Bitte log auswerten |
Willkommen, Gast ( Anmelden | Registrierung )
Bitte log auswerten |
19.07.2004, 23:30
Beitrag
#1
|
|
Ist neu hier Gruppe: Mitglieder Beiträge: 2 Mitglied seit: 19.07.2004 Mitglieds-Nr.: 1.239 |
Logfile of HijackThis v1.98.0
Scan saved at 00:07:15, on 20.07.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Programme\Softwin\BitDefender Professional Edition\bdswitch.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\JanMetzger\Anwendungsdaten\dcut.exe C:\WINDOWS\System32\dnczkdhn.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe C:\Programme\Softwin\BitDefender Professional Edition\vsserv.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\eMule\emule.exe C:\PROGRA~1\ICQ\Icq.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\JanMetzger\Desktop\hjt.exe R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.bestwebsearch.org/searchpage/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bestwebsearch.org/searchpage/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.bestwebsearch.org/searchpage/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.102/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestwebsearch.org/searchpage/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsearch.org/searchpage/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsearch.org/searchpage/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebsearch.org/searchpage/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nfpi.dll/sp.html (o |
|
|
Gast_*Christian*_* |
20.07.2004, 00:20
Beitrag
#2
|
Gäste |
Abgesicherter Modus und folgendes fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.bestwebsearch.org/searchpage/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.bestwebsearch.org/searchpage/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.bestwebsearch.org/searchpage/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://69.31.79.102/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestwebsearch.org/searchpage/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsearch.org/searchpage/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsearch.org/searchpage/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spex/start.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebsearch.org/searchpage/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nfpi.dll/sp.html (o Kenne ich nicht: C:\WINDOWS\System32\dnczkdhn.exe dcut.exe www.windowsupate.com besuchen! Der Beitrag wurde von *Christian* bearbeitet: 20.07.2004, 00:20 |
|
|
20.07.2004, 05:59
Beitrag
#3
|
|
"Sir Remover" Gruppe: Mitglieder Beiträge: 1.726 Mitglied seit: 04.02.2004 Mitglieds-Nr.: 397 Betriebssystem: Windows 7 x64 Virenscanner: MS |
Koennte es sein, das dein Logfile abgeschnitten ist?
Nur R Eintraege ist recht ungewoehnlich..... -------------------- Gruss R E M O V E R
If you think you are paranoid, . . .you are not paranoid enough! |
|
|
Gast_*Christian*_* |
20.07.2004, 16:54
Beitrag
#4
|
Gäste |
|
|
|
20.07.2004, 22:28
Beitrag
#5
|
|
Threadersteller Ist neu hier Gruppe: Mitglieder Beiträge: 2 Mitglied seit: 19.07.2004 Mitglieds-Nr.: 1.239 |
Ja log war abgeschnitten hier ist nochmal der komplette mit der Bitte um erneute auswertung.
Danke metzger Logfile of HijackThis v1.98.0 Scan saved at 23:20:40, on 20.07.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Softwin\BitDefender Professional Edition\vsserv.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Programme\Softwin\BitDefender Professional Edition\bdswitch.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\JanMetzger\Anwendungsdaten\dcut.exe C:\WINDOWS\System32\dnczkdhn.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\JanMetzger\Desktop\hjt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {02E1DD99-0853-401A-93AF-D344BE1BEA61} - C:\WINDOWS\System32\nfpi.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Title Dvd Cast - {1FBB0CB8-9550-646B-BBE5-0732AF2C08E8} - C:\PROGRA~1\OpenFord\atom blah.dll O2 - BHO: (no name) - {3FD9452A-C937-0CCB-D327-61557FAE2D6D} - C:\WINDOWS\System32\wiyc.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: File base hole - {65BF56A2-EB82-13A3-A733-EA25069D561C} - C:\PROGRA~1\OpenFord\atom blah.dll O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender Professional Edition\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender Professional Edition\bdswitch.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Rcwl] C:\Dokumente und Einstellungen\JanMetzger\Anwendungsdaten\dcut.exe O4 - HKCU\..\Run: [Qopbg] C:\WINDOWS\System32\dnczkdhn.exe O4 - Startup: PowerReg SchedulerV2.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter Utility.lnk = C:\Programme\SMC\SMC2835W 2.4GHz 54 Mbps Wireless CardBus Adapter\drivers\WINXP\SMC11GMonitor.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU) O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU) O9 - Extra button: Debt Consolidate - {9234f700-cba3-4071-b251-47cb894244cd} - http://www.terra.es/personal7/korona04/debt.html (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Debt Consolidate - {9234f700-cba3-4071-b251-47cb894244cd} - http://www.terra.es/personal7/korona04/debt.html (file missing) (HKCU) O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.180/winsearchie32.chm::/winsearchie32.exe O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AD688740-5246-40C3-1111-53959999940D} - http://www.xpehbam.biz/sek.exe O18 - Filter: text/html - {C8D600F6-8231-4E8D-BFE1-8D062637D075} - C:\WINDOWS\System32\nfpi.dll O18 - Filter: text/plain - {C8D600F6-8231-4E8D-BFE1-8D062637D075} - C:\WINDOWS\System32\nfpi.dll |
|
|
Gast_*Christian*_* |
20.07.2004, 22:47
Beitrag
#6
|
Gäste |
Abgesicherter Modus und dies fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\nfpi.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {02E1DD99-0853-401A-93AF-D344BE1BEA61} - C:\WINDOWS\System32\nfpi.dll O2 - BHO: (no name) - {3FD9452A-C937-0CCB-D327-61557FAE2D6D} - C:\WINDOWS\System32\wiyc.dll O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU) O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU) O9 - Extra button: Debt Consolidate - {9234f700-cba3-4071-b251-47cb894244cd} - http://www.terra.es/personal7/korona04/debt.html (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Debt Consolidate - {9234f700-cba3-4071-b251-47cb894244cd} - http://www.terra.es/personal7/korona04/debt.html (file missing) (HKCU) O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.180/winsearchie32.chm::/winsearchie32.exe O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {AD688740-5246-40C3-1111-53959999940D} - http://www.xpehbam.biz/sek.exe O18 - Filter: text/html - {C8D600F6-8231-4E8D-BFE1-8D062637D075} - C:\WINDOWS\System32\nfpi.dll O18 - Filter: text/plain - {C8D600F6-8231-4E8D-BFE1-8D062637D075} - C:\WINDOWS\System32\nfpi.dll Danach www.windowsupate.com besuchen! Browserwechsel wäre ebenfalls sinnvoll: www.firefox-browser.de Edit: Dies bitte ebenfalls im abgesicherten Modus fixen: O4 - HKCU\..\Run: [Rcwl] C:\Dokumente und Einstellungen\JanMetzger\Anwendungsdaten\dcut.exe O4 - HKCU\..\Run: [Qopbg] C:\WINDOWS\System32\dnczkdhn.exe Danach diese Dateien löschen: C:\Dokumente und Einstellungen\JanMetzger\Anwendungsdaten\dcut.exe C:\WINDOWS\System32\dnczkdhn.exe Du hast aktuelle Updates von Bitdefender? Der Beitrag wurde von *Christian* bearbeitet: 20.07.2004, 23:10 |
|
|
Vereinfachte Darstellung | Aktuelles Datum: 18.05.2024, 20:18 |