|
Log-Analyse und Auswertung: HijackThis-Log - wie auswerten?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.02.2005, 19:07 | #1 |
| HijackThis-Log - wie auswerten? Logfile of HijackThis v1.99.0 Scan saved at 18:45:53, on 14.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\runservice.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\ZipToA.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\WINDOWS\System32\zsdatghz.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\SuperBar\sbhc.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\btgmswindrv.exe C:\Programme\ISTsvc\istsvc.exe C:\Program Files\Internet Optimizer\optimize.exe C:\WINDOWS\System32\enxdwcxx.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\Programme\BullsEye Network\bin\bargains.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Program Files\Windows AdControl\WinAdCtl.exe C:\temp\msbb.exe C:\WINDOWS\htxsk.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\Programme\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Gkdtjtg\Uwuln.exe C:\Program Files\Windows AdControl\WinAdAlt.exe C:\WINDOWS\System32\SahAgent.exe C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-ch\msnappau.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\NoPopUp 2001\nopopup.exe C:\WINDOWS\System32\prutpct.exe C:\Programme\Date Manager\DateManager.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\PrecisionTime\PrecisionTime.exe C:\Programme\Web_Rebates\WebRebates1.exe C:\WINDOWS\System32\prutpct.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Programme\Avant Browser\iexplore.exe C:\Corel\DRAW Select\programs\photopnt.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe C:\DOKUME~1\Alle\LOKALE~1\Temp\~e5d141.tmp C:\DOKUME~1\Alle\LOKALE~1\Temp\~e5d141.tmp C:\Programme\WinAce\WinAce.exe C:\DOKUME~1\Alle\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...ount_id=144440 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fan-forum.ch/ R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Programme\TV Media\TvmBho.dll O1 - Hosts file is located at: C:\WINDOWS\help\hosts O1 - Hosts: 88.88.88.88 elite O1 - Hosts: 207.44.194.56 www.google.akadns.net O1 - Hosts: 207.44.194.56 www.google.com O1 - Hosts: 207.44.194.56 google.com O1 - Hosts: 207.44.194.56 www.altavista.com O1 - Hosts: 207.44.194.56 altavista.com O1 - Hosts: 207.44.194.56 search.yahoo.com O1 - Hosts: 207.44.194.56 uk.search.yahoo.com O1 - Hosts: 207.44.194.56 ca.search.yahoo.com O1 - Hosts: 207.44.194.56 jp.search.yahoo.com O1 - Hosts: 207.44.194.56 au.search.yahoo.com O1 - Hosts: 207.44.194.56 de.search.yahoo.com O1 - Hosts: 207.44.194.56 search.yahoo.co.jp O1 - Hosts: 207.44.194.56 www.lycos.de O1 - Hosts: 207.44.194.56 www.lycos.ca O1 - Hosts: 207.44.194.56 www.lycos.jp O1 - Hosts: 207.44.194.56 www.lycos.co.jp O1 - Hosts: 207.44.194.56 alltheweb.com O1 - Hosts: 207.44.194.56 web.ask.com O1 - Hosts: 207.44.194.56 ask.com O1 - Hosts: 207.44.194.56 www.ask.com O1 - Hosts: 207.44.194.56 www.teoma.com O1 - Hosts: 207.44.194.56 search.aol.com O1 - Hosts: 207.44.194.56 www.looksmart.com O1 - Hosts: 207.44.194.56 auto.search.msn.com O1 - Hosts: 207.44.194.56 search.msn.com O1 - Hosts: 207.44.194.56 ca.search.msn.com O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com O1 - Hosts: 207.44.194.56 search.fr.msn.be O1 - Hosts: 207.44.194.56 search.fr.msn.ch O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com O1 - Hosts: 207.44.194.56 search.msn.at