Nerviger Hijacker 1md.de lässt sich nicht entfernen!! |
||
---|---|---|
#0
| ||
20.06.2004, 12:28
...neu hier
Beiträge: 2 |
||
|
||
20.06.2004, 13:18
Ehrenmitglied
Beiträge: 29434 |
#2
Fixe mit dem HijackThis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1md.de O1 - Hosts: 213.203.193.164 thirdforum.org O1 - Hosts: 213.203.193.164 www.thirdforum.org O1 - Hosts: 213.203.193.164 www.symynet.com O1 - Hosts: 213.203.193.164 symynet.com O1 - Hosts: 213.203.193.164 www.soft-ware.net O1 - Hosts: 213.203.193.164 soft-ware.net O1 - Hosts: 213.203.193.164 www.shareware.deep-ice.com O1 - Hosts: 213.203.193.164 shareware.deep-ice.com O1 - Hosts: 213.203.193.164 www.reacteur.com O1 - Hosts: 213.203.193.164 reacteur.com O1 - