Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC slows down - msn search and click2begin

Started by Andreas Irmer , Sep 21 2005 03:21 AM

  • Please log in to reply

#1
Andreas Irmer
Posted 21 September 2005 - 03:21 AM

Andreas Irmer

    New Member

  • Member
  • Pip
  • 5 posts
Hello everybody,

your help is very much appreciated. As german user I have found your forum over the internet and already tryed to fix out my problems. After the third round now, I need your direct help. It started with decreasing reaction times of my computer Pentium 4 with Windows XP SP2. Then I have seen that during surfing the net more and more windows opened automativally. Now I have got the situation that I am looking for something in google.de, always two new windows will be openend - 1. msn search with various search results and 2. click2begin window which then moves to another site.
I hope my english is not too bad to understand.
Yesterday before I started repairing the system I had also some ABI Network remarks in it and over this search I have found you helpfull site.

ok, here is now the actual HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:20:43, on 21.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\SerExt.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Programme\Jana2\JanaAdmin.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Gigaset DECT\talk&surf\semon21.exe
C:\Programme\G DATA\AVKClient\AvkClSv.exe
C:\Programme\G DATA\AVKClient\AVKWCtl.exe
C:\Programme\G DATA\AVKClient\AVKAgent.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\G DATA\AVK ManagementServer\gdnss.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Jana2\janad.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Gigaset DECT\talk&surf\xcontrolcom.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\DOKUME~1\Andreas\LOKALE~1\Temp\Temporäres Verzeichnis 3 für hijackthis_199.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\G DATA\AVK ManagementServer\AVKPOP.EXE"
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SerExt] SerExt.exe /unplug
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: JanaAdmin.lnk = C:\Programme\Jana2\JanaAdmin.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken 2006 Zahlungserinnerung.lnk = C:\Programme\Quicken2006\billmind.exe
O4 - Global Startup: talk&surf 6.0 - Monitor.lnk = C:\Programme\Gigaset DECT\talk&surf\semon21.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O23 - Service: AVK Client - Unknown owner - C:\Programme\G DATA\AVKClient\AvkClSv.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA\AVKClient\AVKWCtl.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: AVK ManagementServer (GDNSS) - G DATA Software AG - C:\Programme\G DATA\AVK ManagementServer\gdnss.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Jana Server 2 (Janad) - Thomas Hauck, Privat - C:\Programme\Jana2\janad.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: xControlCOM - Siemens - C:\Programme\Gigaset DECT\talk&surf\xcontrolcom.exe

Awaiting your hopefully helpfull response in germany

Andreas Irmer
  • 0

Advertisements

#2
Metallica
Posted 24 September 2005 - 12:10 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hallo Andreas,


Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked.
Pay special attention all explorer and IE windows are closed.

O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll

That should do it.

Can you tell me to what program this belongs:
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll

Regards,
  • 0

#3
Andreas Irmer
Posted 25 September 2005 - 02:57 AM

Andreas Irmer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello Metallica,

thank you for your response. I have done what you wanted me to do. Because I have tried several other things in the meantime between my first postal and your answer, here is a new log: :)

Logfile of HijackThis v1.99.1
Scan saved at 10:51:13, on 25.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\G DATA\AVK ManagementServer\AVKPOP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\SerExt.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Programme\Jana2\JanaAdmin.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Gigaset DECT\talk&surf\semon21.exe
C:\Programme\G DATA\AVKClient\AvkClSv.exe
C:\Programme\G DATA\AVKClient\AVKWCtl.exe
C:\Programme\G DATA\AVKClient\AVKAgent.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\G DATA\AVK ManagementServer\gdnss.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Jana2\janad.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Programme\Gigaset DECT\talk&surf\xcontrolcom.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Dokumente und Einstellungen\Andreas\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\G DATA\AVK ManagementServer\AVKPOP.EXE"
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SerExt] SerExt.exe /unplug
O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v2] "C:\WINDOWS\system32\NSIS.Library.RegTool.v2.exe" /S
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: JanaAdmin.lnk = C:\Programme\Jana2\JanaAdmin.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken 2006 Zahlungserinnerung.lnk = C:\Programme\Quicken2006\billmind.exe
O4 - Global Startup: talk&surf 6.0 - Monitor.lnk = C:\Programme\Gigaset DECT\talk&surf\semon21.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O23 - Service: AVK Client - Unknown owner - C:\Programme\G DATA\AVKClient\AvkClSv.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA\AVKClient\AVKWCtl.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: AVK ManagementServer (GDNSS) - G DATA Software AG - C:\Programme\G DATA\AVK ManagementServer\gdnss.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Jana Server 2 (Janad) - Thomas Hauck, Privat - C:\Programme\Jana2\janad.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: xControlCOM - Siemens - C:\Programme\Gigaset DECT\talk&surf\xcontrolcom.exe

Please have a look if you can find other malware, spyware or simply awfullware things like that.

To your question: This belongs to the lexware online banking program Quicken deluxe 2006. :tazz:

Thanks for your help.
  • 0

#4
Metallica
Posted 25 September 2005 - 04:14 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Can you please download and install BHODemon from:
http://www.definitiv...om/bhodemon.htm

Use it to disable this BHO:
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll

That is the only malware in your log. I don't understand why HijackThis failed to remove it, so let me know if BHODemon is successfull.

Regards,
  • 0

#5
Andreas Irmer
Posted 25 September 2005 - 04:34 AM

Andreas Irmer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I have downloaded, installed and started. It didn't find ts. Her is the actual log of HIjackThis

Logfile of HijackThis v1.99.1
Scan saved at 12:32:43, on 25.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\G DATA\AVK ManagementServer\AVKPOP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\SerExt.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\Programme\Jana2\JanaAdmin.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Gigaset DECT\talk&surf\semon21.exe
C:\Programme\G DATA\AVKClient\AvkClSv.exe
C:\Programme\G DATA\AVKClient\AVKWCtl.exe
C:\Programme\G DATA\AVKClient\AVKAgent.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\G DATA\AVK ManagementServer\gdnss.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Jana2\janad.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Programme\Gigaset DECT\talk&surf\xcontrolcom.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programme\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\BHODemon 2\BHODemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Andreas\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\G DATA\AVK ManagementServer\AVKPOP.EXE"
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SerExt] SerExt.exe /unplug
O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v2] "C:\WINDOWS\system32\NSIS.Library.RegTool.v2.exe" /S
O4 - Startup: BHODemon 2.0.lnk = C:\Programme\BHODemon 2\BHODemon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: JanaAdmin.lnk = C:\Programme\Jana2\JanaAdmin.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken 2006 Zahlungserinnerung.lnk = C:\Programme\Quicken2006\billmind.exe
O4 - Global Startup: talk&surf 6.0 - Monitor.lnk = C:\Programme\Gigaset DECT\talk&surf\semon21.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?325
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O23 - Service: AVK Client - Unknown owner - C:\Programme\G DATA\AVKClient\AvkClSv.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\G DATA\AVKClient\AVKWCtl.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: AVK ManagementServer (GDNSS) - G DATA Software AG - C:\Programme\G DATA\AVK ManagementServer\gdnss.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Jana Server 2 (Janad) - Thomas Hauck, Privat - C:\Programme\Jana2\janad.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: xControlCOM - Siemens - C:\Programme\Gigaset DECT\talk&surf\xcontrolcom.exe


I think/hope I'm clean now?

Best regards

Andreas

By the way, I can surf the net without having popups and the machine is running quite fast and stable now!

Edited by Andreas Irmer, 25 September 2005 - 04:36 AM.

  • 0

#6
Metallica
Posted 25 September 2005 - 04:41 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Gone now. :tazz:

Please do have a look at my site about removing and preventing spyware.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP