hilackthis lo überprüfen

macademia · 24.01.2005, 11:04

da ich mit dem ergebnis wenig anfangen kann möchte ich fragen ob jemand mit erfahrung damit mal meine log überprüfen kann. wäre sehr nett
danke

Zitat:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\Programme\DU Meter\DUMeter.exe
C:\Programme\cFos\cFosDNT.exe
C:\PROGRA~1\DIRECT~1\DUControl.exe
C:\Programme\GoOnline V2\GoOnline.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\pestpatrol\ppRemoteService.exe
C:\WINDOWS\system32\r_server.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Bandy-Script65we\mirc.exe
C:\Programme\g3torrent\g3torrent.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\marcus\Eigene Dateien\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [DUControl] C:\PROGRA~1\DIRECT~1\DUControl.exe
O4 - HKLM\..\Run: [GoOnline] C:\Programme\GoOnline V2\GoOnline.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - (no file)
O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFEE954-F229-4D9C-8589-AEC87A1EC1F6}: NameServer = 195.50.140.252 195.50.140.250
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: DirectUpdate engine - http://www.directupdate.net/ - C:\PROGRA~1\DIRECT~1\DUService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Programme\Gemeinsame Dateien\pestpatrol\ppRemoteService.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\system32\r_server.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

chaosman · 24.01.2005, 11:05

@macademia
es fehlen die systeminfos
poste bitte per copy and paste
HJT anleitung
chaosman

macademia · 24.01.2005, 11:48

ok hier noch mal komplett

Zitat:

Logfile of HijackThis v1.99.0
Scan saved at 10:38:04, on 24.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\Programme\DU Meter\DUMeter.exe
C:\Programme\cFos\cFosDNT.exe
C:\PROGRA~1\DIRECT~1\DUControl.exe
C:\Programme\GoOnline V2\GoOnline.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\pestpatrol\ppRemoteService.exe
C:\WINDOWS\system32\r_server.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Bandy-Script65we\mirc.exe
C:\Programme\g3torrent\g3torrent.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\marcus\Eigene Dateien\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [cFosDNT] C:\Programme\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [DUControl] C:\PROGRA~1\DIRECT~1\DUControl.exe
O4 - HKLM\..\Run: [GoOnline] C:\Programme\GoOnline V2\GoOnline.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - (no file)
O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFEE954-F229-4D9C-8589-AEC87A1EC1F6}: NameServer = 195.50.140.252 195.50.140.250
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: DirectUpdate engine - http://www.directupdate.net/ - C:\PROGRA~1\DIRECT~1\DUService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Programme\Gemeinsame Dateien\pestpatrol\ppRemoteService.exe
O23 - Service: Remote Administrator Service - Unknown - C:\WINDOWS\system32\r_server.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Focus · 24.01.2005, 12:45

Hijack This Logfile

Zitat:

In abgesicherten Modus booten, bei winXP u. winME Systemwiederherstellung deaktivieren, mit Hijack This fixen (Häkchen setzen, auf Fix Checked klicken - siehe Anleitung):

R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - (no file)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

Zitat:

In normalen Modus booten. Systemwiederherstellung bei winXP u. winME aktivieren. Neu booten.

KAV updaten, den Rechner scannen. Interne SP2 Firewall aktivieren. Neues HJT Logfile erstellen, posten.

hilackthis lo überprüfen

Log-Analyse und Auswertung: hilackthis lo überprüfen