- #1
A
atecki
Guest
Hi Leute,
auch ich habe das Problem mit der IE Startseite... Habe jetzt das Programm Hijack laufen lassen, hier das Protokoll:
Logfile of HijackThis v1.97.7
Scan saved at 13:28:59, on 27.03.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\WINNT\System32\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINNT\System32\internat.exe
C:\winnt\system\system.exe
C:\winnt\winlogon.exe
C:\WINNT\system32\winproc32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\Iomega\Tools\IMGICON.EXE
C:\Programme\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Axel Teckentrup\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2B2TKJYH\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http: //4-counter.com/?a=2&b=tut
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //4-counter.com/?b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //awebfind.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http: //4-counter.com/?a=2&b=tut
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http: //riviera.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //4-counter.com/?a=2&b=tut
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //4-counter.com/?a=2&b=tut
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http: //riviera.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http: //out.true-counter.com/b/?351418 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http: //searchbar.linksummary.com/
O1 - Hosts: 645238813 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINNT\madise.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [System Update] c:\winnt\system\system.exe
O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Iomega Backup-Terminplaner.lnk = C:\Programme\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega-Symbole.lnk = C:\Programme\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega - Startoptionen.lnk = C:\Programme\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = C:\Programme\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Album Fast Start.lnk = C:\Programme\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related (HKLM)
O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://www.az.blm.gov/CFIDE/classes/CFJava.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {C94BFF60-7315-11D2-A844-0060086FEFD7} (Internet Banking und Brokerage) - http://www.izb-hb.de/SPK_Rosenheim/SBrokerageinstV20.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CEC31EC-1AAB-43CB-8A32-933B38E3754E}: NameServer = 195.3.96.67,195.3.96.68
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing)
O19 - User stylesheet: C:\WINNT\default.css (file missing) (HKLM)
Bin mir nicht sicher was gelöscht/gefixed gehört. Ich würde alle R (außer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080 - dies müßte mein Provider sein) löschen...
Wäre für Tipps dankbar :
Vielen Dank und viele Grüße
Axel
Links nicht mehr klickbar
auch ich habe das Problem mit der IE Startseite... Habe jetzt das Programm Hijack laufen lassen, hier das Protokoll:
Logfile of HijackThis v1.97.7
Scan saved at 13:28:59, on 27.03.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\WINNT\System32\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINNT\System32\internat.exe
C:\winnt\system\system.exe
C:\winnt\winlogon.exe
C:\WINNT\system32\winproc32.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\Iomega\Tools\IMGICON.EXE
C:\Programme\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Axel Teckentrup\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2B2TKJYH\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http: //4-counter.com/?a=2&b=tut
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http: //4-counter.com/?b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //awebfind.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http: //4-counter.com/?a=2&b=tut
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http: //riviera.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //4-counter.com/?a=2&b=tut
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //4-counter.com/?a=2&b=tut
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http: //awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //4-counter.com/?a=2&b=tut
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http: //riviera.cc (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http: //out.true-counter.com/b/?351418 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http: //searchbar.linksummary.com/
O1 - Hosts: 645238813 auto.search.msn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {f760cb9e-c60f-4a89-890e-fae8b849493e} - C:\WINNT\madise.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
O4 - HKLM\..\Run: [sys] regedit -s sysdll.reg
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [System Update] c:\winnt\system\system.exe
O4 - Global Startup: Erinnerungen für Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Iomega Backup-Terminplaner.lnk = C:\Programme\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega-Symbole.lnk = C:\Programme\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega - Startoptionen.lnk = C:\Programme\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: IomegaWare.lnk = C:\Programme\Iomega\Iomegaware\COMMANDER.EXE
O4 - Global Startup: Album Fast Start.lnk = C:\Programme\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Related (HKLM)
O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://www.az.blm.gov/CFIDE/classes/CFJava.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {C94BFF60-7315-11D2-A844-0060086FEFD7} (Internet Banking und Brokerage) - http://www.izb-hb.de/SPK_Rosenheim/SBrokerageinstV20.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} (IRDIXAObj Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CEC31EC-1AAB-43CB-8A32-933B38E3754E}: NameServer = 195.3.96.67,195.3.96.68
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing)
O19 - User stylesheet: C:\WINNT\default.css (file missing) (HKLM)
Bin mir nicht sicher was gelöscht/gefixed gehört. Ich würde alle R (außer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080 - dies müßte mein Provider sein) löschen...
Wäre für Tipps dankbar :
Vielen Dank und viele Grüße
Axel
Links nicht mehr klickbar