.
    FileDescription : Lexmark X74-X75 Button Monitor
    InternalName : lxbbbmon.exe
    OriginalFilename : lxbbbmon.exe
    ProductName : Button Monitor Executable
    Created on : 14.10.2002 20:22:04
    Last accessed : 13.04.2004 19:19:18
    Last modified : 14.10.2002 20:22:04

    #:18 [ccapp.exe]
    FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
    ThreadCreationTime : 13.04.2004 19:19:35
    BasePriority : Normal
    FileSize : 53 KB
    FileVersion : 1.0.9.002
    ProductVersion : 1.0.9.002
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Common Client CC App
    InternalName : ccApp
    OriginalFilename : ccApp.exe
    ProductName : Common Client
    Created on : 11.04.2004 14:56:06
    Last accessed : 13.04.2004 19:22:52
    Last modified : 09.10.2003 08:26:52

    #:19 [msmsgs.exe]
    FilePath : C:\Programme\Messenger\
    ThreadCreationTime : 13.04.2004 19:19:35
    BasePriority : Normal
    FileSize : 1476 KB
    FileVersion : 4.7.0041
    ProductVersion : Version 4.7
    Copyright : Copyright (c) Microsoft Corporation 1997-2001
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 22.12.2003 18:04:55
    Last accessed : 13.04.2004 19:22:50
    Last modified : 20.08.2002 14:08:38

    #:20 [acrotray.exe]
    FilePath : C:\software\adobe\Acrobat\Distillr\
    ThreadCreationTime : 13.04.2004 19:19:35
    BasePriority : Normal
    FileSize : 42 KB
    Created on : 22.12.2003 19:53:07
    Last accessed : 13.04.2004 19:19:18
    Last modified : 24.03.1999 15:57:10

    #:21 [avguard.exe]
    FilePath : C:\Programme\AVWin\
    ThreadCreationTime : 13.04.2004 19:21:35
    BasePriority : Normal
    FileSize : 204 KB
    FileVersion : 6.24.02.00
    ProductVersion : 6.24.02.00
    Copyright : Copyright
    CompanyName : H+BEDV Datentechnik GmbH
    FileDescription : Antivirus Service for Windows XP/2000/NT
    InternalName : NTGuard
    OriginalFilename : Guard.exe
    ProductName : Windows XP/2000/XP Guard Service
    Created on : 11.03.2004 12:06:58
    Last accessed : 13.04.2004 19:21:35
    Last modified : 11.03.2004 12:06:58

    #:22 [avwupsrv.exe]
    FilePath : C:\Programme\AVWin\
    ThreadCreationTime : 13.04.2004 19:21:36
    BasePriority : Normal
    FileSize : 28 KB
    FileVersion : 6.23.01.00
    ProductVersion : 6.23.01.00
    Copyright : Copyright
    CompanyName : H+BEDV Datentechnik GmbH, Germany
    FileDescription : AntiVir Software Update Service for Windows
    InternalName : AntiVir Update Service
    OriginalFilename : AVWUpSrv.exe
    ProductName : AntiVir Update Service for Windows NT
    Created on : 09.04.2004 19:29:51
    Last accessed : 13.04.2004 19:21:36
    Last modified : 19.11.2003 11:39:50

    #:23 [gearsec.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13.04.2004 19:21:36
    BasePriority : Normal
    FileSize : 52 KB
    FileVersion : 1, 0, 0, 6
    ProductVersion : 1, 0, 0, 6
    Copyright : Copyright
    CompanyName : GEAR Software
    FileDescription : gearsec
    InternalName : gearsec
    OriginalFilename : gearsec.exe
    ProductName : gearsec
    Created on : 03.11.2003 11:47:08
    Last accessed : 13.04.2004 20:15:38
    Last modified : 03.11.2003 11:47:08

