- #1
N
Nakor
Guest
Hallo habe den artikel durchgelesen. Und hab auch schon vieles versucht aber meine probleme bekomm ich nicht weg. Könnte jemand kurz meine Liste anschauen, vielleicht vergesse ich immer was zu entfernen.
Dankeschön schon mal im vorraus.
Logfile of HijackThis v1.97.7
Scan saved at 09:07:32, on 03.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\dokume~1\milamber\anwend~1\wupdmgr.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\PROGRA~1\CLIMAT~1\execs\Model.exe
C:\Programme\Netscape\Netscp.exe
D:\Download\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http: //www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file: //c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c: /spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file: //c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //www.myexexex.com/search.php?said=spage
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Programme\CloneCD\CloneCDTray.exe /s
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\Winampa.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Programme\Ad-aware 6\Ad-aware.exe +c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [System Update2] c:\dokume~1\milamber\anwend~1\wupdmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra->Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra->Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra->Tools' menuitem: JavaScript Console (HKCU)
O13 - DefaultPrefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - WWW Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - Home Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - Mosaic Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - FTP Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - Gopher Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http:xxsoftware-dl.real.com/11f38bba0970bdef2206/netzip/RdxIE601_de.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38135.2003356482
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Links deaktiviert
bitte Hijack-Logs immer in einen eigenen Thread eröffnen und sich nicht in einem anderen Thread mit reinhängen, da es sonst unübersichtlich wird
Dankeschön schon mal im vorraus.
Logfile of HijackThis v1.97.7
Scan saved at 09:07:32, on 03.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\dokume~1\milamber\anwend~1\wupdmgr.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\PROGRA~1\CLIMAT~1\execs\Model.exe
C:\Programme\Netscape\Netscp.exe
D:\Download\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http: //www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file: //c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c: /spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http: //www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http: //www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file: //c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http: //www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //www.myexexex.com/search.php?said=spage
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] C:\Programme\CloneCD\CloneCDTray.exe /s
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\Winampa.exe
O4 - HKLM\..\Run: [Ad-aware] C:\Programme\Ad-aware 6\Ad-aware.exe +c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [System Update2] c:\dokume~1\milamber\anwend~1\wupdmgr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra->Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra->Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra->Tools' menuitem: JavaScript Console (HKCU)
O13 - DefaultPrefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - WWW Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - Home Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - Mosaic Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - FTP Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O13 - Gopher Prefix: http: //www.myexexex.com/search.php?said=pfxp&qq=
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http:xxsoftware-dl.real.com/11f38bba0970bdef2206/netzip/RdxIE601_de.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38135.2003356482
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Flocke schrieb:Da lesen und den dort verlinkten Tipp ebenfalls: http://www.wintotal-forum.de/?board=35;action=display;threadid=33317
Da steht, wie HijackThis angewendet werden soll (Browser geschlossen) und da steht auch der Link zu einem Tool, der dir mit dem sp-Hijacker helfen kann.
Links deaktiviert
bitte Hijack-Logs immer in einen eigenen Thread eröffnen und sich nicht in einem anderen Thread mit reinhängen, da es sonst unübersichtlich wird