Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wie werde ich das Los?? (https://www.trojaner-board.de/10984-los.html)

pyro 19.12.2004 17:20
Wie werde ich das Los??
 
Hi , ich glaueb das ich einen Wurm auf meinem rechner habe...den ich einfach net los werde....hier mal was mein HijackThis ausgespuckt hat...

Logfile of HijackThis v1.98.0
Scan saved at 17:14:05, on 19.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\NMain.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\d?dplay.exe
C:\Programme\Opera\opera.exe
C:\Dokumente und Einstellungen\Paul\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://best-search.cc/search.php?v=6&aff=7207125
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://best-search.cc/index.php?v=6&aff=7207125
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.makemesearch.com/?said=422
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://aaawebsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.makemesearch.com/?said=422
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://aaawebsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R3 - URLSearchHook: (no name) - {10FA0C4F-DB2F-8C09-B0FB-49BCC2B26AA3} - C:\WINDOWS\system32\2cqk32.exe (file missing)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll
O2 - BHO: (no name) - {DDB7CB4C-22FB-7574-DF4A-7BC53D7044B4} - C:\WINDOWS\System32\clhtkydt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [FE82AB76] C:\WINDOWS\system32\2cqk32.exe
O4 - HKCU\..\Run: [FE82AB76] C:\WINDOWS\system32\2cqk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {CCB1B892-287D-49A8-9F7F-C012D65F85E9} - hxxp://www.medionshop.de/ (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.aldi.com
O15 - Trusted Zone: hxxp://*.69sexsearch.com
O15 - Trusted Zone: hxxp://*.addictivetechnologies.net
O15 - Trusted Zone: hxxp://*.c4tdownload.com
O15 - Trusted Zone: hxxp://*.mt-download.com
O15 - Trusted Zone: hxxp://*.overpro.com
O15 - Trusted Zone: hxxp://*.windupdates.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!hxxp://xyz.aflashcounter.com/a/masta.chm::/exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!hxxp://www.awmdabest.com/bltd/422.chm::/file.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - hxxp://static.windupdates.com/cab/GamesUnlimited/ie/bridge-c18.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - hxxp://cshax.fionex.com/wss.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - hxxp://www.mt-download.com/MediaTicketsInstaller.cab?refid=4029
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - hxxp://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)






es wirckt sich so aus das wenn ich in Netz geh mit IE das sich viele Seiten öffnen von Sex Casino...Seiten....und das es im Startseite is....Im Windows is in der Anzeige unter den Button Dateien ; Bearbeiten; Ansicht...usw ....kleine Button hintereinander die Werbung für Casnos machen.... Was man auch net weg bekommt....

Hier mal noch ein paar Daten die ich gar net kenne....koennen das Viren sein???

d?dplay.exe
estr.exe
exdl1.exe
Gmt.exe
sys32.exe
xpsp2fw.exe




Bitte helft mir shcnell..


vielen Dank


Mfg

cacatoa 19.12.2004 17:45
Hallo, pyro, da ist einiges im Argen!
Als erstes lade dir bitte Spybot S&D 1.3 herunter und lasse es laufen.
Ebenso AdAware SE. Das bitte bevor du es laufen läßt, updaten. Teile bitte mit, wieviele Objekte es gelöscht hat.
Dann bitte ein neues Logfile posten.
cacatoa

pyro 20.12.2004 22:23
Ich hab mir Spybot S&D 1.3 heruntergeladen und muss das regestrieren damit der alle Viren löscht...kann man das irgend wie umgehen?? außer kaufen.-..:D

Naja ansonsten hab ich alles gemacht.....



