Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   hot-serach...nein danke...also HILFE, BITTE!!! (https://www.trojaner-board.de/23123-hot-serach-danke-also-hilfe-bitte.html)

Quentin 28.10.2005 16:04
hot-serach...nein danke...also HILFE, BITTE!!!
 
hier kommt das log-file! bitte helft mir diesen plagegeist von meiner festplatte zu kicken!

Logfile of HijackThis v1.99.0

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:

http://www.trojaner-board.de/showpost.php?p=171957&postcount=1


danke
GUA
[/edit]

Quentin 28.10.2005 19:49
entschuldigung, mein versehen. soll nicht wieder vorkommen. bekomme ich bitte trotzdem hilfe?

Logfile of HijackThis v1.99.0
Scan saved at 16:27:19, on 28.10.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
D:\STUFF\VIREN UND TROJANER\HIGHJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://hot-searches.com/search.php?v=6&aff=9086460
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://hot-searches.com/index.php?v=6&aff=9086460
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://hot-searches.com/index.php?v=6&aff=9086460
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe
F1 - win.ini: run=C:\WINDOWS\hpfsched.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Programme\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\SYSTEM\XPLUGIN.DLL

Haui45 28.10.2005 20:20
Fixe diese Einträge im abgesicherten Modus.

Zitat:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://hot-searches.com/search.php?v=6&aff=9086460
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://hot-searches.com/index.php?v=6&aff=9086460
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://hot-searches.com/index.php?v=6&aff=9086460
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\SYSTEM\XPLUGIN.DLL
Lösche diese Dateien:
C:\WINDOWS\SYSTEM\XPLUGIN.DLL
C:\WINDOWS\SYSTEM\tmksrvu.exe
C:\WINDOWS\SYSTEM\nsdb\hosts


Weitere Anweisungen von Symantec
Zitat:
4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

1. Click Start > Run.
2. Type regedit

Then click OK.

3. Navigate to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

In the right pane, delete the values:

"hpnt" = "[random value]"
"SetHP" = "[random value]"

4. Navigate to the subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

In the right pane, reset the value to:

"DataBasePath" = "%System%\drivers\etc\hosts"

5. Navigate to the subkey [if present]:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters

In the right pane, reset the value:

"DataBasePath" = "%System%\drivers\etc\hosts"

6. Navigate to and delete the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\XPlugin.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AC3F36D4-F905-4FE9-A926-EB937E66F591}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE79D398-AAAF-47B1-8C9E-11F7D4C9111B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XPlugin.XFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XPlugin.XFilter.1
HKEY_LOCAL_MACHINE\SOFTWARE\TMKSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html

7. Exit the Registry Editor.
Quelle: http://sarc.com/avcenter/venc/data/a...t.xplugin.html

Führe einen Scan mit eScan durch und poste das Ergebnis.
Anmerkung: Die Find.bat wird nicht funktionieren, vgl. dazu dieses Posting.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22