I thought I'd paste some logs here, in case you may need them for later, the last log will be the newest hijackthis log, but first:
Ad-Aware log:
Ad-Aware SE Build 1.06r1
Logfile Created on:Dienstag, 3. Januar 2006 10:28:24
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R84 28.12.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
03.01.2006 10:28:24 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Amar\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-4002047349-3616637250-216586179-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 736
ThreadCreationTime : 03.01.2006 08:18:48
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 03.01.2006 08:18:49
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 824
ThreadCreationTime : 03.01.2006 08:18:50
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 03.01.2006 08:18:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 03.01.2006 08:18:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 03.01.2006 08:18:51
BasePriority : Normal
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1084
ThreadCreationTime : 03.01.2006 08:18:51
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1136
ThreadCreationTime : 03.01.2006 08:18:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1280
ThreadCreationTime : 03.01.2006 08:18:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [smc.exe]
FilePath : C:\Programme\Sygate\SPF\
ProcessID : 1324
ThreadCreationTime : 03.01.2006 08:18:52
BasePriority : Normal
FileVersion : 5.6.00.2808
ProductVersion : 5.6.00.2808
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 03.01.2006 08:18:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1604
ThreadCreationTime : 03.01.2006 08:18:53
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1924
ThreadCreationTime : 03.01.2006 08:18:54
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE
#:14 [ctsysvol.exe]
FilePath : C:\Programme\Creative\SBAudigy2\Surround Mixer\
ProcessID : 128
ThreadCreationTime : 03.01.2006 08:18:56
BasePriority : Normal
FileVersion : 1.1.3.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CTSysVol.exe
#:15 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 136
ThreadCreationTime : 03.01.2006 08:18:56
BasePriority : Normal
FileVersion : 1.04.05b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2003 Sonic Solutions
#:16 [lvcoms.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\
ProcessID : 168
ThreadCreationTime : 03.01.2006 08:18:56
BasePriority : Normal
FileVersion : 6.0.0.1208
ProductVersion : 6.0.0.1208
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2001 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:17 [adusermon.exe]
FilePath : C:\Programme\Iomega\AutoDisk\
ProcessID : 176
ThreadCreationTime : 03.01.2006 08:18:56
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk User Monitor
InternalName : ADUserMon
LegalCopyright : Copyright © 2002
OriginalFilename : ADUserMon.exe
#:18 [imgicon.exe]
FilePath : C:\Programme\Iomega\DriveIcons\
ProcessID : 180
ThreadCreationTime : 03.01.2006 08:18:56
BasePriority : Normal
#:19 [dvd43_tray.exe]
FilePath : C:\Programme\dvd43\
ProcessID : 188
ThreadCreationTime : 03.01.2006 08:18:56
BasePriority : Normal
FileVersion : 1.3.0.54
ProductVersion : 1.0.0.0
ProductName : DVD43
CompanyName : Captain Red
FileDescription : Inline DVD Decryption engine
InternalName : DVD FOR FREE
LegalCopyright : Captain Red 2003
LegalTrademarks : Captain Red 2003
OriginalFilename : dvd43_tray.exe
Comments : Please use this software on a fair use basis. This software is FREE - No charges must be paid to obtain it.
#:20 [realsched.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Real\Update_OB\
ProcessID : 244
ThreadCreationTime : 03.01.2006 08:18:57
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:21 [em_exec.exe]
FilePath : C:\Programme\Logitech\MouseWare\system\
ProcessID : 288
ThreadCreationTime : 03.01.2006 08:18:57
BasePriority : Normal
FileVersion : 9.79.025
ProductVersion : 9.79.025
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team
#:22 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 284
ThreadCreationTime : 03.01.2006 08:18:57
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE
#:23 [gcasserv.exe]
FilePath : C:\Programme\Microsoft AntiSpyware\
ProcessID : 404
ThreadCreationTime : 03.01.2006 08:18:57
BasePriority : Idle
FileVersion : 1.00.0701
ProductVersion : 1.00.0701
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:24 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 444
ThreadCreationTime : 03.01.2006 08:18:57
BasePriority : Normal
FileVersion : 7,1,0,355
ProductVersion : 7.1.0.355
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:25 [ituneshelper.exe]
FilePath : C:\Programme\iTunes\
ProcessID : 452
ThreadCreationTime : 03.01.2006 08:18:57
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:26 [gcasdtserv.exe]
FilePath : C:\Programme\Microsoft AntiSpyware\
ProcessID : 472
ThreadCreationTime : 03.01.2006 08:18:58
BasePriority : Normal
FileVersion : 1.00.0701
ProductVersion : 1.00.0701
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:27 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 460
ThreadCreationTime : 03.01.2006 08:18:58
BasePriority : Normal
FileVersion : 7.0.3
ProductVersion : QuickTime 7.0.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:28 [spysweeper.exe]
FilePath : C:\Programme\Webroot\Spy Sweeper\
ProcessID : 632
ThreadCreationTime : 03.01.2006 08:19:07
BasePriority : Normal
FileVersion : 4,5,8,683
ProductVersion : 4, 5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Client Executable
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
OriginalFilename : SpySweeper.exe
#:29 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 03.01.2006 08:19:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:30 [mozilla.exe]
FilePath : C:\Programme\mozilla.org\Mozilla\
ProcessID : 788
ThreadCreationTime : 03.01.2006 08:19:08
BasePriority : Normal
#:31 [spamihilator.exe]
FilePath : C:\Programme\Spamihilator\
ProcessID : 796
ThreadCreationTime : 03.01.2006 08:19:08
BasePriority : Idle
FileVersion : 0, 9, 9, 9
ProductVersion : 0, 9, 9, 9
ProductName : Spamihilator
CompanyName : Michel Krämer
FileDescription : Spamihilator
InternalName : Spamihilator
LegalCopyright : Copyright © 2002 - 2005 Michel Krämer. All rights reserved.
OriginalFilename : Spamihilator.exe
#:32 [ypager.exe]
FilePath : C:\Programme\Yahoo!\Messenger\
ProcessID : 1208
ThreadCreationTime : 03.01.2006 08:19:10
BasePriority : Normal
#:33 [msnmsgr.exe]
FilePath : C:\Programme\MSN Messenger\
ProcessID : 1892
ThreadCreationTime : 03.01.2006 08:19:11
BasePriority : Normal
FileVersion : 7.5.0311
ProductVersion : 7.5.0311
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:34 [sgmain.exe]
FilePath : C:\Programme\SpywareGuard\
ProcessID : 1004
ThreadCreationTime : 03.01.2006 08:19:12
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SpywareGuard
FileDescription : SpywareGuard
InternalName : sgmain
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC
OriginalFilename : sgmain.exe
Comments : SpywareGuard
#:35 [sgbhp.exe]
FilePath : C:\Programme\SpywareGuard\
ProcessID : 408
ThreadCreationTime : 03.01.2006 08:19:12
BasePriority : Normal
FileVersion : 2.02.0001
ProductVersion : 2.02.0001
ProductName : SG Browser Hijacking Protection
FileDescription : SG Browser Hijacking Protection
InternalName : sgbhp
LegalCopyright : Copyright © 2002-2003 Javacool Software LLC.
OriginalFilename : sgbhp.exe
Comments : SG Browser Hijacking Protection
#:36 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1264
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:37 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1300
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:38 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1372
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 7,1,0,371
ProductVersion : 7.1.0.371
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:39 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1432
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:40 [cdac11ba.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 1448
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 4.11.050
ProductVersion : 4.11.050 Windows NT 2001/07/12
ProductName : SafeCast Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English
#:41 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1500
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:42 [ewidoctrl.exe]
FilePath : C:\Programme\ewido\security suite\
ProcessID : 1712
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:43 [appservices.exe]
FilePath : C:\PROGRA~1\Iomega\System32\
ProcessID : 1804
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 2, 0, 2, 5
ProductVersion : 2, 0, 2, 5
ProductName : Iomega App Services
CompanyName : Iomega Corporation
FileDescription : AppServices
InternalName : AppServices
LegalCopyright : Copyright © 2000
OriginalFilename : AppService.exe
Comments : Iomega App Services For Windows 2000/NT
#:44 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2056
ThreadCreationTime : 03.01.2006 08:19:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:45 [wrsssdk.exe]
FilePath : C:\Programme\Webroot\Spy Sweeper\
ProcessID : 2252
ThreadCreationTime : 03.01.2006 08:19:36
BasePriority : Normal
FileVersion : 2,0,8,483
ProductVersion : 2, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper SDK
LegalCopyright : Copyright © 2002 - 2005, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe
#:46 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2640
ThreadCreationTime : 03.01.2006 08:19:43
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:47 [adservice.exe]
FilePath : C:\Programme\Iomega\AutoDisk\
ProcessID : 2656
ThreadCreationTime : 03.01.2006 08:19:44
BasePriority : Normal
FileVersion : 3, 2, 1, 5
ProductVersion : 3, 2, 1, 5
ProductName : Iomega Active Disk
CompanyName : Iomega Corporation
FileDescription : Active Disk Service
InternalName : ADService
LegalCopyright : Copyright © 2002
OriginalFilename : ADService.exe
#:48 [ipodservice.exe]
FilePath : C:\Programme\iPod\bin\
ProcessID : 2832
ThreadCreationTime : 03.01.2006 08:19:51
BasePriority : Normal
FileVersion : 6.0.1.3
ProductVersion : 6.0.1.3
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:49 [wmiprvse.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 3292
ThreadCreationTime : 03.01.2006 08:19:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:50 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3368
ThreadCreationTime : 03.01.2006 08:19:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:51 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 9372
ThreadCreationTime : 03.01.2006 09:27:29
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:52 [a2start.exe]
FilePath : C:\Programme\a2 free\
ProcessID : 9504
ThreadCreationTime : 03.01.2006 09:27:30
BasePriority : Normal
#:53 [avgwb.dat]
FilePath : C:\Programme\Grisoft\AVG Free\
ProcessID : 9560
ThreadCreationTime : 03.01.2006 09:27:31
BasePriority : Normal
FileVersion : 7,1,0,354
ProductVersion : 7.1.0.354
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Basic Interface
InternalName : avgwb
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AVGWB.EXE
#:54 [securitysuite.exe]
FilePath : C:\Programme\ewido\security suite\
ProcessID : 9724
ThreadCreationTime : 03.01.2006 09:27:32
BasePriority : Normal
FileVersion : 3, 5, 0, 0
ProductVersion : 3, 5, 0, 0
ProductName : ewido anti-malware
CompanyName : ewido networks
FileDescription : anti-malware
InternalName : GuiLoader
LegalCopyright : © 2003 ewido networks
OriginalFilename : SecuritySuite.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 13
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
11:21:43 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:53:19.187
Objects scanned:160841
Objects identified:0
Objects ignored:0
New critical objects:0
Ewido-log:
---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------
+ Erstellt am: 12:22:00, 03.01.2006
+ Report-Checksumme: EAC7E45D
+ Scanergebnis:
:mozilla.29:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.30:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.31:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.32:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.33:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.34:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.35:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.36:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.37:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.38:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.39:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.40:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Gesäubert mit Backup
:mozilla.41:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.42:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.43:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.44:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.45:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.46:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.47:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Gesäubert mit Backup
:mozilla.80:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.81:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.82:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Revenue : Gesäubert mit Backup
:mozilla.100:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.101:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.102:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.103:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.104:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.105:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.106:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Statcounter : Gesäubert mit Backup
:mozilla.164:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.165:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Com : Gesäubert mit Backup
:mozilla.260:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Euroclick : Gesäubert mit Backup
:mozilla.270:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.271:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.272:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.273:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.278:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Burstnet : Gesäubert mit Backup
:mozilla.288:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.289:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.290:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.291:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.292:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.293:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.294:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.295:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.296:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.297:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.298:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.299:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.300:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.301:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.302:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.303:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.365:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.366:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.367:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.368:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Gesäubert mit Backup
:mozilla.439:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Masterstats : Gesäubert mit Backup
:mozilla.453:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Falkag : Gesäubert mit Backup
:mozilla.478:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Etracker : Gesäubert mit Backup
:mozilla.479:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Etracker : Gesäubert mit Backup
:mozilla.487:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Gesäubert mit Backup
:mozilla.488:C:\Dokumente und Einstellungen\Amar\Anwendungsdaten\Mozilla\Profiles\default\n25hbxoh.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Gesäubert mit Backup
::Report Ende
last but not least,
HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:26:57, on 03.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\dvd43\dvd43_tray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spamihilator\spamihilator.exe
C:\Programme\Yahoo!\Messenger\ypager.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\SpywareGuard\sgmain.exe
C:\Programme\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F1 - win.ini: load=c:\commpro\bin\01comm32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Programme\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [dvd43] C:\Programme\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [gcasserv] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programme\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programme\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -
http://xtraz.icq.com...ideoControl.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefend...bitdefender.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} -
http://playroom.icq....yssey_web11.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) -
http://support.euro....er/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.c...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notif
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
): 
Best, Amar.
