![]() |
|
Log-Analyse und Auswertung: Azesearch ToolbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Azesearch Toolbar Hallo auf meinem pc hat sich vor ein paar tagen eine Toolbar installiert, die Azesearch heißt. Mein Google wird dadurch unbrauchbar und es erstellt immer neue ordner in Favoriten. Hier mein Hijack logfile. Logfile of HijackThis v1.99.1 Scan saved at 14:13:25, on 04/04/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\winnt\System32\smss.exe C:\winnt\system32\winlogon.exe C:\winnt\system32\services.exe C:\winnt\system32\lsass.exe C:\winnt\system32\svchost.exe C:\winnt\system32\spoolsv.exe C:\Programme\Conceptronic\Bluetooth Software\bin\btwdins.exe C:\WINNT\System32\svchost.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\NISUM.EXE C:\winnt\System32\nvsvc32.exe C:\winnt\system32\regsvc.exe C:\winnt\system32\MSTask.exe C:\winnt\system32\stisvc.exe C:\Programme\Norton Internet Security\SymProxySvc.exe C:\winnt\System32\WBEM\WinMgmt.exe C:\winnt\system32\svchost.exe C:\Programme\Norton Internet Security\NISSERV.EXE C:\winnt\Explorer.EXE C:\winnt\SOUNDMAN.EXE C:\Programme\Microsoft Hardware\Mouse\point32.exe C:\winnt\system32\P2P Networking\P2P Networking.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\Norton Internet Security\IAMAPP.EXE C:\WINNT\htpatch.exe C:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\winnt\system32\rundll32.exe C:\Programme\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programme\Internet Explorer\iexplore.exe C:\winnt\system32\internat.exe c:\progra~1\intern~1\iexplore.exe C:\winnt\system32\LVComS.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Conceptronic\Bluetooth Software\BTTray.exe C:\winnt\system32\rundll32.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\temp\ICQLite\ICQLite.exe C:\Dokumente und Einstellungen\Isabel Alonso\Lokale Einstellungen\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rmqgoqztcjwoatyjjz.com/d1...E3l2itkQfS.jsp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\temp\ICQToolbar\toolbaru.dll F3 - REG:win.ini: load=Ÿ????????????? F3 - REG:win.ini: run=Ÿ????????????? F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe O1 - Hosts: 69.50.166.11 www.google.com O1 - Hosts: 69.50.166.11 google.com O1 - Hosts: 69.50.166.11 www.google.co.uk O1 - Hosts: 69.50.166.11 google.co.uk O1 - Hosts: 69.50.166.11 www.google.ca O1 - Hosts: 69.50.166.11 google.ca O1 - Hosts: 69.50.166.11 www.google.es O1 - Hosts: 69.50.166.11 google.es O1 - Hosts: 69.50.166.11 www.google.de O1 - Hosts: 69.50.166.11 google.de O1 - Hosts: 69.50.166.11 www.google.fr O1 - Hosts: 69.50.166.11 google.fr O1 - Hosts: 69.50.166.11 www.google.com.au O1 - Hosts: 69.50.166.11 google.com.au O1 - Hosts: 69.50.166.14 www.yahoo.com O1 - Hosts: 69.50.166.14 yahoo.com O1 - Hosts: 66.218.75.184 mail.yahoo.com O1 - Hosts: 69.50.166.12 www.msn.com O1 - Hosts: 69.50.166.12 msn.com O1 - Hosts: 69.50.166.12 search.msn.com O1 - Hosts: 69.50.166.12 www.go.com O1 - Hosts: 69.50.166.12 go.com O1 - Hosts: 69.50.166.13 astalavista.com O1 - Hosts: 69.50.166.13 www.astalavista.com O1 - Hosts: 69.50.166.13 astalavista.box.sk O1 - Hosts: 69.50.166.13 cracks.am O1 - Hosts: 69.50.166.13 www.cracks.am O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programme\DAP\DAPBHO.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp5_1_6_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - C:\winnt\system32\iasad.dll O2 - BHO: (no name) - {1ED16B60-ED3D-393A-0BEC-AABFFA277106} - C:\DOKUME~1\ISABEL~1\ANWEND~1\HOLDBR~1\01 MFCD.exe O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet6_38.dll O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar1_27.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (file missing) O2 - BHO: (no name) - {EFF80427-F837-4B74-8834-BAF18E0553FD} - c:\PROGRA~2\System\Misc\kabh1.dll O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\winnt\system32\azesearch2.ocx O3 - Toolbar: AZE Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\winnt\system32\azesearch2.ocx O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [P2P Networking] C:\winnt\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Internet Security\IAMAPP.EXE O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [!!!AAAA-aaaagiochimkt] C:\DOKUME~1\ISABEL~1\ANWEND~1\GIOCHI~1.EXE /ns O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [Winip] C:\winnt\winip.exe O4 - HKLM\..\Run: [control] C:\winnt\MSN.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bibmpeginsidethis] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FILE 32 BIB MPEG\Enc Meet.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet O4 - HKCU\..\Run: [media_stub] C:\Program Files\ebkrdr\stub.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Rundll32a] C:\winnt\system32\rundll32a.exe /run O4 - HKCU\..\Run: [Beepsave] C:\DOKUME~1\ISABEL~1\ANWEND~1\TYPEMO~1\listthe.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\temp\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: KYESCAN.lnk = C:\PROGRA~1\ScannerU\KYESCAN.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = C:\Programme\Conceptronic\Bluetooth Software\BTTray.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\temp\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Instantánea de caché de la página - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Páginas similares - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Páginas vinculadas - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Conceptronic\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE O9 - Extra button: Horoscopo Tarot - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\mcm-horoscopo\index.html (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\temp\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\temp\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Conceptronic\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Conceptronic\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\nosuch.mht!http://213.159.117.133/dl/adv157/x.chm::/load.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...ridge-c338.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {1E5592CB-8F5B-46F8-9EA6-65C01213808A} (InstaladorBetyByte Control) - http://www.cocacola.es/uploads/cab/i...orbetybyte.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {3A7A0837-55B8-4FC8-8A09-80659413749F} (InstaladorEmpareja2 Control) - http://www.cocacola.es/uploads/cab/i...rempareja2.cab O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.juegos-flash.com/ruboskizo2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/Ms...cab?10,0,910,0 O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialer...ecomendada.cab O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} (PremiumHTML Class) - http://www.accesoplugin.com/dialerca...DialerHTML.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sha.../bin/cabsa.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.game-bereich.de/Insta...sAssistent.ocx O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{37584D0E-DC05-4DEB-AFC5-29E34650669C}: NameServer = 194.179.1.101,194.179.1.100 O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Conceptronic\Bluetooth Software\bin\btwdins.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Programme\Norton Internet Security\NISSERV.EXE O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programme\Norton Internet Security\SymProxySvc.exe Wenn ihr mir helfen konntet ware ich euch sehr dankbar Chris |
Themen zu Azesearch Toolbar |
adobe, antivirus, askbar, bho, desktop, dll, download, drivers, einstellungen, explorer, file missing, google, helfen, hijack, hijackthis, icqtoolbar, internet, internet explorer, internet security, nvidia, ordner, programme, registry, rundll, security, senden, skype.exe, software, symantec, system, temp, urlsearchhook, windows |