Hallo zusammen.
Habe bei Spybot noch folgenden eintrag unter Possible extension hijack gefunden
efault command file handler
HKEY_CLASSES_ROOT\cmdfile\shell\open\command\!=?%1?%*
Anbei das Logfile von HIYACKTHIS
Die suche mit CHshreder war ohne Ergebnis(Also kein Eintrag)
Temp Dateien und Browser waren bei der Suche geschloßen bzw geleert.
Logfile of HijackThis v1.98.0
Scan saved at 11:38:28, on 24.07.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\NISSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\SYMPROXYSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAMME\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\IAMAPP.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\EIGENE DATEIEN\DOWNLOAD PROGRAMME\TRANSPARENT PROG\TRANSPARENTB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\NORTON INTERNET SECURITY\ATRACK.EXE
C:\EIGENE DATEIEN\DOWNLOAD PROGRAMME\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.rz-online.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe -reg
O4 - HKLM\..\RunServices: [nisserv] C:\Programme\Norton Internet Security\NISSERV.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?\WkDetect.exe
O4 - Startup: Erinnerungen in Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Verknüpfung mit TransparentB.lnk = C:\Eigene Dateien\Download Programme\transparent Prog\TransparentB.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra->Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab