bitte die hijackthis log überprüfen, danke!

Dieses Thema im Forum "Sicherheit" wurde erstellt von der blunt, 5. Oktober 2004.

Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. der blunt

    der blunt ROM

    Logfile of HijackThis v1.98.2
    Scan saved at 16:37:23, on 05.10.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
    D:\WINDOWS\Mixer.exe
    D:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    D:\Programme\ahead\InCD\InCD.exe
    D:\programme\quicktimeplayer\qttask.exe
    D:\Programme\Grisoft\AVG6\avgcc32.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Programme\Messenger\msmsgs.exe
    D:\Programme\Grisoft\AVG6\avgw.exe
    D:\Programme\Internet Explorer\iexplore.exe
    D:\Dokumente und Einstellungen\***\Desktop\***\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.searchdot.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iwantsearch.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.t-online.de
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.searchdot.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOKUME~1\***1\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
    R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Dokumente und Einstellungen\***\Desktop\***\anderer krams\acrobatreader\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)
    O2 - BHO: (no name) - {C8BD2B1E-BEA4-4CF1-B12A-5D72E5200512} - D:\WINDOWS\System32\cabblaa.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\2.bin\MYBAR.DLL
    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)
    O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O4 - HKLM\..\Run: [T-DSL SpeedMgr] "D:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [RDLL] RunDll16.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [InCD] D:\Programme\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\programme\quicktimeplayer\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WeatherOnTray] D:\Programme\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [AVG_CC] D:\Programme\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AVG 6.0 for Windows.lnk = D:\Programme\Grisoft\AVG6\avgw.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Office2000\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\DOKUME~1\***\Desktop\***\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\DOKUME~1\***\Desktop\***\ICQ\ICQ.exe
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O13 - DefaultPrefix: h**p://ehttp.cc/?
    O13 - WWW Prefix: h**p://ehttp.cc/?
    O14 - IERESET.INF: START_PAGE_URL=h**p://www.t-online.de
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\ss.MHT!h**p://64.237.47.178//chm.chm::/1/e.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - h**p://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - h**p://207.188.7.150/06e558ad3c5637959118/netzip/RdxIE601_de.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - h**p://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
    O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - h**p://freeload.cc/secure/ieloader.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - h**p://www.installengine.com/engine/isetup.cab
    O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - h**p://install.serviceurl.de/StarInstall.ocx
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A421D7FA-6288-4447-B4DE-AF35C8412DB2}: NameServer = 217.237.151.97 217.237.150.33
    O18 - Filter: text/html - {E30D2839-A60F-40C4-974F-1722EABEF5F1} - D:\WINDOWS\System32\cabblaa.dll
    O18 - Filter: text/plain - {E30D2839-A60F-40C4-974F-1722EABEF5F1} - D:\WINDOWS\System32\cabblaa.dll

     
  2. mici46

    mici46 Kbyte

  3. Nevok

    Nevok Ganzes Gigabyte

    Hallo der blunt

    Starte deinen Rechner im abgesicherten Modus (beim Systemstart F8 drücken), scanne nochmals dein System mit HijackThis und lass folgende Einträge fixen (vorn anhaken):


    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.searchdot.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iwantsearch.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.searchdot.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOKUME~1\***1\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)

    O2 - BHO: (no name) - {C8BD2B1E-BEA4-4CF1-B12A-5D72E5200512} - D:\WINDOWS\System32\cabblaa.dll (file missing)

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\2.bin\MYBAR.DLL

    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)

    O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O13 - DefaultPrefix: h**p://%65%68%74%74%70%2E%63%63/?

    O13 - WWW Prefix: h**p://%65%68%74%74%70%2E%63%63/?

    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\ss.MHT!h**p://64.237.47.178//chm.chm::/1/e.exe


    Anschließend startest du den Rechner neu, scannst das System nochmal mit HijackThis und postest das neue Log hier.

    Gruß
    Nevok
     
Status des Themas:
Es sind keine weiteren Antworten möglich.

Diese Seite empfehlen