Hallo,seit ein paar Tagen kommt auf meinen Bildschirm immer unerwünscht Werbung von redirad.de.Besonders beim Spielen nervt das!Wie kann ich das verhindern?
Hallo zusammen,
ich habe genau daselbe problem mit der unerwünschten werbeseite von redirad.de
virenscann mit norton hat nichts gebracht. anbei das ergebnis von HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 06:34:40, on 21.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Personal Firewall\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rdirector.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
C:\Programme\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe
C:\Programme\OpenOffice.org1.1.4\program\soffice.e xe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\unzipped\hijackthis_199\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.freeze.com/start.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.accoona.com/search_assistant ... n=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: eBay Helper Object - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programme\Accoona\ASearchAssist.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [PC-CAM 300 STI App Registration] RunDLL32.exe Pd016pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Programme\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [PestPatrolCL] C:\Programme\PestPatrol\PPCL.exe c:\
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Norton Personal Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [rdirector] C:\WINDOWS\system32\rdirector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
O4 - HKCU\..\Run: [SIPPS] C:/Programme/T-Online/T-Online Internet-Telefon/SIPPS.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [rdirector] C:\WINDOWS\system32\rdirector.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programme\OpenOffice.org1.1.4\program\quickstar t.exe
O4 - Global Startup: eBay Toolbar.LNK = C:\Programme\eBay\eBay Toolbar\4.2.0.3\ebaytbar.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
O9 - Extra 'Tools' menuitem: eBay Toolbar - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\Programme\eBay\eBay Toolbar\4.2.0.3\eBayBand.dll
O9 - Extra button: onlineTV Global - {D9C905FD-4F7E-47ED-A49A-F68F90135F74} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O16 - DPF: ppctlcab - https://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - https://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - https://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - https://download.howudodat.com/chatterbo ... /appdl.cab
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www2.service.t-online.de/dyn/c/2 ... 34156.html
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - https://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - https://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9217D220-2765-4949-8439-8F6D8D40B134}: NameServer = 217.237.151.161 217.237.151.33
O18 - Protocol: bw+0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Dialerschutz Dienst (DFSVC) - Unknown owner - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
hoffe das mir jemand helfen kann. denn jetzt zu surven ist reine nervensache da das ding alle 1-2 minuten auftaucht.
grüßle an alle wolfi
also bevor wir das Logfile im einzelnen durchgehen, solltest du dir eine aktuelle Version von Spybot Search & Destroy herunterladen und damit deinen Rechner schon mal bereinigen. Das erleichtert dann die Arbeit...
Hallo Dirk,
zuerst einmal vielen dank für die schnelle antwort. ich habe in die suchmaschine von t-online folgendes suchwort eingegeben:
Spybot Search & Destroy und bin dann auf folgende seite gegangen:
https://www.majorgeeks.com/download2471.html
und habe spyware doctor heruntergeladen - war das das richtige programm?
programm hat 92 bedrohungen gefunden - zum entfernen muß ich das programm aber kaufen - gibt es eine andere alternative, vorausgesetzt es ist überhaupt das richtige programm?
grüßle wolfi
gemeint war eigentlich diees programm.
Danke für die info. habe das programm heruntergeladen, alles gescannt und alle angezeigten fehler behoben. anbei das neue :
Logfile of HijackThis v1.99.1
Scan saved at 17:26:42, on 21.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Personal Firewall\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\Programme\T-Online\Dialerschutz-Software\defender.exe
C:\Programme\PestPatrol\PPCL.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rdirector.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\OpenOffice.org1.1.4\program\soffice.e xe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Messenger\msmsgs.exe
C:\unzipped\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.freeze.com/start.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.accoona.com/search_assistant ... n=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programme\Accoona\ASearchAssist.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [PC-CAM 300 STI App Registration] RunDLL32.exe Pd016pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Programme\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [PestPatrolCL] C:\Programme\PestPatrol\PPCL.exe c:\
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Norton Personal Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [rdirector] C:\WINDOWS\system32\rdirector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
O4 - HKCU\..\Run: [SIPPS] C:/Programme/T-Online/T-Online Internet-Telefon/SIPPS.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [rdirector] C:\WINDOWS\system32\rdirector.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programme\OpenOffice.org1.1.4\program\quickstar t.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: onlineTV Global - {D9C905FD-4F7E-47ED-A49A-F68F90135F74} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O16 - DPF: ppctlcab - https://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - https://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - https://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - https://download.howudodat.com/chatterbo ... /appdl.cab
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www2.service.t-online.de/dyn/c/2 ... 34156.html
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - https://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - https://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9217D220-2765-4949-8439-8F6D8D40B134}: NameServer = 217.237.151.161 217.237.151.33
O18 - Protocol: bw+0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Dialerschutz Dienst (DFSVC) - Unknown owner - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
grüßle an alle wolfi41
Also die Entfernung von besagtem Redirad ist eigentlich recht einfach. Da wir uns diesen Störenfried auch auf unseren Firmenrechner eingefangen hatten, habe ich mich mal mit besagtem Homepage Inhaber auseinander gesetzt.
Nach recht kurzer Gesprächsdauer teilte er mir mit das man die Datei die dafür verantwortlich ist im system32 Ordner von Windows findet. Diese Datei nennt sich rdirector.exe. Diese Datei einfach löschen und das war es dann. Aber beachtet bitte, das Ihr die Datei nciht im laufenden Betrieb löschen könnt, da diese ja verwendet wird, um das zu umgehen entweder im Abgesicherten Modus starten oder mit z.b den Tuneup Utilities die prozesse davon rauswerfen
Dieser Störenfried wird mit der Installationsroutine antivirbox vertrieben, die ja besonders gerne von einigen tool Seiten im Internet genutzt wird.
Aber nach Entfernen besagter Datei hat sich das Problem behoben und es kamen keienrlei Popups mehr.
Hoffe das ich euch damit helfen konnte
hallo dirk,
ich habe das programm heruntergeladen und beim ersten durchlauf 13 fehler gefunden. danach habe ich diee gelöscht und nochmal gescannt >>> ergebnis: herzlichen glückwunsch - keine fehler/bedrohung gefunden.
bin gerade dabei das update zu machen und scann dann gleich nochmal.
stelle gleich anschliessend dann da neue logifile ein.
grüßle wolfi
hallo dirk,
habe jetzt gerade ein neues update gemacht und geprüft. ergebnis:
Gratulation es wurden keine spione gefunden.
Logfile of HijackThis v1.99.1
Scan saved at 05:41:38, on 23.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Personal Firewall\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\rdirector.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\OpenOffice.org1.1.4\program\soffice.e xe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\PestPatrol\ppmemcheck.exe
C:\Programme\PestPatrol\cookiepatrol.exe
C:\Programme\PestPatrol\ppcontrol.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe
C:\unzipped\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.freeze.com/start.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.accoona.com/search_assistant ... n=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programme\Accoona\ASearchAssist.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programme\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [PC-CAM 300 STI App Registration] RunDLL32.exe Pd016pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\defender.exe"
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Programme\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [PestPatrolCL] C:\Programme\PestPatrol\PPCL.exe c:\
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Norton Personal Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [rdirector] C:\WINDOWS\system32\rdirector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [HBRemind] C:\Programme\T-Online\T-Online_Software_5\Banking\HBRemind.exe
O4 - HKCU\..\Run: [Personal ID] C:\PROGRA~1\COOLSPOT\PERSON~1\PID.EXE
O4 - HKCU\..\Run: [SIPPS] C:/Programme/T-Online/T-Online Internet-Telefon/SIPPS.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [rdirector] C:\WINDOWS\system32\rdirector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programme\OpenOffice.org1.1.4\program\quickstar t.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: onlineTV Global - {D9C905FD-4F7E-47ED-A49A-F68F90135F74} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\icslsp.dll
O16 - DPF: ppctlcab - https://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - https://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - https://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - https://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - https://download.howudodat.com/chatterbo ... /appdl.cab
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://img.web.de/v/mail/activex/mail_upload_1123.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://www2.service.t-online.de/dyn/c/2 ... 34156.html
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - https://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - https://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9217D220-2765-4949-8439-8F6D8D40B134}: NameServer = 217.237.151.161 217.237.151.33
O18 - Protocol: bw+0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7C4EF5E1-BDE8-4649-8DE1-3D20CE0FF3C3} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Dialerschutz Dienst (DFSVC) - Unknown owner - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
grüßle wolfi
[/b]
Nach recht kurzer Gesprächsdauer teilte er mir mit das man die Datei die dafür verantwortlich ist im system32 Ordner von Windows findet. Diese Datei nennt sich rdirector.exe. Diese Datei einfach löschen und das war es dann. Aber beachtet bitte, das Ihr die Datei nciht im laufenden Betrieb löschen könnt, da diese ja verwendet wird, um das zu umgehen entweder im Abgesicherten Modus starten oder mit z.b den Tuneup Utilities die prozesse davon rauswerfen
wie finde ich den ordner mit der rdirector.exe ? unter suche bekomme ich kein ergebnis.
möchte nichts lieber machen, als diese verdammte datei zu löschen
güßle wolfi
Hallöchen,
also folgende Einträge solltest du dir mal ansehen und falls sie dir unbekannt oder suspekt vorkommen fixen ( beheben ):
Ausserdem solltest du dir LSPfix herunterladen und damit die Einträge folger Datei beheben: icslsp.dllCode:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.accoona.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.freeze.com/start.shtml R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.accoona.com/search_assist...sp?&utm_id=400 011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.accoona.com/search?q=%s R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file) O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programme\Accoona\ASearchAssist.dll O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file) O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file) O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Programme\GhostSurf 2005\DeleteSatellite.exe" O4 - HKLM\..\Run: [rdirector] C:\WINDOWS\system32\rdirector.exe O4 - HKCU\..\Run: [rdirector] C:\WINDOWS\system32\rdirector.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - https://download.howudodat.com/chatte...load/appdl.cab
https://www.snapfiles.com/get/lspfix.html
Irh findet den Ordner mit rdirector.exe in eurem windows/system32 verzeichniss. DIeses findet ihr auf eurem Boot Laufwerk, und dann je nach windows version unter winnt/system32 bzw windows/system32. DOrt müsst ihr dann mal schauen, da muss diese datei drinne sein, als symbol nutz die ein relativ dunkles abgeändertes Internet Explorer Symbol (zumindest siehts fast so aus)
@Wolfi
Schau dir deine Prozessliste oben mal an, da steht dir datei rdirector.exe drinne, und zwar als prozess von /windows/system32. DU musst je nachdem mal in windows einstellen, das er dir auch versteckte dateien und ordner anzeigt, das konntest du unter Extras/Ordneroptionen machen.
Sag mal, kannst du mir vielleicht mal die E-Mail adresse und anschrift des "redirad-fritzen" geben???
Wäre echt nett!!
MfG Hansi
Das hab ich mir 24 Stunden am Tag gewünscht - damit ich diesen Typen erwürgen köönnte - wäre sogar mit dem Taxi hingefahren "lol"
Also die Entfernung von besagtem Redirad ist eigentlich recht einfach. Da wir uns diesen Störenfried auch auf unseren Firmenrechner eingefangen hatten, habe ich mich mal mit besagtem Homepage Inhaber auseinander gesetzt.
Nach recht kurzer Gesprächsdauer teilte er mir mit das man die Datei die dafür verantwortlich ist im system32 Ordner von Windows findet. Diese Datei nennt sich rdirector.exe. Diese Datei einfach löschen und das war es dann. Aber beachtet bitte, das Ihr die Datei nciht im laufenden Betrieb löschen könnt, da diese ja verwendet wird, um das zu umgehen entweder im Abgesicherten Modus starten oder mit z.b den Tuneup Utilities die prozesse davon rauswerfen
Dieser Störenfried wird mit der Installationsroutine antivirbox vertrieben, die ja besonders gerne von einigen tool Seiten im Internet genutzt wird.
Aber nach Entfernen besagter Datei hat sich das Problem behoben und es kamen keienrlei Popups mehr.
Der Tip von fhilgers stimmt, hab den mist popup damit auch losgekriegt.
Vielen Dank fhilgers - und auch an alle anderen die mir mit rat und tat zur seite gestanden haben.
Und wenn alles nichts hilft gibts noch Format C ...
grüßle an alle
wolfi
Hallo!
Der Tipp mit dem Entfernen der Datei rdirector.exe war wirklich Gold wert: was für ein neues Gefühl beim ungestörten surfen!!!
Habe allerdings in diesem Zusammenhang noch folgendes Problem:
Der PC meines Vaters ist auch mit dieser "Seuche" befallen, und zwar schon ca. seit 2003. Dort war die Datei rdirector.exe nicht auffindbar. Kann es sein, dass es eine ältere Version mit anderer Bezeichnung gibt??? Z.B. fand ich mehrere Dateien mit dem Namen redir.exe. Hat jemand damit Erfahrung???
Hallöchen,
eine bebilderte Anleitung zu HijckThis findest du unter folgendem Link:
https://www.dirks-computerecke.de/hij...-anleitung.htm