Probleme nach SpyAxe Angriff

TT-driver · 29.12.2005

Meine bemühungen Firefox wieder zum laufen zu bringen, hat mir den gtanzen Tag viel Spaß mit SpyAxe gebracht. Diesen nervigen Pop Up habe ich beseitigen können, allerdings werde ich den Rest nicht los.
Hat jemand einen Rat, wie ich die betroffenen datein beseitigen kann, danke.

Logfile of HijackThis v1.99.1
Scan saved at 19:53:29, on 29.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Lexmark X5100 Series\lxbabmgr.exe
C:\WINDOWS\system32\crbe.exe
C:\Programme\Lexmark X5100 Series\lxbabmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\winzv32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\DOKUME~1\JJ.JAN\LOKALE~1\Temp\Temporäres Verzeichnis 14 für hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {6BF77FD2-9004-E69D-4473-91C3988264B0} - C:\WINDOWS\system32\msnz.dll
O2 - BHO: Class - {8C2CC6A5-75A3-61E8-04E2-F0D78734877A} - C:\WINDOWS\atlmq32.dll
O2 - BHO: Class - {F3D8DFCC-C963-F6D5-205B-07D798983E90} - C:\WINDOWS\system32\d3xi32.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\Programme\Trend Micro\PC-cillin 2002\pccguide.exe
O4 - HKLM\..\Run: [PCCClient.exe] C:\Programme\Trend Micro\PC-cillin 2002\PCCClient.exe
O4 - HKLM\..\Run: [Pop3trap.exe] C:\Programme\Trend Micro\PC-cillin 2002\Pop3trap.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [Lexmark X5100 Series] C:\Programme\Lexmark X5100 Series\lxbabmgr.exe
O4 - HKLM\..\Run: [crbe.exe] C:\WINDOWS\system32\crbe.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (file missing)
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winzv32.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Programme\Trend Micro\PC-cillin 2002\Tmntsrv.exe

PCDpan_fee · 29.12.2005

TT-driver schrieb:
Running processes:
C:\WINDOWS\system32\crbe.exe

O4 - HKLM\..\Run: [crbe.exe] C:\WINDOWS\system32\crbe.exe

Prozess beenden und im abgesicherten Modus löschen.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lrijr.dll/sp.html#53142%resultposition.net

Cleaner SpSeHjfix:
http://www.trojaner-info.de/anleitungen/hijackthis/about_blank.html
Sp.html-Se.dll Hijack Fix:
http://www.majorgeeks.com/Sp.html-Se.dll_Hijack_Fix_2000XP_d4617.html

R3 - Default URLSearchHook is missing

mit HijackThis fixen

O2 - BHO: Class - {6BF77FD2-9004-E69D-4473-91C3988264B0} - C:\WINDOWS\system32\msnz.dll

Trojan-Dropper.Win32.Agent.kd

O2 - BHO: Class - {8C2CC6A5-75A3-61E8-04E2-F0D78734877A} - C:\WINDOWS\atlmq32.dll

Spyware.CoolWebSearch

O2 - BHO: Class - {F3D8DFCC-C963-F6D5-205B-07D798983E90} - C:\WINDOWS\system32\d3xi32.dll

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winzv32.exe

TrojanDownloader.Agent.bq
Dienst Network Security Service:
Tool HSRemove: http://www.majorgeeks.com/download.php?det=4286
home_search_remove.reg: http://www.wintotal.de/Tipps/Eintrag.php?TID=873 (unten)

Viel Erfolg

pan_fee

Probleme nach SpyAxe Angriff

TT-driver

PCDpan_fee

Probleme nach SpyAxe Angriff

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums