|
bitte hilfe, hab große probleme habe zur auswertung ein logfile mitgebracht.Wäre nett wenn ihr mir dabei helfen würdet: Logfile of HijackThis v1.99.1 Scan saved at 14:43:33, on 28.07.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOINTGR.EXE C:\WINDOWS\soundman.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Media Gateway\MediaGateway.exe C:\WINDOWS\System32\tojkacaj.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\Programme\ISTsvc\istsvc.exe C:\WINDOWS\nhimdi.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Blbcrmu\Qpshxp.exe C:\Programme\ProSiteFinder\prositefinder.exe C:\Program Files\Internet Optimizer\actalert.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\ProSiteFinder\prositefinder.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe C:\Programme\Valve\Steam\Steam.exe C:\Programme\MSN\MSNCoreFiles\msn6.exe C:\DOKUME~1\BJRNIS~1\LOKALE~1\Temp\set4B.tmp C:\Dokumente und Einstellungen\Björn iser\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4348 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4348 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: (no name) - _{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - (no file) O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts O1 - Hosts: 82.179.166.164 lender-search.com O1 - Hosts: 82.179.166.165 hot-searches.com O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\System32\WStart.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {CFF613BF-2552-78C4-DED5-562B95E4AF3D} - C:\DOKUME~1\BJRNIS~1\ANWEND~1\BEEPHO~1\Remote Style.exe (file missing) O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\System32\azesearch4.ocx O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [soundmanager] soundman.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - HKLM\..\Run: [tojkacaj] C:\WINDOWS\System32\tojkacaj.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [1QBU] C:\WINDOWS\nhimdi.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe O4 - HKLM\..\Run: [Power Scan] C:\Programme\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Zgwqn] C:\Program Files\Blbcrmu\Qpshxp.exe O4 - HKLM\..\Run: [ProSiteFinder] C:\Programme\ProSiteFinder\prositefinder.exe O4 - HKLM\..\Run: [NTCommLib3] C:\WINDOWS\System32\NTCommLib3.exe O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [T-Online_Software_5\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized O4 - HKCU\..\Run: [wizz] C:\PROGRA~1\COMMON~1\wizz\wizzm.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller7003.exe" O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule.de\emule.exe -AutoStart O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Microsoft AntiSpyware helper - {5F3A1EB0-15B8-4FEC-9062-944D65A30E94} - C:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5F3A1EB0-15B8-4FEC-9062-944D65A30E94} - C:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Microsoft AntiSpyware helper - {5F3A1EB0-15B8-4FEC-9062-944D65A30E94} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5F3A1EB0-15B8-4FEC-9062-944D65A30E94} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU) O9 - Extra button: MedionShop - {811DDDB7-933B-4717-8A6B-4F86A67E0F9F} - http://www.medionshop.de/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Marmiko ZeroConfig Controller (MZCCntrl) - Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ________________________________---- vielen dank im voraus |
Dein System ist veraltet. Mache einen eScan und poste das mit der find.bat erzeute Log. Beachte genau die Anleitung. http://www.trojaner-board.de/showthread.php?t=17492 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 17:59 Uhr. |
Copyright ©2000-2026, Trojaner-Board