Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Fixen geht nicht, Internet macht Probleme (https://www.trojaner-board.de/88009-fixen-geht-internet-macht-probleme.html)

bmg1980 11.07.2010 15:35
Fixen geht nicht, Internet macht Probleme
 
Hallo,

habe Probleme mit Google und Internet.....Hatte security master av drauf und dies laut Anleitung gelöscht.
Allerdings spinnt mein PC immer noch, vor allem im Internet.....
Suche in google verweist auf XXX-Seiten, usw.

Habe bereits schon mein HJT-Log ausgewertet...Allerdings tauchen gefixte Datein nach dem Scannen, bzw. fixen erneut auf.......

Kann mir jemand helfen?
Hier das log.:

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:48, on 11.07.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Mayr Software & Netzwerke\GetMyScreen\GetMyScreen.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ingres\IngresII\ingres\bin\servproc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Ingres\IngresII\ingres\bin\iigcn.exe
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TightVNC\WinVNC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Ingres\IngresII\ingres\bin\iigcc.exe
c:\Progra~1\Planat\FEPA\exe\feap.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\programme\avira\antivir desktop\avcenter.exe
C:\Programme\Avira\AntiVir Desktop\avscan.exe
C:\Programme\Avira\AntiVir Desktop\avmailc.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://docs.wafa-int.net:500
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von WAFA Kunststofftech. GmbH
O1 - Hosts: 89.149.193.57 www.google.com
O1 - Hosts: 89.149.193.57 us.search.yahoo.com
O1 - Hosts: 89.149.193.57 uk.search.yahoo.com
O1 - Hosts: 89.149.193.57 search.yahoo.com
O1 - Hosts: 89.149.193.57 www.google.com.br
O1 - Hosts: 89.149.193.57 www.google.it
O1 - Hosts: 89.149.193.57 www.google.es
O1 - Hosts: 89.149.193.57 www.google.co.jp
O1 - Hosts: 89.149.193.57 www.google.com.mx
O1 - Hosts: 89.149.193.57 www.google.ca
O1 - Hosts: 89.149.193.57 www.google.com.au
O1 - Hosts: 89.149.193.57 www.google.nl
O1 - Hosts: 89.149.193.57 www.google.co.za
O1 - Hosts: 89.149.193.57 www.google.be
O1 - Hosts: 89.149.193.57 www.google.gr
O1 - Hosts: 89.149.193.57 www.google.at
O1 - Hosts: 89.149.193.57 www.google.se
O1 - Hosts: 89.149.193.57 www.google.ch
O1 - Hosts: 89.149.193.57 www.google.pt
O1 - Hosts: 89.149.193.57 www.google.dk
O1 - Hosts: 89.149.193.57 www.google.fi
O1 - Hosts: 89.149.193.57 www.google.ie
O1 - Hosts: 89.149.193.57 www.google.no
O1 - Hosts: 89.149.193.57 www.google.de
O1 - Hosts: 89.149.193.57 www.google.fr
O1 - Hosts: 89.149.193.57 www.google.co.uk
O1 - Hosts: 89.149.193.57 www.bing.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 74.55.47.101 www.google.com
O1 - Hosts: 74.55.47.101 google.com
O1 - Hosts: 74.55.47.101 google.com.au
O1 - Hosts: 74.55.47.101 www.google.com.au
O1 - Hosts: 74.55.47.101 google.be
O1 - Hosts: 74.55.47.101 www.google.be
O1 - Hosts: 74.55.47.101 google.com.br
O1 - Hosts: 74.55.47.101 www.google.com.br
O1 - Hosts: 74.55.47.101 google.ca
O1 - Hosts: 74.55.47.101 www.google.ca
O1 - Hosts: 74.55.47.101 google.ch
O1 - Hosts: 74.55.47.101 www.google.ch
O1 - Hosts: 74.55.47.101 google.de
O1 - Hosts: 74.55.47.101 www.google.de
O1 - Hosts: 74.55.47.101 google.dk
O1 - Hosts: 74.55.47.101 www.google.dk
O1 - Hosts: 74.55.47.101 google.fr
O1 - Hosts: 74.55.47.101 www.google.fr
O1 - Hosts: 74.55.47.101 google.ie
O1 - Hosts: 74.55.47.101 www.google.ie
O1 - Hosts: 74.55.47.101 google.it
O1 - Hosts: 74.55.47.101 www.google.it
O1 - Hosts: 74.55.47.101 google.co.jp
O1 - Hosts: 74.55.47.101 www.google.co.jp
O1 - Hosts: 74.55.47.101 google.nl
O1 - Hosts: 74.55.47.101 www.google.nl
O1 - Hosts: 74.55.47.101 google.no
O1 - Hosts: 74.55.47.101 www.google.no
O1 - Hosts: 74.55.47.101 google.co.nz
O1 - Hosts: 74.55.47.101 www.google.co.nz
O1 - Hosts: 74.55.47.101 google.pl
O1 - Hosts: 74.55.47.101 www.google.pl
O1 - Hosts: 74.55.47.101 google.se
O1 - Hosts: 74.55.47.101 www.google.se
O1 - Hosts: 74.55.47.101 google.co.uk
O1 - Hosts: 74.55.47.101 www.google.co.uk
O1 - Hosts: 74.55.47.101 google.co.za
O1 - Hosts: 74.55.47.101 www.google.co.za
O1 - Hosts: 74.55.47.101 www.google-analytics.com
O1 - Hosts: 74.55.47.101 www.bing.com
O1 - Hosts: 74.55.47.101 search.yahoo.com
O1 - Hosts: 74.55.47.101 www.search.yahoo.com
O1 - Hosts: 74.55.47.101 uk.search.yahoo.com
O1 - Hosts: 74.55.47.101 ca.search.yahoo.com
O1 - Hosts: 74.55.47.101 de.search.yahoo.com
O1 - Hosts: 74.55.47.101 fr.search.yahoo.com
O1 - Hosts: 74.55.47.101 au.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GetMyScreen] "C:\Programme\Mayr Software & Netzwerke\GetMyScreen\GetMyScreen.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=hxxp://docs.wafa-int.net:500
O15 - Trusted Zone: *.wafa-int.net
O15 - Trusted Zone: *.www.wafa-intern.net
O15 - Trusted Zone: *.wafa-int.net (HKLM)
O15 - Trusted Zone: *.www.wafa-intern.net (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221641562366
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221046466323
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://gm.webex.com/client/v_mywebex-gm-t20sp30hpux/event/ieatgpc.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - hxxp://www.lokalisten.de/iup/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.wafa-intern.net
O17 - HKLM\Software\..\Telephony: DomainName = www.wafa-intern.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.wafa-intern.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.wafa-intern.net
O20 - Winlogon Notify: OneCard - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: apserver - Planat GmbH - c:\Progra~1\Planat\FEPA\exe\feap.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ingres Intelligent Database [II] (Ingres_Database_II) - Ingres Corporation - C:\Programme\Ingres\IngresII\ingres\bin\servproc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programme\Eset\nod32krn.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programme\TightVNC\WinVNC.exe

--
End of file - 13478 bytes
--- --- ---

cosinus 12.07.2010 13:22
Zitat:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.wafa-intern.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.wafa-intern.net
Ist das ein Büro-PC?


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:52 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129