secure.html - spyware

Discussion in 'adware, spyware & hijack cleaning' started by Burkhard, Feb 17, 2004.

Thread Status:
Not open for further replies.
  1. Burkhard

    Burkhard Guest

    Hello you all,

    secure.html - it seems to be very difficult to fix!

    since I had this spy attack, I followed all instructions on different discussion boards (CWShredder can't be downloaded)

    installed antivirus on my System (Windows XP):
    Antivir
    SpywareGuard
    SpywareBlaster
    Spybot S&D
    Ad Aware 6

    last but not least, I run Hijackthis v 1.97.7 (couldn't be updated, server www.spywareinfoforum.com is down)

    I fixed all items containing C:\windows\secure.html, when executing, SpywareGuard asked for confirmation - OK - immediately after this start page was set up to secure.html...

    what can I do?

    here is the hijack.log

    Thanx for your help
    Burkhard
    (Switzerland)

    Logfile of HijackThis v1.97.7
    Scan saved at 09:28:24, on 17.02.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Programme\netz\antivir\AVGUARD.EXE
    D:\Programme\netz\antivir\AVWUPSRV.EXE
    C:\WINDOWS\system\s2svc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Programme\Acer\Launch Manager\LaunchAp.exe
    C:\Programme\Acer\Launch Manager\PowerKey.exe
    C:\Programme\Acer\Launch Manager\HotkeyApp.exe
    C:\Programme\Acer\Launch Manager\KeyHook.exe
    C:\Programme\Acer\Launch Manager\CtrlVol.exe
    D:\Programme\Pinnacle_PCTV_Bungee\Remote\Remoterm.exe
    D:\Programme\sound\Winamp\Winampa.exe
    D:\programme\quicktime\qttask.exe
    C:\WINDOWS\System32\PL15Co2K.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\WINDOWS\reg32.exe
    D:\Programme\netz\antivir\AVGNT.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\WINDOWS\reg32.exe
    D:\Programme\postit\Psn2Lite.exe
    C:\Programme\WEB.DE\WEB.DE Screensaver\TraySvr.exe
    C:\Programme\ZyXEL Corporation\ZyAIR WLAN Utility\ZyAIR.EXE
    D:\Programme\netz\Palm\HOTSYNC.EXE
    D:\Programme\netz\SpywareGuard\sgmain.exe
    D:\PROGRA~1\postit\PSNGive.exe
    D:\Programme\netz\SpywareGuard\sgbhp.exe
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    d:\PROGRA~1\WinZip\winzip32.exe
    C:\DOKUME~1\Michaeli\LOKALE~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-search.com/home.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.unil.ch/proxy-unil.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Programme\netz\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_fr_2.0.106-big.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_fr_2.0.106-big.dll
    O4 - HKLM\..\Run: [LaunchApp] LaunApp
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Acer\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Programme\Acer\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Acer\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [KeyHook] "C:\Programme\Acer\Launch Manager\KeyHook.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Acer\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [PCTVRemote] D:\Programme\Pinnacle_PCTV_Bungee\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [WinampAgent] "D:\Programme\sound\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\programme\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup --
    O4 - HKLM\..\Run: [Internet Explorer Updater] C:\WINDOWS\system32\lexbac.exe
    O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe
    O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\netz\antivir\AVGNT.EXE /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PVR] D:\Programme\sound\pocket_recorder\PVR.exe
    O4 - HKCU\..\Run: [YAW starten] "D:\Programme\netz\YAW 3.5\YAW 3.5\yawguard.exe"
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [od-gays88] c:\programme\Webdialer\od-gays88.exe -m
    O4 - Startup: HotSync Manager.lnk = D:\Programme\netz\Palm\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: SpywareGuard.lnk = D:\Programme\netz\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Programme\postit\Psn2Lite.exe
    O4 - Global Startup: WEB.DE Screensaver Quick-Start.lnk = ?
    O4 - Global Startup: ZyAIR.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar_fr_2.0.106-big.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar_fr_2.0.106-big.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar_fr_2.0.106-big.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar_fr_2.0.106-big.dll/cmsimilar.html
    O8 - Extra context menu item: Web Search - c:\windows\ex.htm
    O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: SWR3 Sidebar (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30c68719b8f7e3dae106/netzip/RdxIE601_de.cab
    O16 - DPF: {5BC27861-314A-11D6-996D-00E018981B9E} (New.net Auto-search Control) - http://www.new.net/quicksearch/srchctl.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gayben.dyndns.org/activex/AxisCamControl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.9955208333
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{57E4C0DF-0E92-4578-BE48-C6B8D78DE10A}: NameServer = 194.158.230.53,194.158.230.54
    O19 - User stylesheet: c:\windows\system.css (file missing)
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi Burkhard,

    Have only Hijackthis running and fix :

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-search.com/home.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie-search.com/home.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie-search.com/srchasst.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-search.com/home.html (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)

    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL

    O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup --
    O4 - HKLM\..\Run: [Internet Explorer Updater] C:\WINDOWS\system32\lexbac.exe
    O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe
    O4 - HKCU\..\Run: [od-gays88] c:\programme\Webdialer\od-gays88.exe -m

    O8 - Extra context menu item: Web Search - c:\windows\ex.htm

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/30c68719b8f7e3dae106/netzip/RdxIE601_de.cab
    O16 - DPF: {5BC27861-314A-11D6-996D-00E018981B9E} (New.net Auto-search Control) - http://www.new.net/quicksearch/srchctl.cab

    O19 - User stylesheet: c:\windows\system.css (file missing)

    Restart the PC in Safe Mode after doing so : Here's how and remove :

    C:\WINDOWS\system32\lexbac.exe <- this file
    C:\WINDOWS\reg32.exe <- this file
    c:\programme\Webdialer\od-gays88.exe <- this file

    Restart again in normal mode and run :

    CWshredder

    Open -> 'fix' -> click 'next'

    Also it's best to do an online scan to check up :

    BitDefender

    Update XP and IE to the latest securioty patches as well at windowsupdate.com

    Keep us posted

    Cheers,
     
  3. Burkhard

    Burkhard Guest

    Thanx for the quick reply,

    it seems too much to do now, I have to go to work. So I can spend next night with cleaning up the system.

