|
Logfile bitte helfen Habe ein Problem mit dem Internet Explorer. Wenn ich ins Internet gehe, öffnen sich nach einiger Zeit automatisch und im Hintergrund einige Internetseiten, die ich aber selbst nicht sehe, sondern nur im Task-Manager bemerke. Hab schon spybot und adaware laufen lassen. Sie haben was gefunden, was ich dann eliminiert habe. Das hat aber das Problem nicht behoben. Hier mein Hijackthis-Logfile. Es wäre sehr nett wenn mir jemand helfen könnte, mir kommen die Einträge unter R0 und R1 komisch vor, weiß aber nicht genau wie ich weiter vorgehen soll. Logfile of HijackThis v1.99.1 Scan saved at 09:58:28, on 07.06.05 Platform: Windows NT 4 SP6 (WinNT 4.00.1381) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\nddeagnt.exe C:\WINNT\Explorer.exe C:\WINNT\System32\loadwc.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Network Associates\Common Framework\UpdaterUI.exe C:\Programme\Microsoft Office\Office\OSA.EXE C:\Programme\Microsoft Office\Office\FINDFAST.EXE C:\Corel\Graphics8\Programs\MFIndexer.exe C:\WINNT\explorer.exe C:\WINNT\System32\loadwc.exe C:\Programme\Microsoft Office\Office\OSA.EXE C:\Corel\Graphics8\Programs\MFIndexer.exe C:\WINNT\System32\ddhelp.exe C:\Programme\Microsoft Office\Office\FINDFAST.EXE C:\TEMP\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = h**p://young.comicsevolution.com/galleries2.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://young.comicsevolution.com/galleries2.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://young.comicsevolution.com/galleries2.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://young.comicsevolution.com/galleries2.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://young.comicsevolution.com/galleries2.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://keyword.netscape.com/keyword/%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://keyword.netscape.com/keyword/%s R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Corel Network monitor worker - {9721C730-20E1-11D9-BEC8-00104B7055D4} - C:\WINNT\Profiles\Administrator\Temporary Internet Files\Content.IE5\RCUN0FWU\null[1].exe (file missing) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {9721C730-20E1-11D9-BEC8-00104B7055D4} - C:\WINNT\Profiles\Administrator\Temporary Internet Files\Content.IE5\RCUN0FWU\null[1].exe (file missing) O9 - Extra button: Corel Network monitor worker - {A6B933A0-20D6-11D9-BEC8-00104B7055D4} - C:\WINNT\System32\iegfxfrw.dll O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A6B933A0-20D6-11D9-BEC8-00104B7055D4} - C:\WINNT\System32\iegfxfrw.dll O9 - Extra button: Corel Network monitor worker - {A6B933A0-20D6-11D9-BEC8-00104B7055D4} - C:\WINNT\System32\iegfxfrw.dll (HKCU) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A6B933A0-20D6-11D9-BEC8-00104B7055D4} - C:\WINNT\System32\iegfxfrw.dll (HKCU) O12 - Plugin for .mol: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .pdb: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .SCR: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .uk/uwc/biosi/staff/berry/chime/: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .xyz: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O13 - WWW. Prefix: h**p:// O16 - DPF: Win32 Classes - file://C:\WINNT\Java\classes\win32ie4.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://www.bitdefender.de/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - h**p://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 195.143.108.2 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 195.143.108.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 195.143.108.2 O23 - Service: 3Com dRMON SmartAgent PC Software (dRMON SmartAgent) - 3Com Corp. - C:\WINNT\System32\drmon\smartagt\smartagt.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\vstskmgr.exe |
Hallo Herbi, wechsel in den VGA-Modus und fixe (Scan mit HJT, Häckchen vor Eintrag und auf fix checked klicken): alle "R"-Einträge O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Corel Network monitor worker - {9721C730-20E1-11D9-BEC8-00104B7055D4} - C:\WINNT\Profiles\Administrator\Temporary Internet Files\Content.IE5\RCUN0FWU\null[1].exe (file missing) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {9721C730-20E1-11D9-BEC8-00104B7055D4} - C:\WINNT\Profiles\Administrator\Temporary Internet Files\Content.IE5\RCUN0FWU\null[1].exe (file missing) O13 - WWW. Prefix: h**p:// O16 - DPF: Win32 Classes - file://C:\WINNT\Java\classes\win32ie4.cab Lösche manuell: C:\WINNT\Java\classes\win32ie4.cab Neustart --> neues Logfile Benutze zukünftig zum Surfen einen sicheren Browser . dartus |