O1 - Hosts: 207.44.194.56 search.msn.be O1 - Hosts: 207.44.194.56 search.msn.ch O1 - Hosts: 207.44.194.56 search.msn.co.in O1 - Hosts: 207.44.194.56 search.msn.co.jp O1 - Hosts: 207.44.194.56 search.msn.co.kr O1 - Hosts: 207.44.194.56 search.msn.com.br O1 - Hosts: 207.44.194.56 search.msn.com.hk O1 - Hosts: 207.44.194.56 search.msn.com.my O1 - Hosts: 207.44.194.56 search.msn.com.sg O1 - Hosts: 207.44.194.56 search.msn.com.tw O1 - Hosts: 207.44.194.56 search.msn.co.za O1 - Hosts: 207.44.194.56 search.msn.de O1 - Hosts: 207.44.194.56 search.msn.dk O1 - Hosts: 207.44.194.56 search.msn.es O1 - Hosts: 207.44.194.56 search.msn.fi O1 - Hosts: 207.44.194.56 search.msn.fr O1 - Hosts: 207.44.194.56 search.msn.it O1 - Hosts: 207.44.194.56 search.msn.nl O1 - Hosts: 207.44.194.56 search.msn.no O1 - Hosts: 207.44.194.56 search.msn.se O1 - Hosts: 207.44.194.56 search.ninemsn.com.au O1 - Hosts: 207.44.194.56 search.t1msn.com.mx O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz O1 - Hosts: 207.44.194.56 search.yupimsn.com O1 - Hosts: 207.44.194.56 uk.search.msn.com O1 - Hosts: 207.44.194.56 search.lycos.com O1 - Hosts: 207.44.194.56 www.lycos.com O1 - Hosts: 207.44.194.56 www.google.ca O1 - Hosts: 207.44.194.56 google.ca O1 - Hosts: 207.44.194.56 www.google.uk O1 - Hosts: 207.44.194.56 www.google.co.uk O1 - Hosts: 207.44.194.56 www.google.com.au O1 - Hosts: 207.44.194.56 www.google.co.jp O1 - Hosts: 207.44.194.56 www.google.jp O1 - Hosts: 207.44.194.56 www.google.at O1 - Hosts: 207.44.194.56 www.google.be O1 - Hosts: 207.44.194.56 www.google.ch O1 - Hosts: 207.44.194.56 www.google.de O1 - Hosts: 207.44.194.56 www.google.se O1 - Hosts: 207.44.194.56 www.google.dk O1 - Hosts: 207.44.194.56 www.google.fi O1 - Hosts: 207.44.194.56 www.google.fr O1 - Hosts: 207.44.194.56 www.google.com.gr O1 - Hosts: 207.44.194.56 www.google.com.hk O1 - Hosts: 207.44.194.56 www.google.ie O1 - Hosts: 207.44.194.56 www.google.co.il O1 - Hosts: 207.44.194.56 www.google.it O1 - Hosts: 207.44.194.56 www.google.co.kr O1 - Hosts: 207.44.194.56 www.google.com.mx O1 - Hosts: 207.44.194.56 www.google.nl O1 - Hosts: 207.44.194.56 www.google.co.nz O1 - Hosts: 207.44.194.56 www.google.pl O1 - Hosts: 207.44.194.56 www.google.pt O1 - Hosts: 207.44.194.56 www.google.com.ru O1 - Hosts: 207.44.194.56 www.google.com.sg O1 - Hosts: 207.44.194.56 www.google.co.th O1 - Hosts: 207.44.194.56 www.google.com.tr O1 - Hosts: 207.44.194.56 www.google.com.tw O1 - Hosts: 207.44.194.56 go.google.com O1 - Hosts: 207.44.194.56 google.at O1 - Hosts: 207.44.194.56 google.be O1 - Hosts: 207.44.194.56 google.de O1 - Hosts: 207.44.194.56 google.dk O1 - Hosts: 207.44.194.56 google.fi O1 - Hosts: 207.44.194.56 google.fr O1 - Hosts: 207.44.194.56 google.com.hk O1 - Hosts: 207.44.194.56 google.ie O1 - Hosts: 207.44.194.56 google.co.il O1 - Hosts: 207.44.194.56 google.it O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Programme\E2G\IeBHOs.dll O2 - BHO: MEGASEAR - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - C:\WINDOWS\DOWNLO~1\megasear.dll O2 - BHO: (no name) - {5DFAE59C-8741-8A35-C3E7-F1389211099D} - C:\WINDOWS\Egiorqvs.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-ch\msntb.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll |
14.02.2005, 19:07 | #2 |
| HijackThis-Log - wie auswerten? O3 - Toolbar: SuperBar - {12DA683F-E00F-452D-994B-1331E1978913} - C:\Programme\SuperBar\SuperBar.Dll
__________________O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programme\ISTbar\istbar.dll O3 - Toolbar: Search - {6905055A-61DF-B8B4-F984-9516BA56F79A} - C:\WINDOWS\Egiorqvs.dll O3 - Toolbar: MEGASEAR - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - C:\WINDOWS\DOWNLO~1\megasear.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-ch\msntb.dll O4 - HKLM\..\Run: [hostend] C:\WINDOWS\System32\swchost.exe O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" O4 - HKLM\..\Run: [svclogcaunp] C:\WINDOWS\System32\zsdatghz.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SwimSuitNetwork] "C:\Programme\SwimSuitNetwork\SwimSuitNetwork.exe" /H O4 - HKLM\..\Run: [SBHC] C:\Programme\SuperBar\sbhc.exe O4 - HKLM\..\Run: [QUX] C:\WINDOWS\QUX.exe O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\Kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [TV Media] C:\Programme\TV Media\Tvm.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [irhkkqmtmw] C:\WINDOWS\System32\enxdwcxx.exe O4 - HKLM\..\Run: [asapi32r] C:\WINDOWS\System32\asapi32r.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe O4 - HKLM\..\Run: [2rbu] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [wryj] C:\WINDOWS\wryj.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Wmaig] C:\Program Files\Gkdtjtg\Uwuln.exe O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzîžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰¸K0C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-ch\msnappau.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [hostend] C:\WINDOWS\System32\swchost.exe O4 - HKCU\..\Run: [svclogcaunp] C:\WINDOWS\System32\zsdatghz.exe O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2001\nopopup.exe /autorun O4 - HKCU\..\Run: [TV Media] C:\Programme\TV Media\Tvm.exe O4 - HKCU\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKCU\..\Run: [prutpct] C:\WINDOWS\System32\prutpct.exe O4 - Global Startup: Date Manager.lnk = C:\Programme\Date Manager\DateManager.exe O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Programme\PrecisionTime\PrecisionTime.exe O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {01FA613F-A162-11D5-986A-00A0CC395B9F} (Click2learn ToolBook Accessibility Control) - http://www.multicheck.ch/webtest/kv_...essibility.ocx O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://download.online-dialer.com/cax.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...ebad4bf17236ad O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/ch/1/060193ch.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - ftp://ftp.pt.ea.com/QA/pub/easports/...DE/patchx2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {912DC742-755C-4F1D-9F77-DFF88C344083} (Vacpro.switzerland) - http://www.7adpower.com/dialer/switzerland.CAB O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) - http://38.144.58.45/Loader.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.serviceurl.de/StarInstall.ocx O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/swimsuitnetwork.cab O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_DE2.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14 O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe Also: Ich möchte einfach wieder Zugriff haben auf die Suchmaschinen (warscheinlich hab ich QHosts drauf)... Das ich viel Schrott auf dem PC habe wurde mir schon gesagt Komme einfach nicht draus was ich aus diesem File lesen soll... |
14.02.2005, 19:17 | #3 |
| HijackThis-Log - wie auswerten? Weh oh weh!
__________________Nimm deinen Rechner sofort vom Netz,dass ist ja schon krass! Geh so vor http://trojaner-board.de/showthread.php?t=12154 andere Möglichkeit gibts leider nicht! Gruss |
14.02.2005, 22:19 | #4 |
| HijackThis-Log - wie auswerten? Mich interessiert eigentlich eher wie ich dieses Problem mit der Suchmaschinenumleitung beheben kann... O1 - Hosts file is located at: C:\WINDOWS\help\hosts O1 - Hosts: 88.88.88.88 elite O1 - Hosts: 207.44.194.56 www.google.akadns.net O1 - Hosts: 207.44.194.56 www.google.com O1 - Hosts: 207.44.194.56 google.com O1 - Hosts: 207.44.194.56 www.altavista.com O1 - Hosts: 207.44.194.56 altavista.com O1 - Hosts: 207.44.194.56 search.yahoo.com O1 - Hosts: 207.44.194.56 uk.search.yahoo.com O1 - Hosts: 207.44.194.56 ca.search.yahoo.com O1 - Hosts: 207.44.194.56 jp.search.yahoo.com O1 - Hosts: 207.44.194.56 au.search.yahoo.com O1 - Hosts: 207.44.194.56 de.search.yahoo.com O1 - Hosts: 207.44.194.56 search.yahoo.co.jp O1 - Hosts: 207.44.194.56 www.lycos.de O1 - Hosts: 207.44.194.56 www.lycos.ca O1 - Hosts: 207.44.194.56 www.lycos.jp O1 - Hosts: 207.44.194.56 www.lycos.co.jp O1 - Hosts: 207.44.194.56 alltheweb.com O1 - Hosts: 207.44.194.56 web.ask.com O1 - Hosts: 207.44.194.56 ask.com O1 - Hosts: 207.44.194.56 www.ask.com O1 - Hosts: 207.44.194.56 www.teoma.com O1 - Hosts: 207.44.194.56 search.aol.com O1 - Hosts: 207.44.194.56 www.looksmart.com O1 - Hosts: 207.44.194.56 auto.search.msn.com O1 - Hosts: 207.44.194.56 search.msn.com O1 - Hosts: 207.44.194.56 ca.search.msn.com O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com O1 - Hosts: 207.44.194.56 search.fr.msn.be O1 - Hosts: 207.44.194.56 search.fr.msn.ch O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com O1 - Hosts: 207.44.194.56 search.msn.at O1 - Hosts: 207.44.194.56 search.msn.be O1 - Hosts: 207.44.194.56 search.msn.ch O1 - Hosts: 207.44.194.56 search.msn.co.in O1 - Hosts: 207.44.194.56 search.msn.co.jp O1 - Hosts: 207.44.194.56 search.msn.co.kr O1 - Hosts: 207.44.194.56 search.msn.com.br O1 - Hosts: 207.44.194.56 search.msn.com.hk O1 - Hosts: 207.44.194.56 search.msn.com.my O1 - Hosts: 207.44.194.56 search.msn.com.sg O1 - Hosts: 207.44.194.56 search.msn.com.tw O1 - Hosts: 207.44.194.56 search.msn.co.za O1 - Hosts: 207.44.194.56 search.msn.de O1 - Hosts: 207.44.194.56 search.msn.dk O1 - Hosts: 207.44.194.56 search.msn.es O1 - Hosts: 207.44.194.56 search.msn.fi O1 - Hosts: 207.44.194.56 search.msn.fr O1 - Hosts: 207.44.194.56 search.msn.it O1 - Hosts: 207.44.194.56 search.msn.nl O1 - Hosts: 207.44.194.56 search.msn.no O1 - Hosts: 207.44.194.56 search.msn.se O1 - Hosts: 207.44.194.56 search.ninemsn.com.au O1 - Hosts: 207.44.194.56 search.t1msn.com.mx O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz O1 - Hosts: 207.44.194.56 search.yupimsn.com O1 - Hosts: 207.44.194.56 uk.search.msn.com O1 - Hosts: 207.44.194.56 search.lycos.com O1 - Hosts: 207.44.194.56 www.lycos.com O1 - Hosts: 207.44.194.56 www.google.ca O1 - Hosts: 207.44.194.56 google.ca O1 - Hosts: 207.44.194.56 www.google.uk O1 - Hosts: 207.44.194.56 www.google.co.uk O1 - Hosts: 207.44.194.56 www.google.com.au O1 - Hosts: 207.44.194.56 www.google.co.jp O1 - Hosts: 207.44.194.56 www.google.jp O1 - Hosts: 207.44.194.56 www.google.at O1 - Hosts: 207.44.194.56 www.google.be O1 - Hosts: 207.44.194.56 www.google.ch O1 - Hosts: 207.44.194.56 www.google.de O1 - Hosts: 207.44.194.56 www.google.se O1 - Hosts: 207.44.194.56 www.google.dk O1 - Hosts: 207.44.194.56 www.google.fi O1 - Hosts: 207.44.194.56 www.google.fr O1 - Hosts: 207.44.194.56 www.google.com.gr O1 - Hosts: 207.44.194.56 www.google.com.hk O1 - Hosts: 207.44.194.56 www.google.ie O1 - Hosts: 207.44.194.56 www.google.co.il O1 - Hosts: 207.44.194.56 www.google.it O1 - Hosts: 207.44.194.56 www.google.co.kr O1 - Hosts: 207.44.194.56 www.google.com.mx O1 - Hosts: 207.44.194.56 www.google.nl O1 - Hosts: 207.44.194.56 www.google.co.nz O1 - Hosts: 207.44.194.56 www.google.pl O1 - Hosts: 207.44.194.56 www.google.pt O1 - Hosts: 207.44.194.56 www.google.com.ru O1 - Hosts: 207.44.194.56 www.google.com.sg O1 - Hosts: 207.44.194.56 www.google.co.th O1 - Hosts: 207.44.194.56 www.google.com.tr O1 - Hosts: 207.44.194.56 www.google.com.tw O1 - Hosts: 207.44.194.56 go.google.com O1 - Hosts: 207.44.194.56 google.at O1 - Hosts: 207.44.194.56 google.be O1 - Hosts: 207.44.194.56 google.de O1 - Hosts: 207.44.194.56 google.dk O1 - Hosts: 207.44.194.56 google.fi O1 - Hosts: 207.44.194.56 google.fr O1 - Hosts: 207.44.194.56 google.com.hk O1 - Hosts: 207.44.194.56 google.ie O1 - Hosts: 207.44.194.56 google.co.il O1 - Hosts: 207.44.194.56 google.it |
14.02.2005, 22:46 | #5 |
| HijackThis-Log - wie auswerten? Suchseitenumleitungen sind das kleinste Problem. Schau Dir mal die Auswertung Deiner Log-Datei an: http://www.hijackthis.de/logfiles/b6...7c51a336d.html Wieviel "ROT" siehst Du da? Zuviel! UND, hinter diesen Ausrufezeichen stecken Dialer, Trojaner, Hijacker...... Und die Experten (z.B. HerrKautz) erkennen auch, welche Sachen sich dahinter verstecken... Sichere die Dialer ("Online-Dialer") auf Diskette und vertrau auf das Posting von HerrKautz! File-Sharing, Spiele-Downloads usw. sind nunmal gefährlich. |
15.02.2005, 00:57 | #6 |
| HijackThis-Log - wie auswerten? So, hab jetzt mal Search and Destroy einmal durchlaufen lassen, sieht doch schon akzeptabler aus... Jedoch sind mir manche dieser "Böse"-Einträge ein Rätsel, da ich den einen Pfad gar nicht erst aufrufen kann, seis drum... Ich denke das System jetzt neu aufzusetzen ist Unsinn, vielleicht weiss ja noch jemand etwas mit dem übrigebliebenen anzufangen... sorry wenn ich für euren Geschmack zu selbständig bin... achja, hab das Service Pack 2 noch auf meinen PC draufgeknallt... Achja: Kann mir einer beantworten warum meine selbst definierte Startseite als böse erkannt wird... (ich bin von dieser Seite nicht zuletzt der Besitzer der Domain und Webspace!) Logfile of HijackThis v1.99.0 Scan saved at 00:41:27, on 15.02.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\runservice.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\zsdatghz.exe C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\enxdwcxx.exe C:\WINDOWS\system32\btgmswindrv.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Gkdtjtg\Uwuln.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-ch\msnappau.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\NoPopUp 2001\nopopup.exe C:\WINDOWS\System32\prutpct.exe C:\WINDOWS\System32\prutpct.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\Avant Browser\iexplore.exe C:\Programme\WinAce\WinAce.exe C:\DOKUME~1\Alle\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fan-forum.ch/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fan-forum.ch/ O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINDOWS\dlmax.dll O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file) O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Programme\E2G\IeBHOs.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5DFAE59C-8741-8A35-C3E7-F1389211099D} - C:\WINDOWS\Egiorqvs.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-ch\msntb.dll O3 - Toolbar: Search - {6905055A-61DF-B8B4-F984-9516BA56F79A} - C:\WINDOWS\Egiorqvs.