Logfile of HijackThis v1.98.0
Scan saved at 22:15:53, on 20.12.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\d?dplay.exe
C:\Programme\BullsEye Network\bin\bargains.exe
C:\Programme\Opera\opera.exe
C:\Dokumente und Einstellungen\Paul\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://best-search.cc/search.php?v=6&aff=7207125
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://best-search.cc/index.php?v=6&aff=7207125
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.makemesearch.com/?said=422
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://aaawebsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.makemesearch.com/?said=422
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://aaawebsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R3 - URLSearchHook: (no name) - {10FA0C4F-DB2F-8C09-B0FB-49BCC2B26AA3} - C:\WINDOWS\system32\2cqk32.exe (file missing)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll
O2 - BHO: (no name) - {DDB7CB4C-22FB-7574-DF4A-7BC53D7044B4} - C:\WINDOWS\System32\clhtkydt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MedionShop - {CCB1B892-287D-49A8-9F7F-C012D65F85E9} - hxxp://www.medionshop.de/ (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.aldi.com
O15 - Trusted Zone: hxxp://*.69sexsearch.com
O15 - Trusted Zone: hxxp://*.addictivetechnologies.net
O15 - Trusted Zone: hxxp://*.c4tdownload.com
O15 - Trusted Zone: hxxp://*.mt-download.com
O15 - Trusted Zone: hxxp://*.overpro.com
O15 - Trusted Zone: hxxp://*.windupdates.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!hxxp://xyz.aflashcounter.com/a/masta.chm::/exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!hxxp://www.awmdabest.com/bltd/422.chm::/file.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - hxxp://static.windupdates.com/cab/GamesUnlimited/ie/bridge-c18.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - hxxp://cshax.fionex.com/wss.exe
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - hxxp://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)

chaosman 20.12.2004 22:27
@pyro
Ich hab mir Spybot S&D 1.3 heruntergeladen und muss das regestrieren damit der alle Viren löscht...kann man das irgend wie umgehen?? außer kaufen

spybot löscht keine viren, registrieren muss mann auch nicht.
downloaden, updaten, programm starten.

bei gelegenheid kannst du den aktuellen version von HJT downloaden
http://www.hijackthis.de/

chaosman

*Christian* 22.12.2004 00:01
@pyro

Gehe wie folgt vor:

Lösche dies im abg. Modus:
C:\Program Files\Windows AdTools
C:\Program Files\Windows ControlAd
C:\WINDOWS\system32\d?dplay.exe
C:\Programme\BullsEye Network
C:\PROGRA~1\SEARCH~1
C:\WINDOWS\System32\MTC.dll
C:\WINDOWS\System32\spm1316.dll
C:\WINDOWS\System32\clhtkydt.dll
C:\WINDOWS\System32\msbe.dll



Fixe dies mit HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://best-search.cc/search.php?v=6&aff=7207125
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://best-search.cc/index.php?v=6&aff=7207125
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.makemesearch.com/?said=422
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://aaawebsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.makemesearch.com/?said=422
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://aaawebsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://aaawebsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = hxxp://aaawebsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = hxxp://aaawebsearch.com/?a=2
R3 - URLSearchHook: (no name) - {10FA0C4F-DB2F-8C09-B0FB-49BCC2B26AA3} - C:\WINDOWS\system32\2cqk32.exe (file missing)
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll
O2 - BHO: (no name) - {DDB7CB4C-22FB-7574-DF4A-7BC53D7044B4} - C:\WINDOWS\System32\clhtkydt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINDOWS\System32\MTC.dll
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O9 - Extra button: MedionShop - {CCB1B892-287D-49A8-9F7F-C012D65F85E9} - hxxp://www.medionshop.de/ (file missing) (HKCU)
O15 - Trusted Zone: hxxp://*.69sexsearch.com
O15 - Trusted Zone: hxxp://*.addictivetechnologies.net
O15 - Trusted Zone: hxxp://*.c4tdownload.com
O15 - Trusted Zone: hxxp://*.mt-download.com
O15 - Trusted Zone: hxxp://*.overpro.com
O15 - Trusted Zone: hxxp://*.windupdates.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!hxxp://xyz.aflashcounter.com/a/masta.chm::/exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!hxxp://www.awmdabest.com/bltd/422.chm::/file.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - hxxp://static.windupdates.com/cab/G.../bridge-c18.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - hxxp://cshax.fionex.com/wss.exe
O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - hxxp://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)


Wenn du dies alles getan hast, dann scanne mal mit eScan im abg. Modus:
hxxp://www.trojaner-info.de/hijacker/escan.shtml

Wird noch was gefunden?

Scanne außerdem mal danach mit Ad-aware: www.lavasoft.de
Update vor einem Scan. Das Programm ist kostenlos.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27