@Herbi wechsle in den abgesicherten modus und fixe mit HJT R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = h**p://young.comicsevolution.com/galleries2.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://young.comicsevolution.com/galleries2.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://young.comicsevolution.com/galleries2.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://young.comicsevolution.com/galleries2.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://young.comicsevolution.com/galleries2.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://keyword.netscape.com/keyword/%s R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://keyword.netscape.com/keyword/%s R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Corel Network monitor worker - {9721C730-20E1-11D9-BEC8-00104B7055D4} - C:\WINNT\Profiles\Administrator\Temporary Internet Files\Content.IE5\RCUN0FWU\null[1].exe (file missing) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {9721C730-20E1-11D9-BEC8-00104B7055D4} - C:\WINNT\Profiles\Administrator\Temporary Internet Files\Content.IE5\RCUN0FWU\null[1].exe (file missing) neu booten, neues HJT logfile posten chaosman |
Vielen Dank für die schnelle Hilfe. Hab alles, so wie ihr geschrieben habt, durchgeführt und hänge das neue Hijackthis-Logfile an. Logfile of HijackThis v1.99.1 Scan saved at 13:36:33, on 08.06.05 Platform: Windows NT 4 SP6 (WinNT 4.00.1381) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\nddeagnt.exe C:\WINNT\Explorer.exe C:\WINNT\System32\loadwc.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Network Associates\Common Framework\UpdaterUI.exe C:\Programme\Microsoft Office\Office\OSA.EXE C:\Programme\Microsoft Office\Office\FINDFAST.EXE C:\Corel\Graphics8\Programs\MFIndexer.exe C:\PROGRA~1\ULTIMA~1\uzip.exe C:\TEMP\HIJACKTHIS.EXE F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O9 - Extra button: Corel Network monitor worker - {A6B933A0-20D6-11D9-BEC8-00104B7055D4} - C:\WINNT\System32\iegfxfrw.dll (file missing) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A6B933A0-20D6-11D9-BEC8-00104B7055D4} - C:\WINNT\System32\iegfxfrw.dll (file missing) O9 - Extra button: Corel Network monitor worker - {A6B933A0-20D6-11D9-BEC8-00104B7055D4} - C:\WINNT\System32\iegfxfrw.dll (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {A6B933A0-20D6-11D9-BEC8-00104B7055D4} - C:\WINNT\System32\iegfxfrw.dll (file missing) (HKCU) O12 - Plugin for .mol: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .pdb: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .SCR: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .uk/uwc/biosi/staff/berry/chime/: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .xyz: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://www.bitdefender.de/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - h**p://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 195.143.108.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 195.143.108.2 O23 - Service: 3Com dRMON SmartAgent PC Software (dRMON SmartAgent) - 3Com Corp. - C:\WINNT\System32\drmon\smartagt\smartagt.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\vstskmgr.exe |
Hallo Herbi, den "02"- und die "09"-Einträge bitte noch fixen. Falls diese Datei noch vorhanden ist, löschen: C:\WINNT\System32\iegfxfrw.dll dartus |
Vielen Dank für eure Hilfe, ich glaube ich bin das Problem los. Trotzdem habe ich nochmal das logfile angehängt. Logfile of HijackThis v1.99.1 Scan saved at 16:41:54, on 08.06.05 Platform: Windows NT 4 SP6 (WinNT 4.00.1381) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\nddeagnt.exe C:\WINNT\Explorer.exe C:\WINNT\System32\loadwc.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Network Associates\Common Framework\UpdaterUI.exe C:\Programme\Microsoft Office\Office\OSA.EXE C:\Corel\Graphics8\Programs\MFIndexer.exe C:\Programme\Microsoft Office\Office\FINDFAST.EXE C:\PROGRA~1\ULTIMA~1\uzip.exe C:\TEMP\HIJACKTHIS.EXE F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe O12 - Plugin for .mol: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .pdb: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .SCR: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .uk/uwc/biosi/staff/berry/chime/: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O12 - Plugin for .xyz: C:\PROGRA~1\MICROS~2\IE401SP1\PLUGINS\npchime.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://www.bitdefender.de/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - h**p://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 195.143.108.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 195.143.108.2 O23 - Service: 3Com dRMON SmartAgent PC Software (dRMON SmartAgent) - 3Com Corp. - C:\WINNT\System32\drmon\smartagt\smartagt.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\vstskmgr.exe |
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 19:28 Uhr. |
Copyright ©2000-2025, Trojaner-Board