|
IE Startseite "http://69.50.179.61/wow/" Moin moin seit einigen tagen startet der IE immer mit der Startseite "http://69.50.179.61/wow/" bekomme sie nicht weg. wer kann helfen? Hier der Log: Logfile of HijackThis v1.98.2 Scan saved at 14:31:57, on 16.11.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\mHotkey.exe C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE C:\Programme\T-DSL SpeedManager\SpeedMgr.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Programme\Lexmark 3100 Series\lxbrbmon.exe C:\PROGRA~1\TRAFFI~2\TRAFFICMONITOR.EXE C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\Internet Explorer\iexplore.exe C:\Bases\mwavscan.com C:\Bases\kavss.exe C:\hijackthis1982\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.179.61/wow/se.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.179.61/wow/se.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.179.61/wow/se.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.179.61/wow/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://69.50.179.61/wow/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://69.50.179.61/wow/se.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.179.61/wow/se.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.179.61/wow/se.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.179.61/wow/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://69.50.179.61/wow/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.179.61/wow/se.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.50.179.61/wow/se.html O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [PSDrvCheck] "C:\Programme\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84" O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [Windows] C:\WINDOWS\System32\windows\services.exe O4 - HKLM\..\Run: [Windows OLE Automation Server] C:\WINDOWS\system32\ole32aut.vbe O4 - HKLM\..\Run: [TrafficMonitor] C:\PROGRA~1\TRAFFI~2\TRAFFICMONITOR.EXE O4 - HKLM\..\RunServices: [Windows OLE Automation Server] C:\WINDOWS\system32\ole32aut.vbe O4 - HKCU\..\Run: [Windows OLE Automation Server] C:\WINDOWS\system32\ole32aut.vbe O17 - HKLM\System\CCS\Services\Tcpip\..\{5EDA0496-1CEB-4226-8E5C-BF9B31CD2CF1}: NameServer = 194.97.173.124 194.97.173.125 besten dank schon mal |
Scanne hiermit im abg. Modus: http://www.trojaner-board.de/42731-escan-anleitung.html Was wird wo gefunden? Lösche die gefundene Malware. Poste dann ein neues Log von HijackThis. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 05:06 Uhr. |
Copyright ©2000-2025, Trojaner-Board