Ergebnis 1 bis 2 von 2

Thema: what to delete

  1. 26.12.2004, 21:17 #1
    Unr
    Gast

    what to delete

    Logfile of HijackThis v1.97.7
    Scan saved at 23:17:02, on 26/12/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\MIXER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\BABYLON\BABYLON.EXE
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\BABYLON\utils\shlhook.exe
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    D:\בדיקת מערכת טרואידים\FORUMMESSAGEFILE_373542.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.walla.co.il/
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
    O2 - BHO: LostGoggles plug-in (web site preview snapshots - www.lostgoggles.com) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\PROGRAM FILES\LOSTGOGGLES\LGOGGLES.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
    O4 - HKCU\..\RunServices: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
    O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
    O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
    O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\PROGRAM FILES\FLASHGET\jc_link.htm
    O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\PROGRAM FILES\FLASHGET\jc_all.htm
    O9 - Extra button: Natural Reader (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
    O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - http://download.microsoft.com/downlo...-US/msorun.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...782.4126736111
    O16 - DPF: {346685E3-C383-11CF-A5A4-00AA00A45705} (ActiveX Control) - http://imd.gonext.co.il/gonext/zazab...SISActiveX.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
    O16 - DPF: {5B9E8E95-D236-4C6B-9BD6-0C6994A75FBC} (MvRec Class) - http://coolmail.nana.co.il/webmail/plugin/mvrecord.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
    O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVBU/launcher.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.donkey.co.il/RemoteDesktop/msrdp.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
  2. 26.12.2004, 21:35 #2
    peterg70
    peterg70 ist offline
    Vielschreiber
    Registriert seit
    23.10.2004
    Beiträge
    344

    Re: what to delete

    Download latest Hijackthis 1.99 http://www.hijackthis.de/downloads/hijackthis_199.zip

    Download CWSshredder http://cwshredder.net/bin/CWSInstall.exe
    Select Fix.

    Get Spybot 1.3 - Search & Destroy from http://security.kolla.de
    Get AdAware SE Personal from http://www.lavasoft.de/support/download
    Ensure you also have downloaded the latest updates
    Before running the above configure as per http://www.cjwd.demon.co.uk/spybot-adaware.html

    Close all programs
    Run Spybot and fix all found items
    Reboot
    Run Adaware and fix all found items
    Reboot

    Also run online Virus Checkers (any of these will do)
    http://housecall.trendmicro.com
    http://www.bitdefender.com/scan/licence.php
    http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

    Then run the following for Trojans
    http://scan.sygatetech.com/pretrojanscan.html
    http://www.windowsecurity.com/trojanscan

    Close all programs including internet explorer
    Reboot and Post a new Hijackthis Logfile
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. What mess have I gotten myself into this time?
    Von QK2 im Forum Archiv
    Antworten: 19
    Letzter Beitrag: 28.12.2004, 18:53
  2. what can be fixed??
    Von hansis im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 20.12.2004, 16:21
  3. Please look at this and tell me what you think
    Von Unregistered im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 22.11.2004, 08:41
  4. Please tell me what to do with this.
    Von duende im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 20.11.2004, 23:41
  5. What can I safely get rid of?
    Von langow im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 28.10.2004, 03:05

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  

Foren-Regeln