Falsche Links bei Anklicken der Suchergebnisse

helb · 07.01.2007, 00:46

Hilfe!

Kann keinen verdächtigen "Seitenverdreher" im hijackthis.log finden

(nach CCleaner und positivem Scan mit High Secure Professional)

Logfile of HijackThis v1.99.1
Scan saved at 00:35:54, on 07.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\HIGHSE~1\backweb\6238982\Program\SERVIC~1.EXE
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programme\HighSecure Professional\Anti-Virus\fsgk32st.exe
C:\Programme\HighSecure Professional\Anti-Virus\FSGK32.EXE
C:\Programme\HighSecure Professional\backweb\6238982\program\fsbwsys.exe
C:\Programme\HighSecure Professional\Common\FSMA32.EXE
C:\Programme\HighSecure Professional\Anti-Virus\fssm32.exe
C:\Programme\HighSecure Professional\Common\FSMB32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\HighSecure Professional\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\HighSecure Professional\Common\FAMEH32.EXE
C:\Programme\HighSecure Professional\Anti-Virus\fsqh.exe
C:\Programme\HighSecure Professional\Anti-Virus\fsrw.exe
C:\Programme\HighSecure Professional\FSPC\fspc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\HighSecure Professional\Anti-Virus\fsav32.exe
C:\Programme\HighSecure Professional\FWES\Program\fsdfwd.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\HighSecure Professional\Common\FSM32.EXE
C:\Programme\HighSecure Professional\FSGUI\ispnews.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\HIGHSE~1\ANTI-S~1\fsaw.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\HighSecure Professional\FSGUI\fsguidll.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\HighSecure Professional\backweb\6238982\Program\fspex.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Printkey2000.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Works\WkDStore.exe
C:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.freenet.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {652C7EEF-BDA4-4866-9D53-A4BC12C7CF1C} - C:\WINDOWS\system32\mstfxt40.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\icq\ICQ new\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\HighSecure Professional\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\HighSecure Professional\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\HighSecure Professional\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\HighSecure Professional\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: HighSecure Professional.lnk = C:\Programme\HighSecure Professional\backweb\6238982\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.exe
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\HighSecure Professional\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Website-&Liste anzeigen - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webseitenfilter &aussetzen - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &sperren - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &zulassen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\HighSecure Professional\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\HighSecure Professional\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\spiele\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\spiele\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\icq\ICQ new\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\icq\ICQ new\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=h**p://www.freenet.de
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h**p://eriador.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O20 - AppInit_DLLs: pushow25.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HighSecure Professional (BackWeb Plug-in - 6238982) - BackWeb Technologies Inc. - C:\PROGRA~1\HIGHSE~1\backweb\6238982\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Programme\HighSecure Professional\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Programme\HighSecure Professional\backweb\6238982\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\HighSecure Professional\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure h**p Server (fsh**ps) - F-Secure Corporation - C:\Programme\HighSecure Professional\FSPC\fsh**ps\fsh**ps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\HighSecure Professional\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Ich hoffe, dass mir jemand weiterhelfen kann...
Danke und Grüße HE

**Sunny** · 07.01.2007, 00:56

Hallo.

1.) Lade dir als erstes das Tool -> LspFix.
Starte das Programm (nichts ändern oder verschieben!)

Sag mir dann welche Dateien links bzw. rechts stehen und poste es.

2.) Starte einen eScan -> Anleitung gibt es hier.
Poste dann das Ergebnis mit Hilfe der "find.bat". (Bitte unbedingt beachten, ist alles erklärt

)

Gruß
Sunny

helb · 07.01.2007, 20:15

Hallo Sunny

Danke für deine "Erste Hilfe" Anweisungen, hier die Ergebnisse

Right side / Keep
File Description
Mswsock.dll TCP/IP
Winmr.dll NTDS
Rsvpsp.dll (Protocol Handler)

Left side / Remove
Winsflt.dll (Protocol Handler)