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-ch\msntb.dll O4 - HKLM\..\Run: [hostend] C:\WINDOWS\System32\swchost.exe O4 - HKLM\..\Run: [svclogcaunp] C:\WINDOWS\System32\zsdatghz.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QUX] C:\WINDOWS\QUX.exe O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\Kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [irhkkqmtmw] C:\WINDOWS\System32\enxdwcxx.exe O4 - HKLM\..\Run: [asapi32r] C:\WINDOWS\System32\asapi32r.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [2rbu] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [¢‰¸K0¨4W }ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Wmaig] C:\Program Files\Gkdtjtg\Uwuln.exe O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰¸K0C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\htxsk.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-ch\msnappau.exe" O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{74307~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{74307~1\reboot.ini O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [hostend] C:\WINDOWS\System32\swchost.exe O4 - HKCU\..\Run: [svclogcaunp] C:\WINDOWS\System32\zsdatghz.exe O4 - HKCU\..\Run: [NoPopUp] C:\Programme\NoPopUp 2001\nopopup.exe /autorun O4 - HKCU\..\Run: [prutpct] C:\WINDOWS\System32\prutpct.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Alle Bilder von gleichem Server filtern - C:\Programme\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Hervorheben - C:\Programme\Avant Browser\Highlight.htm O8 - Extra context menu item: Suchen - C:\Programme\Avant Browser\Search.htm O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O8 - Extra context menu item: Zur Werbebanner-Filterliste hinzufügen - C:\Programme\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Öffne alle Links auf dieser Seite... - C:\Programme\Avant Browser\OpenAllLinks.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll Geändert von fundriver (15.02.2005 um 01:14 Uhr) |
15.02.2005, 00:58 | #7 |
| HijackThis-Log - wie auswerten? O16 - DPF: {01FA613F-A162-11D5-986A-00A0CC395B9F} (Click2learn ToolBook Accessibility Control) - http://www.multicheck.ch/webtest/kv_...essibility.ocx O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/ch/1/060193ch.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - ftp://ftp.pt.ea.com/QA/pub/easports/...DE/patchx2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {912DC742-755C-4F1D-9F77-DFF88C344083} (Vacpro.switzerland) - http://www.7adpower.com/dialer/switzerland.CAB O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab O16 - DPF: {CC110316-5BE7-4AAA-AEDD-1A5B147BE34C} (MyWebOperator Class) - http://38.144.58.45/Loader.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.serviceurl.de/StarInstall.ocx O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_DE2.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14 O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.57.146.14 O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14 O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe O23 - Service: Macromedia Licensing Service - Unknown - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe |
Themen zu HijackThis-Log - wie auswerten? |
acrobat, adobe, auswerten, browser, dateien, explorer, help, hijack, hijackthis, internet, internet explorer, logfile, messenger, microsoft, msn, msn messenger, object, outlook express, programme, software, system, system32, temp, update, urlsearchhook, windows, windows xp |