belt.exe und anderes urvieh

onkelkarlo · Jul 29, 2004

hallo zusammen, was geht hier vor? Kann mir jemand helfen? Bin wirklich am verzweifeln.

Logfile of HijackThis v1.98.0
Scan saved at 17:20:35, on 29.07.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\VeriSign\NAVI\naviagent.exe
C:\WINNT\PMJ151LA.BIN
C:\WINNT\system32\regsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\ctfmon.exe
C:\Programme\Nikon\PictureProject\NkbMonitor.exe
C:\WINNT\explorer.exe
C:\Programme\Opera7\Opera.exe
C:\Dokumente und Einstellungen\dieter\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://69.31.79.101/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.101/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://69.31.79.101/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.101/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.101/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.101/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.101/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.31.79.101/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.79.101/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.31.79.101/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.31.79.101/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.101/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.101/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.101/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.101/search.html
R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O1 - Hosts: 69.31.79.101 auto.search.msn.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: VeriSign Inc. i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_1_4.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programme\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - (no file)
O9 - Extra 'Tools' menuitem: Optionen für i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - (no file)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?0&4&unknown&unknown
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.101/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{513594F3-5A22-470E-B656-6EA9B66229B3}: NameServer = 192.168.1.2,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wmpe.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wmpe.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wmpe.local

Cidre · Jul 29, 2004

Hallo,

wende Punkt 1 bis 4 an und poste danach ein neues Log-File:
http://board.protecus.de/showtopic....1091102162&s=88b315fe40f8184798b9e5c08c4aae42

Nevok · Jul 29, 2004

Hallöchen... :winke:

Ich war mal so frei, den Thread ins Viren- und Trojaner-Board zu verschieben.

@ onkelkarlo

Bitte Punkt 5 der Nutzungsbedingungen beachten, sonst gibt das Schimpfe!

Gruß
Nevok

Log in or Sign up

belt.exe und anderes urvieh

onkelkarlo ROM

Cidre Halbes Megabyte

Nevok Ganzes Gigabyte

Share This Page