eScan_neu.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Jan 07 17:20:46 2007 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Sun Jan 07 17:20:46 2007 => System found infected with mysearch hijacker Spyware/Adware ({37b85a21-692b-4205-9cad-2626e4993404})! Action taken: No Action Taken.
Sun Jan 07 17:20:46 2007 => System found infected with mysearch hijacker Spyware/Adware ({37b85a21-692b-4205-9cad-2626e4993404})! Action taken: No Action Taken.
Sun Jan 07 17:20:47 2007 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Sun Jan 07 17:20:52 2007 => System found infected with downloader-ak Trojan-Downloader (popcaploader.dll)! Action taken: No Action Taken.
Sun Jan 07 17:20:55 2007 => System found infected with purityscan Spyware/Adware (instructions.html)! Action taken: No Action Taken.
Sun Jan 07 17:21:07 2007 => System found infected with purityscan Spyware/Adware (instructions.html)! Action taken: No Action Taken.
Sun Jan 07 17:20:49 2007 => Object "zango Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Jan 07 17:20:49 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Jan 07 17:20:49 2007 => Object "zango Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Jan 07 17:20:49 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sun Jan 07 17:20:56 2007 => Object "medload Adware" found in File System! Action Taken: No Action Taken.
Sun Jan 07 17:20:57 2007 => Object "medload Adware" found in File System! Action Taken: No Action Taken.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Sun Jan 07 17:20:52 2007 => Offending file found: C:\WINDOWS\DOWNLO~1\popcaploader.dll
Sun Jan 07 17:20:55 2007 => Offending file found: C:\Dokumente und Einstellungen\He****\Eigene Dateien\spiele\master mind\help\instructions.html
Sun Jan 07 17:21:07 2007 => Offending file found: C:\Dokumente und Einstellungen\He****\Eigene Dateien\spiele\master mind\help\instructions.html
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Sun Jan 07 17:20:22 2007 => File C:\WINDOWS\system32\mstfxt40.dll tagged as "not-a-virus:AdWare.Win32.Stud.a". Action Taken: No Action Taken.
Sun Jan 07 17:52:36 2007 => File C:\Programme\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken.
Sun Jan 07 18:01:08 2007 => File C:\WINDOWS\Downloaded Program Files\popcaploader.dll tagged as not-a-virus

ownloader.Win32.PopCap.a. No Action Taken.
Sun Jan 07 18:13:00 2007 => File C:\WINDOWS\system32\mstfxt40.dll tagged as "not-a-virus:AdWare.Win32.Stud.a". Action Taken: No Action Taken.
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Sun Jan 07 17:20:56 2007 => Offending Folder found: C:\Dokumente und Einstellungen\He****\Lokale Einstellungen\anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
Sun Jan 07 17:20:57 2007 => Offending Folder found: C:\Dokumente und Einstellungen\He****\Lokale Einstellungen\Anwendungsdaten\macromedia\contribute 3\configuration\toolbars\mm
~~~~~~~~~~~
Registry
~~~~~~~~~~~
Sun Jan 07 17:20:49 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\zango !!!
Sun Jan 07 17:20:49 2007 => Offending Key found: HKLM\Software\magnet !!!
Sun Jan 07 17:20:49 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\zango !!!
Sun Jan 07 17:20:49 2007 => Offending Key found: HKCU\\magnet !!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sun Jan 07 18:38:40 2007 => Total Errors: 267
Sun Jan 07 18:38:40 2007 => Time Elapsed: 01:18:29
Sun Jan 07 18:38:40 2007 => Total Objects Scanned: 189568
Sun Jan 07 17:06:58 2007 => Virus Database Date: 1/6/2007
Sun Jan 07 17:08:02 2007 => Virus Database Date: 1/7/2007
Sun Jan 07 17:14:54 2007 => Virus Database Date: 1/7/2007
Sun Jan 07 18:38:40 2007 => Virus Database Date: 1/7/2007
Sun Jan 07 18:39:52 2007 => Virus Database Date: 1/7/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mfG HE

**Sunny** · 09.01.2007, 22:12

1.) Lade dir das Tool -> Ad-Aware, und scanne damit dein System und bereinige es zeitgleich.

2.) Deinstalliere über: Start->Systemsteuerung->Software das Programm:

Zitat:

MyGlobalSearch

3.) Anleitung Avenger:

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Klicke nun auf die Option „Input Script manually“ -> klicke jetzt auf die Lupe und kopiere folgenden Text rein:

Zitat:

Files to delete:
C:\WINDOWS\system32\mstfxt40.dll

Folder to delete:
C:\Programme\MyGlobalSearch

Registry Keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\zango
HKCU\software\microsoft\windows\currentversion\exp lorer\menuorder\start menu2\programs\zango

3.) Klicke nun auf die „grüne Ampel“, das Script fängt an zu arbeiten.

4.) Danach das System unverzüglich neu starten lassen
5.) Lass HijackThis nochmal laufen, erstelle und poste ein neues HijackThis Logfile.
Poste ausserdem den Inhalt der C:\avenger.txt Datei.

4.) Poste nochmal ein neues Hijacklog...

Sunny

helb · 10.01.2007, 00:39

Hallo Sunny

Der Full Scan mit Ad-Aware hat auch nur ein paar harmlose Cookies angezeigt, die ich getrost weggeschmissen habe und nach dem wiederholten Scan war alles OK (außer besagten MRUs) . Deshalb vestehe ich den Sinn nicht ganz, habe ich etwas übersehen ?

Die GlobalSearch Bar SW habe ich entfernt

Und hier nun die Datei avenger.txt
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKCU\software\microsoft\windows\currentversion\exp lorer\menuorder\start menu2\programs\zango

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hcnlwkcr

*******************

Script file located at: \??\C:\qphgsjym.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\mstfxt40.dll deleted successfully.

