Hallo milleniumman und Willkommen an Board,
vielleicht kannst Du uns die interessanten Stellen des Logs von eScan einmal hier posten, also die 3 Trojaner-Funde und die 24 Auffälligkeiten?!?
Verschiebe bitte die
HIJACKTHIS.EXE in ein eigenes Verzeichnis, z.b. C:\Hijackthis\ , damit von den folgenden Änderungen ein Backup erstellt werden kann und fixe dann mit
HijackThis folgendes:
Zitat:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bigbr.cc?u=1538 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bigbr.cc?u=1538 (obfuscated)
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAMME\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAMME\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O13 - DefaultPrefix: http://%6C%66%6E%6D%63%6A%77%2E%62%69%7A?u=1526&error=
O13 - WWW Prefix: http://%6C%66%6E%6D%63%6A%77%2E%62%69%7A?u=1526&error=
O13 - Home Prefix: http://%6C%66%6E%6D%63%6A%77%2E%62%69%7A?u=1526&error=
O13 - Mosaic Prefix: http://%6C%66%6E%6D%63%6A%77%2E%62%69%7A?u=1526&error=
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
|
Boote anschließend den Rechner einmal neu und erstelle ein neues Log mit HijackThis.
27.07.2004, 19:39
Hybrid-Darstellung
