bitte die hijackthis log überprüfen, danke!

Dieses Thema im Forum "Sicherheit" wurde erstellt von der blunt, 5. Oktober 2004.

Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. der blunt

    der blunt ROM

    Registriert seit:
    5. Oktober 2004
    Beiträge:
    1
    Logfile of HijackThis v1.98.2
    Scan saved at 16:37:23, on 05.10.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
    D:\WINDOWS\Mixer.exe
    D:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    D:\Programme\ahead\InCD\InCD.exe
    D:\programme\quicktimeplayer\qttask.exe
    D:\Programme\Grisoft\AVG6\avgcc32.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Programme\Messenger\msmsgs.exe
    D:\Programme\Grisoft\AVG6\avgw.exe
    D:\Programme\Internet Explorer\iexplore.exe
    D:\Dokumente und Einstellungen\***\Desktop\***\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.searchdot.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iwantsearch.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.t-online.de
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.searchdot.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOKUME~1\***1\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
    R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Dokumente und Einstellungen\***\Desktop\***\anderer krams\acrobatreader\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)
    O2 - BHO: (no name) - {C8BD2B1E-BEA4-4CF1-B12A-5D72E5200512} - D:\WINDOWS\System32\cabblaa.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\2.bin\MYBAR.DLL
    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)
    O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O4 - HKLM\..\Run: [T-DSL SpeedMgr] "D:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [RDLL] RunDll16.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [InCD] D:\Programme\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\programme\quicktimeplayer\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WeatherOnTray] D:\Programme\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [AVG_CC] D:\Programme\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AVG 6.0 for Windows.lnk = D:\Programme\Grisoft\AVG6\avgw.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Office2000\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\DOKUME~1\***\Desktop\***\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\DOKUME~1\***\Desktop\***\ICQ\ICQ.exe
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O13 - DefaultPrefix: h**p://ehttp.cc/?
    O13 - WWW Prefix: h**p://ehttp.cc/?
    O14 - IERESET.INF: START_PAGE_URL=h**p://www.t-online.de
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\ss.MHT!h**p://64.237.47.178//chm.chm::/1/e.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - h**p://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - h**p://207.188.7.150/06e558ad3c5637959118/netzip/RdxIE601_de.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - h**p://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
    O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - h**p://freeload.cc/secure/ieloader.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - h**p://www.installengine.com/engine/isetup.cab
    O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - h**p://install.serviceurl.de/StarInstall.ocx
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A421D7FA-6288-4447-B4DE-AF35C8412DB2}: NameServer = 217.237.151.97 217.237.150.33
    O18 - Filter: text/html - {E30D2839-A60F-40C4-974F-1722EABEF5F1} - D:\WINDOWS\System32\cabblaa.dll
    O18 - Filter: text/plain - {E30D2839-A60F-40C4-974F-1722EABEF5F1} - D:\WINDOWS\System32\cabblaa.dll

     
  2. mici46

    mici46 Kbyte

    Registriert seit:
    10. Juli 2001
    Beiträge:
    174
  3. Nevok

    Nevok Ganzes Gigabyte

    Registriert seit:
    3. Oktober 2002
    Beiträge:
    12.196
    Hallo der blunt

    Starte deinen Rechner im abgesicherten Modus (beim Systemstart F8 drücken), scanne nochmals dein System mit HijackThis und lass folgende Einträge fixen (vorn anhaken):


    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.searchdot.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iwantsearch.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.searchdot.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOKUME~1\***1\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)

    O2 - BHO: (no name) - {C8BD2B1E-BEA4-4CF1-B12A-5D72E5200512} - D:\WINDOWS\System32\cabblaa.dll (file missing)

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\2.bin\MYBAR.DLL

    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)

    O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O13 - DefaultPrefix: h**p://%65%68%74%74%70%2E%63%63/?

    O13 - WWW Prefix: h**p://%65%68%74%74%70%2E%63%63/?

    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\ss.MHT!h**p://64.237.47.178//chm.chm::/1/e.exe


    Anschließend startest du den Rechner neu, scannst das System nochmal mit HijackThis und postest das neue Log hier.

    Gruß
    Nevok
     
Status des Themas:
Es sind keine weiteren Antworten möglich.

Diese Seite empfehlen