1. Liebe Forumsgemeinde,

    aufgrund der Bestimmungen, die sich aus der DSGVO ergeben, müssten umfangreiche Anpassungen am Forum vorgenommen werden, die sich für uns nicht wirtschaftlich abbilden lassen. Daher haben wir uns entschlossen, das Forum in seiner aktuellen Form zu archivieren und online bereit zu stellen, jedoch keine Neuanmeldungen oder neuen Kommentare mehr zuzulassen. So ist sichergestellt, dass das gesammelte Wissen nicht verloren geht, und wir die Seite dennoch DSGVO-konform zur Verfügung stellen können.
    Dies wird in den nächsten Tagen umgesetzt.

    Ich danke allen, die sich in den letzten Jahren für Hilfesuchende und auch für das Forum selbst engagiert haben. Ich bin weiterhin für euch erreichbar unter tti(bei)pcwelt.de.
    Dismiss Notice

bitte die hijackthis log überprüfen, danke!

Discussion in 'Sicherheit' started by der blunt, Oct 5, 2004.

Thread Status:
Not open for further replies.
  1. der blunt

    der blunt ROM

    Logfile of HijackThis v1.98.2
    Scan saved at 16:37:23, on 05.10.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
    D:\WINDOWS\Mixer.exe
    D:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    D:\Programme\ahead\InCD\InCD.exe
    D:\programme\quicktimeplayer\qttask.exe
    D:\Programme\Grisoft\AVG6\avgcc32.exe
    D:\WINDOWS\System32\ctfmon.exe
    D:\Programme\Messenger\msmsgs.exe
    D:\Programme\Grisoft\AVG6\avgw.exe
    D:\Programme\Internet Explorer\iexplore.exe
    D:\Dokumente und Einstellungen\***\Desktop\***\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.search-1.net/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.searchdot.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iwantsearch.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.t-online.de
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.searchdot.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOKUME~1\***1\LOKALE~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
    R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Dokumente und Einstellungen\***\Desktop\***\anderer krams\acrobatreader\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)
    O2 - BHO: (no name) - {C8BD2B1E-BEA4-4CF1-B12A-5D72E5200512} - D:\WINDOWS\System32\cabblaa.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\2.bin\MYBAR.DLL
    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)
    O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll
    O4 - HKLM\..\Run: [T-DSL SpeedMgr] "D:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [RDLL] RunDll16.exe
    O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [InCD] D:\Programme\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\programme\quicktimeplayer\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WeatherOnTray] D:\Programme\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [AVG_CC] D:\Programme\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
    O4 - Global Startup: AVG 6.0 for Windows.lnk = D:\Programme\Grisoft\AVG6\avgw.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Office2000\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\DOKUME~1\***\Desktop\***\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\DOKUME~1\***\Desktop\***\ICQ\ICQ.exe
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
    O13 - DefaultPrefix: h**p://ehttp.cc/?
    O13 - WWW Prefix: h**p://ehttp.cc/?
    O14 - IERESET.INF: START_PAGE_URL=h**p://www.t-online.de
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\ss.MHT!h**p://64.237.47.178//chm.chm::/1/e.exe
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - h**p://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - h**p://207.188.7.150/06e558ad3c5637959118/netzip/RdxIE601_de.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - h**p://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
    O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - h**p://freeload.cc/secure/ieloader.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - h**p://www.installengine.com/engine/isetup.cab
    O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - h**p://install.serviceurl.de/StarInstall.ocx
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A421D7FA-6288-4447-B4DE-AF35C8412DB2}: NameServer = 217.237.151.97 217.237.150.33
    O18 - Filter: text/html - {E30D2839-A60F-40C4-974F-1722EABEF5F1} - D:\WINDOWS\System32\cabblaa.dll
    O18 - Filter: text/plain - {E30D2839-A60F-40C4-974F-1722EABEF5F1} - D:\WINDOWS\System32\cabblaa.dll
     
    der blunt, Oct 5, 2004
    #1
  2. mici46

    mici46 Kbyte

    mici46, Oct 5, 2004
    #2
  3. Nevok

    Nevok Ganzes Gigabyte

    Hallo der blunt

    Starte deinen Rechner im abgesicherten Modus (beim Systemstart F8 drücken), scanne nochmals dein System mit HijackThis und lass folgende Einträge fixen (vorn anhaken):


    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.search-1.net/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.searchdot.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.iwantsearch.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOKUME~1\***\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.searchdot.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOKUME~1\***1\LOKALE~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)

    O2 - BHO: (no name) - {C8BD2B1E-BEA4-4CF1-B12A-5D72E5200512} - D:\WINDOWS\System32\cabblaa.dll (file missing)

    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\2.bin\MYBAR.DLL

    O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Programme\Hotbar\bin\4.5.1.0\HbHostIE.dll (file missing)

    O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - D:\WINDOWS\Downloaded Program Files\rundlg32.dll

    O13 - DefaultPrefix: h**p://%65%68%74%74%70%2E%63%63/?

    O13 - WWW Prefix: h**p://%65%68%74%74%70%2E%63%63/?

    O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\ss.MHT!h**p://64.237.47.178//chm.chm::/1/e.exe


    Anschließend startest du den Rechner neu, scannst das System nochmal mit HijackThis und postest das neue Log hier.

    Gruß
    Nevok
     
    Nevok, Oct 5, 2004
    #3
Thread Status:
Not open for further replies.

Share This Page