Was darf gelöscht werden bei HiJackThis?

Dieses Thema Was darf gelöscht werden bei HiJackThis? im Forum "Sonstiges rund ums Internet" wurde erstellt von Tommi2003, 24. Mai 2004.

Thema: Was darf gelöscht werden bei HiJackThis? Hier meine Logfile. habe keine Ahnung, was gelöscht werden darf. Erbitte Hilfe! Gruß Tommi Running processes:...

  1. Hier meine Logfile. habe keine Ahnung, was gelöscht werden darf. Erbitte Hilfe!

    Gruß Tommi

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\Programme\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
    C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    C:\Programme\Norton Internet Security\ccPxySvc.exe
    C:\Programme\Norton AntiVirus\navapsvc.exe
    C:\Programme\T-DSL SpeedManager\tsmsvc.exe
    C:\Archiv Landmark\Downloads\HijackThis\HijackThis.exe
    C:\Programme\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?344012 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?344012 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?344012 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?344012 (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://bad-url.com/?
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://bad-url.com/?
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\System32\DReplace.dll
    O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA2} - C:\DOKUME~1\Tommi\LOKALE~1\Temp\mbab.dll (file missing)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
    O2 - BHO: (no name) - {B0E53498-1DF7-424D-8786-C005913E3731} - C:\WINDOWS\System32\ihpfp.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
    O4 - HKLM\..\Run: [T-DSL SpeedMgr] C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [Internat Conf] C:\WINDOWS\System32\bootconf.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
    O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38112.0683564815
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B49BA725-B36F-486B-ACFD-7C861C9CD289}: NameServer = 192.168.120.252,192.168.120.253
    O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp (file missing)
     
  2. Bitte ergänze doch noch den Logfile-Beginn.......
     
  3. Hier der Beginn:

    Logfile of HijackThis v1.97.7
    Scan saved at 08:42:48, on 24.05.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
     
  4. Also ich habe das Tool drüberlaufen lassen. Hier der Log:

    24.05.2004 13:41:00 SPhjFix started v1.07
    24.05.2004 13:41:00 Stealth-String not found -> Programm terminated
    24.05.2004 13:41:19 SPhjFix started v1.07
    24.05.2004 13:41:19 Stealth-String not found -> Programm terminated

    Es sagt ausserdem, das keine Infizierung vorliegt.

    Danach habe ich noch CWShredder (Nur den Scan) laufen lassen mit folgendem Ergebnis:

    CWShredder v1.57.0 scan only report
    Please understand that a CWShredder->Scan only' report
    might not be sufficient to troubleshoot an infected system.
    You can use HijackThis for that:
    http://www.merijn.org/files/hijackthis.zip
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip

    Windows XP (5.01.2600 SP1)
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system32
    AppData folder: C:\Dokumente und Einstellungen\Tommi\Anwendungsdaten
    Username: Tommi

    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer,Search
    Infected data: http://out.true-counter.com/b/?344012 (obfuscated)
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer,SearchURL
    Infected data: http://aifind.info/
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer,SearchURL
    Infected data: http://aifind.info/
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
    Infected data: http://out.true-counter.com/a/?344012 (obfuscated)
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    Infected data: http://out.true-counter.com/b/?344012 (obfuscated)
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant
    Infected data: http://bad-url.com/?
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch
    Infected data: http://bad-url.com/?
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
    Infected data: res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page
    Infected data: res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
    Infected data: res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
    Infected data: res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    Infected data: res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    Infected Registry value:
    HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    Infected data: http://out.true-counter.com/b/?344012 (obfuscated)
    Infected Registry value:
    HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant,http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    Infected data: res://C:\WINDOWS\System32\ihpfp.dll/sp.html (obfuscated)
    Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (820 bytes, R)
    CWS.Msinfo Registry value: HKLM\..\Run [Internat Conf] C:\WINDOWS\System32\bootconf.exe
    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\System32\userinit.exe
    Found CWS.Therealsearch (if filesize is under 300k) file: C:\WINDOWS\editpad.exe (293 bytes, A)
    Registry value: Stylesheet (HKCU) [User Stylesheet] C:\WINDOWS\Web\oslogo.bmp
    Registry value: DefaultPrefix (should be http://) [] http://
    Registry value: WWW Prefix (should be http://) [www] http://
    Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    Registry value: Home Prefix (should be http://) [home] http://
    Found Win.ini file: C:\WINDOWS\win.ini (1039 bytes, A)
    Found System.ini file: C:\WINDOWS\system.ini (231 bytes, A)
    CWS.Dreplace Registry key: HKLM\..\BHOs\{086AE192-23A6-48D6-96EC-715F53797E85}
    Found CWS.Dreplace file: C:\WINDOWS\system32\Dreplace.dll (50176 bytes, A)

    - END OF REPORT -

    Also was muß ich löschen oder sonstwie bearbeiten? Bin nämlich etwas verwirrt über die Anzahl der Meldungen und was gefixt (?) werden darf und was nicht.

    Dank für die Hilfe.
     
  5. Den CWS kannste gleich im Fix-Modus drüberrappeln lassen.
     
Die Seite wird geladen...

Was darf gelöscht werden bei HiJackThis? - Ähnliche Themen

Forum Datum
Microsoft Konto nur bei Bedarf Windows 10 Forum 11. Jan. 2016
Wie oft darf Windows aktiviert werden? Windows XP Forum 28. Juli 2012
Opera 10.50 Beta darf sich tatsächlich mit dem Titel "schnellster Browser" schmücken. Windows XP Forum 11. Feb. 2010
.NET Framework - was darf ich deinstallieren? Windows XP Forum 26. Juli 2012
richtiger Administrator darf Datei nicht löschen!? Windows XP Forum 11. Juli 2012