    Will keep you informed!

    Burkhard
     
  4. Burkhard

    Burkhard Guest

    It always comes back!

    Hello Unzy,

    quite resistent, this secure.html - but we got it.

    first run of Hijackthis in normal mode removed the other stuff (what you indicated). But before the end of the program, startpage was set up again to secure.html

    second run of Hijackthis: I selected the 6 lines containing secure.html, but always the same: they come back before the end of the program.

    in secure mode I removed the 2 .exe files from \WINDOWS
    and I started Hijackthis again, this time it works!
    you find the actual hijackthis.log at the end.

    Now, it is mostly like it was before, just 1 error:
    when I type an incomplete web-adress (omitting the www for example), IE can't load the page. Before, it fund also incomplete adresses.

    CWshredder did not found any trojans, it just "restored" in internet explorer webpage (or similar...)

    Bitdefender is running and found 2 trojans so far (suspect: Trojan.Downloader.Small.Gen; infected: Trojan.Downloader.HQFeat.A)

    widows and IE update will follow tomorrow (I have to sleep sometimes)

    last question:
    with spyguard and spybot running and also my antivirus, do you think I should also install a firewall (Zonealarm?)


    Thank you for your help

    Burkhard.
     
  5. Burkhard

    Burkhard Guest

    ok, forgot the log, here it is

    Logfile of HijackThis v1.97.7
    Scan saved at 00:37:34, on 18.02.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Programme\netz\antivir\AVGUARD.EXE
    D:\Programme\netz\antivir\AVWUPSRV.EXE
    C:\WINDOWS\system\s2svc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\LTSMMSG.exe
    C:\Programme\Acer\Launch Manager\LaunchAp.exe
    C:\Programme\Acer\Launch Manager\PowerKey.exe
    C:\Programme\Acer\Launch Manager\HotkeyApp.exe
    C:\Programme\Acer\Launch Manager\KeyHook.exe
    C:\Programme\Acer\Launch Manager\CtrlVol.exe
    D:\Programme\Pinnacle_PCTV_Bungee\Remote\Remoterm.exe
    D:\Programme\sound\Winamp\Winampa.exe
    D:\programme\quicktime\qttask.exe
    C:\WINDOWS\System32\PL15Co2K.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    D:\Programme\netz\antivir\AVGNT.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\WINDOWS\NCLAUNCH.EXe
    D:\Programme\postit\Psn2Lite.exe
    C:\Programme\WEB.DE\WEB.DE Screensaver\TraySvr.exe
    C:\Programme\ZyXEL Corporation\ZyAIR WLAN Utility\ZyAIR.EXE
    D:\Programme\netz\Palm\HOTSYNC.EXE
    D:\Programme\netz\SpywareGuard\sgmain.exe
    D:\PROGRA~1\postit\PSNGive.exe
    D:\Programme\netz\SpywareGuard\sgbhp.exe
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    C:\Programme\Internet Explorer\IEXPLORE.EXE
    D:\Installationsbibliothek\netz\spyware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.unil.ch/proxy-unil.pac
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat Reader 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Programme\netz\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_fr_2.0.106-big.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_fr_2.0.106-big.dll
    O4 - HKLM\..\Run: [LaunchApp] LaunApp
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Acer\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Programme\Acer\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Acer\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [KeyHook] "C:\Programme\Acer\Launch Manager\KeyHook.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Acer\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [PCTVRemote] D:\Programme\Pinnacle_PCTV_Bungee\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [WinampAgent] "D:\Programme\sound\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\programme\quicktime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\netz\antivir\AVGNT.EXE /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PVR] D:\Programme\sound\pocket_recorder\PVR.exe
    O4 - HKCU\..\Run: [YAW starten] "D:\Programme\netz\YAW 3.5\YAW 3.5\yawguard.exe"
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - Startup: HotSync Manager.lnk = D:\Programme\netz\Palm\HOTSYNC.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Startup: SpywareGuard.lnk = D:\Programme\netz\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = D:\Programme\postit\Psn2Lite.exe
    O4 - Global Startup: WEB.DE Screensaver Quick-Start.lnk = ?
    O4 - Global Startup: ZyAIR.lnk = ?
    O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar_fr_2.0.106-big.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar_fr_2.0.106-big.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar_fr_2.0.106-big.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar_fr_2.0.106-big.dll/cmsimilar.html
    O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
    O9 - Extra button: SWR3 Sidebar (HKLM)
    O9 - Extra button: ICQ (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gayben.dyndns.org/activex/AxisCamControl.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.9955208333
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{57E4C0DF-0E92-4578-BE48-C6B8D78DE10A}: NameServer = 194.158.230.53,194.158.230.54
     
  6. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi there,

    Ah looking much better :)

    Good job cleaning up

    Yes indeed, I would advise ZA firewall

    A good and well updated and configured firewall is the best protection possible

    Take care

    Cheers,
     
Thread Status:
Not open for further replies.