|
Kann ich das entfernen? Hi! Hab mal zwei Fragen dazu was ich ohne Bedenken entfernen kann und was eher nicht. Hab das ganze mal auswerten lassen ... Aber ich kann mit diesen Einträgen nich wirklich viel anfangen :( Daher die Frage, ob ichs einfach löschen kann? O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de Possibly nasty Possibly nasty This entry should be fixed if this address does not belong to your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. This entry should be fixed if 'http://www.arcor.de' is not your PC-manufacturer or your 'Internet-Service-Provider (ISP)'. O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\INCRED~1\bin\resources\WebMenuImg.htm Safe. Safe. The entry &Add animation to IncrediMail Style Box has been identified as safe. If the entry '&Add animation to IncrediMail Style Box ' is not needed anymore, it should be fixed. O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html Safe. Safe. The entry &Google Search has been identified as safe. If the entry '&Google Search ' is not needed anymore, it should be fixed. O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html Safe. Safe. The entry Im Cache gespeicherte Seite has been identified as safe. If the entry 'Im Cache gespeicherte Seite ' is not needed anymore, it should be fixed. O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html Safe. Safe. The entry Verweisseiten has been identified as safe. If the entry 'Verweisseiten ' is not needed anymore, it should be fixed. O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html Safe. Safe. The entry Ähnliche Seiten has been identified as safe. If the entry 'Ähnliche Seiten ' is not needed anymore, it should be fixed. O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQ\ICQLite\ICQLite.exe Safe. Safe. The entry ICQ 4.1 has been identified as safe. If the entry 'ICQ 4.1 ' is not needed anymore, it should be fixed. O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQ\ICQLite\ICQLite.exe Safe. Safe. The entry ICQ Lite has been identified as safe. If the entry 'ICQ Lite ' is not needed anymore, it should be fixed. O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll Safe. Safe. The entry Real.com has been identified as safe. If the entry 'Real.com ' is not needed anymore, it should be fixed. O17 - HKLM\System\CCS\Services\Tcpip\..\{A48E95A8-076E-4804-A9AD-C302F5F9BD7B}: NameServer = 192.168.120.252,192.168.120.253 Safe. Safe. If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. The entered IP or Domain '192.168.120.252,192.168.120.253' has been identified as safe. Und vor allem, kann ich folgendes auch einfach entfernen?? R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank Safe. Safe. This page has been identified as safe. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank Safe. Safe. This page has been identified as safe. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank Safe. Safe. This page has been identified as safe. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank Safe. Safe. This page has been identified as safe. Wär euch dankbar für eure Hilfe! :) LG Moony |
@moony... lade dir bitte http://www.trojaner-board.de/51130-a...ijackthis.html herunter und poste das logfile hierhier... anders sind keine vernünftigen Aussagen zu machen... du hast einige Probleme!!! lg Tom59 |
Hm, na das hab ich doch ... Das Logfile hab ich dann hier reinkopiert -> http://www.hijackthis.de/index.php und dann kamen unter anderem die Sachen raus, die ich unten reinkopiert hab. Und ich bin mir nicht sicher, ob ichs entfernen kann oder nicht, oder ob ichs gar nich entfernen brauche, weil ich mich ja mit dem ganzen nicht auskenne ... Hmmm ... Aber ich kann das Logfile gernen auch nochmal reinkopiern.. Logfile of HijackThis v1.99.0 Scan saved at 23:13:48, on 03.02.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\0900 Warner\w0svc.exe C:\WINDOWS\System32\alg.exe C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\Kerio Firewall\Personal Firewall 4\kpf4ss.exe C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\Programme\Kerio Firewall\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Kerio Firewall\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Dit.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\PROGRA~1\0900WA~1\WARN0900.EXE C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe C:\WINDOWS\System32\wfxsnt40.exe C:\WINDOWS\DitExp.exe D:\ICQ\ICQLite\ICQLite.exe C:\Programme\Winamp\winampa.exe C:\Programme\FRITZ!\IWatch.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\Programme\Windows Media Player\wmplayer.exe C:\DOKUME~1\...\LOKALE~1\Temp\ARC1088\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [0900 Warner] C:\PROGRA~1\0900WA~1\WARN0900.EXE O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [ICQ Lite] D:\ICQ\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQ\ICQLite\ICQLite.exe -trayboot O4 - Startup: FRITZ!web.lnk = C:\Programme\FRITZ!\FriWeb32.exe O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQ\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQ\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.arcor.de O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093790713796 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A48E95A8-076E-4804-A9AD-C302F5F9BD7B}: NameServer = 192.168.120.252,192.168.120.253 O23 - Service: 0190/0900 Warner Überwachungsdienst - Mirko Böer - C:\Programme\0900 Warner\w0svc.exe O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Programme\Kerio Firewall\Personal Firewall 4\kpf4ss.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe LG Moony |
@moony R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank ...solltest du mit "hjt" fixen...und mache bitte ein windowsupdate, damit dein BS auf den neuesten Stand kommt... sicherheitshalber noch mal dieses... http://www.trojaner-board.de/42731-escan-anleitung.html lg Tom59 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 09:08 Uhr. |
Copyright ©2000-2025, Trojaner-Board