- #1
P
phil aus usa
Guest
hallo
habe keine ahnung von sicherheit im netz, muss ich mal zugeben. habe mal sone hijackthis logfile gemacht. mache auf meinem pc eigentlich nichts mit passwörten, bis auf emailen
was muss ich tun (keine neuinstallation, da win auf meinem pc schon vorinstalliert war und ich keine win cd habe)
woran ich es gemarkt habe? ich kann nicht mehr auf web.de. häufig taucht einfach cool web search oder auf....
Logfile of HijackThis v1.99.1
Scan saved at 11:45:27 AM, on 12/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Phillakilla\Local Settings\Temp\Temporary
Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=c:\windows\system32\dmtdll.exe
O2 - BHO: (no name) - {0EBB6AE6-CD64-CB54-AFC3-FCFC18C37082} - C:\Program
Files\cdmweb\jcsubytjbg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [syshelp] C:\WINDOWS\System32\syshelp.exe
O4 - HKLM\..\Run: [WinGate initialize] C:\WINDOWS\System32\WinGate.exe
-remoteshell
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe
-atboottime
O4 - HKLM\..\Run: [\\MOSTRADOR\EPSON Stylus C45 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P35
\\MOSTRADOR\EPSON Stylus C45 Series /O6 USB001 /M Stylus C45
O4 - HKLM\..\Run: [Dmtdll] c:\windows\system32\dmtdll.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free
Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free
Edition\\bdnagent.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~2\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe
/background
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe
/background
O4 - HKCU\..\Run: [Dmtdll] c:\windows\system32\dmtdll.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra->Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} -
http://adserver.sharewareonline.com/adserver/Install.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: dll_reg - Unknown owner - Rundll32.exe (file missing)
O23 - Service: Windows Management Extension - Unknown owner - Rundll32.exe
(file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
danke auf jeden fall
phil
habe keine ahnung von sicherheit im netz, muss ich mal zugeben. habe mal sone hijackthis logfile gemacht. mache auf meinem pc eigentlich nichts mit passwörten, bis auf emailen
was muss ich tun (keine neuinstallation, da win auf meinem pc schon vorinstalliert war und ich keine win cd habe)
woran ich es gemarkt habe? ich kann nicht mehr auf web.de. häufig taucht einfach cool web search oder auf....
Logfile of HijackThis v1.99.1
Scan saved at 11:45:27 AM, on 12/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Phillakilla\Local Settings\Temp\Temporary
Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://runonce.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=c:\windows\system32\dmtdll.exe
O2 - BHO: (no name) - {0EBB6AE6-CD64-CB54-AFC3-FCFC18C37082} - C:\Program
Files\cdmweb\jcsubytjbg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [syshelp] C:\WINDOWS\System32\syshelp.exe
O4 - HKLM\..\Run: [WinGate initialize] C:\WINDOWS\System32\WinGate.exe
-remoteshell
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe
-atboottime
O4 - HKLM\..\Run: [\\MOSTRADOR\EPSON Stylus C45 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P35
\\MOSTRADOR\EPSON Stylus C45 Series /O6 USB001 /M Stylus C45
O4 - HKLM\..\Run: [Dmtdll] c:\windows\system32\dmtdll.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free
Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free
Edition\\bdnagent.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~2\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe
/background
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe
/background
O4 - HKCU\..\Run: [Dmtdll] c:\windows\system32\dmtdll.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra->Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} -
http://adserver.sharewareonline.com/adserver/Install.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: dll_reg - Unknown owner - Rundll32.exe (file missing)
O23 - Service: Windows Management Extension - Unknown owner - Rundll32.exe
(file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
danke auf jeden fall
phil