Hallo,
Habe gerade den Versuch gestartet, die Problemfälle im abgesicherten Modus zu
löschen. Funktioniert leider nicht, denn sie stellen sich wieder her.
Logfile of HijackThis v1.97.7
Scan saved at 20:51:48, on 19.01.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
D:\PROGRAMME\KERIO\PERSONAL FIREWALL 4\KPF4SS.EXE
C:\WINDOWS\EXPLORER.EXE
D:\PROGRAMME\KERIO\PERSONAL FIREWALL 4\KPF4GUI.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
D:\PROGRAMME\AVGCTRL.EXE
D:\PROGRAMME\AVSCHED32.EXE
C:\PROGRAMME\D4\D4.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\DSC_FOLDER\DL10.EXE
C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
C:\PROGRAMME\WEBSHOTS\WEBSHOTSTRAY.EXE
E:\THEBAT!\THEBAT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
D:\DOWN\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.nowfind.net/005/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://www.nowfind.net/005/index.html
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAMME\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAMME\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVSCHED32] D:\PROGRAMME\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Dimension4] C:\PROGRAMME\D4\D4.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KPF4] D:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAMME\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Skype] D:\PROGRAMME\SKYPE\PHONE\SKYPE.EXE /nosplash /minimized
O4 - Startup: DL-10.lnk = C:\Programme\DSC_Folder\DL10.exe
O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Webshots.lnk = C:\Programme\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) -
http://-Web.Washer-/ie_add
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAMME\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAMME\FLASHGET\jc_all.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O13 - DefaultPrefix:
http://nowfind.net/rand/gallery.php?url=
O13 - WWW Prefix:
http://nowfind.net/rand/gallery.php?url=
O13 - Home Prefix:
http://nowfind.net/rand/gallery.php?url=
O13 - Mosaic Prefix:
http://nowfind.net/rand/gallery.php?url=
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38368.1985185185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
Hans Meyer