File Folder to delete: not found!
Deletion of file Folder to delete: failed!

Could not process line:
Folder to delete:
Status: 0xc0000034

Error: C:\Programme\MyGlobalSearch is a folder, not a file!
Deletion of file C:\Programme\MyGlobalSearch failed!

Could not process line:
C:\Programme\MyGlobalSearch
Status: 0xc00000ba

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\zango deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

... und das neue HijackThis Logfile

Logfile of HijackThis v1.99.1
Scan saved at 00:21:46, on 10.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\HIGHSE~1\backweb\6238982\Program\SERVIC~1.EXE
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programme\HighSecure Professional\Anti-Virus\fsgk32st.exe
C:\Programme\HighSecure Professional\Anti-Virus\FSGK32.EXE
C:\Programme\HighSecure Professional\backweb\6238982\Program\fspex.exe
C:\Programme\HighSecure Professional\backweb\6238982\program\fsbwsys.exe
C:\Programme\HighSecure Professional\Common\FSMA32.EXE
C:\Programme\HighSecure Professional\Anti-Virus\fssm32.exe
C:\Programme\HighSecure Professional\Common\FSMB32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\HighSecure Professional\Common\FCH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\HighSecure Professional\Anti-Virus\fsqh.exe
C:\Programme\HighSecure Professional\Common\FAMEH32.EXE
C:\Programme\HighSecure Professional\Anti-Virus\fsrw.exe
C:\Programme\HighSecure Professional\FSPC\fspc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\HighSecure Professional\FWES\Program\fsdfwd.exe
C:\Programme\HighSecure Professional\Anti-Virus\fsav32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\HighSecure Professional\Common\FSM32.EXE
C:\Programme\HighSecure Professional\FSGUI\ispnews.exe
C:\PROGRA~1\HIGHSE~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Programme\HighSecure Professional\FSGUI\fsguidll.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Printkey2000.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.freenet.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {652C7EEF-BDA4-4866-9D53-A4BC12C7CF1C} - C:\WINDOWS\system32\mstfxt40.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\icq\ICQ new\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\HighSecure Professional\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\HighSecure Professional\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\HighSecure Professional\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\HighSecure Professional\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: HighSecure Professional.lnk = C:\Programme\HighSecure Professional\backweb\6238982\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Printkey2000.exe
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\HighSecure Professional\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Website-&Liste anzeigen - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webseitenfilter &aussetzen - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &sperren - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &zulassen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\HighSecure Professional\FSPC\fspcmsie.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\HighSecure Professional\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\HighSecure Professional\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\spiele\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - f:\spiele\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\icq\ICQ new\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\icq\ICQ new\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=h**p://www.freenet.de
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h**p://eriador.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106843944468
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O20 - AppInit_DLLs: pushow25.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HighSecure Professional (BackWeb Plug-in - 6238982) - BackWeb Technologies Inc. - C:\PROGRA~1\HIGHSE~1\backweb\6238982\Program\SERVIC~1.EXE
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Programme\HighSecure Professional\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Programme\HighSecure Professional\backweb\6238982\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\HighSecure Professional\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure h**p Server (fsh**ps) - F-Secure Corporation - C:\Programme\HighSecure Professional\FSPC\fsh**ps\fsh**ps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\HighSecure Professional\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Ich bin schon gespannt, ob sich jetzt schon eine Besserung herauslesen läßt.

Vielen Dank und tschüß
HE

**Sunny** · 10.01.2007, 17:03

1.) Lade dir die Killbox und lösche folgende Datei:
(Option "delete on reboot" anklicken, danach die Datei suchen und löschen, Neustart!)

Zitat:

C:\WINDOWS\system32\pushow25.dll <- Adware!

2.) Besteht denn das Problem mit den falschen Suchergebnissen immer noch?

Gruß
Sunny

helb · 11.01.2007, 18:34

1. Absolut spitzenmäßig!!! Die richtigen Seiten flutschen bereits jetzt schon, noch bevor ich deinem Hinweis auf die Adware pushowxx.dll näher nachgegangen bin.

2.die pushow25.dll ist nicht zu fnden, trozdem habe ich die Killbox darauf angesetzt und das Tool hat irgendwie in der Registry herumgewerkelt. Alles ein bißchen merkwürdig und nicht unbedingt vetrauenserweckend.

3.Deshalb ist es verdammt gut, jemanden Erfahrenen wie dich an der Hand zu haben, um solche Operationen "am offenen Herzen" nicht nur unbeschadet zu riskieren sondern auch auch noch damit einen Übeltäter zu eliminieren.

(4. Jetzt müsste man eigentlich nur noch wissen, woran es genau gelegen hat)

Ein ganz dickes Dankeschön, für deine unbezahlbare Unterstützung!
HE

Falsche Links bei Anklicken der Suchergebnisse

Log-Analyse und Auswertung: Falsche Links bei Anklicken der Suchergebnisse