Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hijacker??????? (https://www.trojaner-board.de/17126-hijacker.html)

Tossi65 27.04.2005 15:11
Hijacker???????
 
Hallo Leute,
ich versuche verzweifelt diesen Eintrag aus der Registry zu entfernen, baer ich bekomme ihn nicht weg. Kaum gelöscht und schon ist er wieder da.
http://best-find.org/index.html

Könnt ihr mir weiterhelfen? Anbei das HiJack.log



Danke Tossi


Sorry :aplaus:

AoH|Tharall 27.04.2005 15:22
Wo sollen des HJ-Logfile sein? :confused: :confused: :confused:

gary 28.04.2005 07:28
Hallo Tossi65,

Ich poste dein Log für dich, damit dein Problem nicht unter den Threads verlorengeht und weil der vorherige "Hilfesteller" mit Zitat

Zitat:
Wo sollen des HJ-Logfile sein? :confused: :confused: :confused:
blind genug war dein Anhang nicht zu sehen http://www.salacious.de/Smiliez/Gefu...ern/sch773.gif



Logfile of HijackThis v1.99.0
Scan saved at 16:46:14, on 25.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\totalcmd\TOTALCMD.EXE
D:\Programme\Viren und Trojaner\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://best-find.org/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-find.org/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-find.org/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://best-find.org/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-find.org/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://best-find.org/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best-find.org/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://best-find.org/index.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOKUME~1\Torsten\LOKALE~1\Temp\ImInstaller\IncrediMail\imloader.exe -startup -product IncrediMail -skip_dialog language -skip_dialog info
O4 - HKCU\..\Run: [Spyware Doctor] "d:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [IncrediMail] d:\Programme\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Edit with &XML Spy - C:\Programme\Altova\XMLSPY2004\spy.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSPY2004\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSPY2004\spy.htm (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents...r/imloader.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: ewido security suite control - ewido networks - d:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAP Internet Graphics Server - Unknown - t:\Programme\SAPpc\SapGui\srvany.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe


gruss

gary ;)

gary 28.04.2005 17:08
@ Tossi 65

1. Lade dir eine neue Version von HijackThis.Gehe hier zur Anleitung.
Lade dir eScan download ,anleitung

Lade Clearprog runter
2.Update dein System. (Platform: Windows XP SP1 (WinNT 5.01.2600))


Deaktiviere deine Systemwiederherstellung, in abgesichertem Modi wechseln,Hijackthis scannen lassen,folgendes fixen
Zitat:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://best-find.org/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best-find.org/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-find.org/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://best-find.org/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://best-find.org/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-find.org/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://best-find.org/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://best-find.org/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://best-find.org/index.html
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOKUME~1\Torsten\LOKALE~1\Temp\ImInstaller\IncrediMail\imloader.exe -startup -product IncrediMail -skip_dialog language -skip_dialog info - Unbekannt
O8 - Extra context menu item: Edit with XML Spy - C:\Programme\Altova\XMLSPY2004\spy.htm
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958}
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSPY2004\spy.htm (HKCU)
Suche diesen Ordner C:\Programme\Altova\XMLSPY2004\spy.htm bzw. Datei(en)
und lösche sie.

Führe Clearprog aus (alles anhaken), danach lässt du escan laufen, speichere das ergebniss(Log), danach nochmal Clearprog aus,neu booten, Systemiederherstellung aktivieren,dann Hijackthis Log & eScan Log hier posten.

gary





Alle Zeitangaben in WEZ +1. Es ist jetzt 15:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20