    #:24 [navapsvc.exe]
    FilePath : C:\Programme\Norton AntiVirus\
    ThreadCreationTime : 13.04.2004 19:21:36
    BasePriority : Normal
    FileSize : 113 KB
    FileVersion : 9.10.1003
    ProductVersion : 9.10.1003
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    OriginalFilename : NAVAPSVC.EXE
    ProductName : Norton AntiVirus
    Created on : 25.03.2003 11:43:14
    Last accessed : 13.04.2004 19:17:07
    Last modified : 25.03.2003 11:43:14

    #:25 [nvsvc32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13.04.2004 19:21:36
    BasePriority : Normal
    FileSize : 80 KB
    FileVersion : 6.14.10.5214
    ProductVersion : 6.14.10.5214
    Copyright : (C) NVIDIA Corporation. All rights reserved.
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 52.14
    InternalName : NVSVC
    OriginalFilename : nvsvc32.exe
    ProductName : NVIDIA Driver Helper Service, Version 52.14
    Created on : 22.12.2003 18:25:06
    Last accessed : 13.04.2004 19:15:55
    Last modified : 24.09.2003 17:32:00

    #:26 [slserv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 13.04.2004 19:21:40
    BasePriority : Normal
    FileSize : 44 KB
    FileVersion : 2.80.00(24Apr2000)
    ProductVersion : 2.80.00
    Copyright : Copyright
    FileDescription : User-Level Modem Service
    InternalName : slserv
    OriginalFilename : slserv.exe
    ProductName : Modem
    Created on : 17.01.2003 00:02:38
    Last accessed : 13.04.2004 19:16:24
    Last modified : 17.01.2003 00:02:38

    #:27 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 13.04.2004 19:21:40
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 29.08.2002 12:00:00
    Last accessed : 13.04.2004 19:21:59
    Last modified : 29.08.2002 12:00:00

    #:28 [ipodservice.exe]
    FilePath : C:\Programme\iPod\bin\
    ThreadCreationTime : 13.04.2004 19:21:54
    BasePriority : Normal
    FileSize : 408 KB
    FileVersion : 4.2.0.72
    ProductVersion : 4.2.0.72
    CompanyName : Apple Computer, Inc.
    FileDescription : iPodService Module
    InternalName : iPodService
    OriginalFilename : iPodService.exe
    ProductName : iTunes
    Created on : 23.12.2003 19:14:32
    Last accessed : 13.04.2004 19:18:14
    Last modified : 23.12.2003 19:14:32

    #:29 [nisum.exe]
    FilePath : C:\Programme\Norton Internet Security\
    ThreadCreationTime : 13.04.2004 19:22:41
    BasePriority : Normal
    FileSize : 137 KB
    FileVersion : 6.02.2003
    ProductVersion : 6.02.2003
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton Internet Security NISUM
    InternalName : NISUM
    OriginalFilename : NISUM.exe
    ProductName : Norton Internet Security
    Created on : 24.03.2003 14:11:28
    Last accessed : 13.04.2004 19:19:18
    Last modified : 24.03.2003 14:11:28

    #:30 [sgmain.exe]
    FilePath : C:\Programme\SpywareGuard\
    ThreadCreationTime : 13.04.2004 20:13:08
    BasePriority : Normal
    FileSize : 352 KB
    FileVersion : 2.02.0001
    ProductVersion : 2.02.0001
    Copyright : Copyright (C) 2002-2003 Javacool Software LLC
    FileDescription : SpywareGuard
    InternalName : sgmain
    OriginalFilename : sgmain.exe
    ProductName : SpywareGuard
    Created on : 29.08.2003 17:05:35
    Last accessed : 13.04.2004 20:13:57
    Last modified : 29.08.2003 17:05:35

    #:31 [sgbhp.exe]
    FilePath : C:\Programme\SpywareGuard\
    ThreadCreationTime : 13.04.2004 20:13:08
    BasePriority : Normal
    FileSize : 228 KB
    FileVersion : 2.02.0001
    ProductVersion : 2.02.0001
    Copyright : Copyright (C) 2002-2003 Javacool Software LLC.
    FileDescription : SG Browser Hijacking Protection
    InternalName : sgbhp
    OriginalFilename : sgbhp.exe
    ProductName : SG Browser Hijacking Protection
    Created on : 29.08.2003 09:14:56
    Last accessed : 13.04.2004 20:12:58
    Last modified : 29.08.2003 09:14:56

    #:32 [ad-aware.exe]
    FilePath : C:\Programme\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 13.04.2004 20:15:10
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 13.04.2004 20:14:52
    Last accessed : 13.04.2004 20:15:10
    Last modified : 12.07.2003 20:00:20

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    istbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CLASSES_ROOT
    Object : ISTactivex.Installer


    istbar Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : Software\IST


    Alexa Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}


    Windows Object recognized!
    Type : RegData
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\MediaPlayer\Player\Settings
    Value : Client ID
    Data :


    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 4
    Objects found so far: 4


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Possible browser hijack attempt : {EF86873F-04C2-4A95-A373-5703C08EFC7B} (http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab)

    Possible Browser Hijack attempt Object recognized!
    Type : RegKey
    Data :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF86873F-04C2-4A95-A373-5703C08EFC7B}


    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 5


    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    istbar Object recognized!
    Type : File
    Data : istactivex.dll
    Object : c:\windows\downloaded program files\
    FileSize : 15 KB
    FileVersion : 1, 0, 0, 2
    ProductVersion : 1, 0, 0, 2
    Copyright : Copyright 2003
    FileDescription : 1STactivex Module
    InternalName : 1STactive_x
    OriginalFilename : ISTact1vex.DLL
    ProductName : ISTactivex Module
    Created on : 22.03.2004 11:42:48
    Last accessed : 13.04.2004 19:45:28
    Last modified : 22.03.2004 11:42:48



    istbar Object recognized!
    Type : File
    Data : istactivex.inf
    Object : c:\windows\downloaded program files\

    Created on : 17.03.2004 15:18:18
    Last accessed : 13.04.2004 20:17:13
    Last modified : 17.03.2004 15:18:18



    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 2
    Objects found so far: 7


    22:17:14 Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:01:36:78
    Objects scanned :36716
    Objects identified :7
    Objects ignored :0
    New objects :7
     
  8. ist mir immer noch suspekt ::)

    kannst du auch löschen, siehe hier:
    http://www.wintotal.de/Tipps/Eintrag.php?TID=384

    ISTBAR TrojanDownloader:
    http://www.pestpatrol.com/pestinfo/i/istbar.asp
    weg damit

    gehört zum TrojanDownloader (siehe oben), lösche in der Registry die Werte.

    Istbar ist noch im Ordner »Downloaded Program Files« (C:\WINDOWS\Downloaded Program Files), löschen und suche nach der istactivex.dll und/oder ISTact1vex.dll und istactivex.inf, ebenfalls löschen.


    pan_fee
     
  9. ist in Antwort #8 schon von mir beantwortet..... alles löschen.

    generell kann man alles mit Adaware gefundene Dateien löschen ;)

    pan_fee
     
Die Seite wird geladen...

Logfiles für HijackThis und CoolWebShredder - Ähnliche Themen

Forum Datum
Logfiles für HijackThis und CoolWebShredder (Smartsteph) Sonstiges rund ums Internet 18. Apr. 2004
Trillian Pro 3.1 statt txt-Logfiles andere Möglichkeit Sonstiges rund ums Internet 7. Juni 2006
[S] prog zum löschen von logfiles Windows XP Forum 11. Juni 2005
Logfiles auswerten Webentwicklung, Hosting & Programmierung 2. Jan. 2005
Software für Partition Verwaltung Software: Empfehlungen, Gesuche & Problemlösungen 29. Nov. 2016