|
Interpol´s HJThis LOG Hallo Admins, habe euch unter der Rubrik "Plagegeister" schon mein Problemfall geschildert. Daher habe ich euch meine HJThis Log posten wollen,ob was ersichtlich ist Logfile of HijackThis v1.98.2 Scan saved at 02:58:33, on 12.10.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Trojancheck 6\tcguard.exe C:\Programme\T-DSL SpeedManager\SpeedMgr.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\Norton Personal Firewall\NISUM.EXE C:\Programme\1&1 Internet\Profi-Dialer\ProfiDialer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\wisptis.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe c:\windows\igator\trickler3103_pic_fs_dmpt_3103.exe C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Dokumente und Einstellungen\KESEK\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis1982.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\Excid.com Aps\eTrust Antivirus Registration\EzAntivirusRegistrationCheck.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Global Startup: Echzeitüberwachung.lnk = C:\Programme\CA\eTrust Antivirus\Realmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O17 - HKLM\System\CCS\Services\Tcpip\..\{6E389B76-1702-43B0-8FFF-07046F351EFA}: NameServer = 217.237.151.33 217.237.149.225 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED15E2F1-9095-44D0-8B43-056BE226B8D2}: NameServer = 192.168.122.252,192.168.122.253 |
Fixen: R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com SP2 von XP installieren! |
Hallo Christian, also XP2 möchte ich vorerst nicht installieren. So habe jetzt gefixed was du geraten hast . Sieht´s schon besser aus , oder ist immer noch was " faul " ? Irgendwie habe ich immer noch so ein ungutes Gefühl Schau doch mal bitte. Logfile of HijackThis v1.98.2 Scan saved at 01:28:00, on 16.10.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Programme\CA\eTrust Antivirus\InoRpc.exe C:\Programme\CA\eTrust Antivirus\InoRT.exe C:\Programme\CA\eTrust Antivirus\InoTask.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\Norton Personal Firewall\NISUM.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Trojancheck 6\tcguard.exe C:\Programme\T-DSL SpeedManager\SpeedMgr.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\DitExp.exe C:\Programme\1&1 Internet\Profi-Dialer\ProfiDialer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Dokumente und Einstellungen\KESEK\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis1982.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.altavista.de/cgi-bin/query?pg=q&what=web&q= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Trojancheck 6 Guard] C:\Programme\Trojancheck 6\tcguard.exe O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programme\Excid.com Aps\eTrust Antivirus Registration\EzAntivirusRegistrationCheck.exe O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE WEBSHOT II USB CAM 300K O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Echzeitüberwachung.lnk = C:\Programme\CA\eTrust Antivirus\Realmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O17 - HKLM\System\CCS\Services\Tcpip\..\{6E389B76-1702-43B0-8FFF-07046F351EFA}: NameServer = 217.237.151.33 217.237.149.225 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED15E2F1-9095-44D0-8B43-056BE226B8D2}: NameServer = 192.168.122.252,192.168.122.253 |
Fixe dies noch: O4 - HKLM\..\Run: [ScanRegistry] C:\W |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 07:38 Uhr. |
Copyright ©2000-2025, Trojaner-Board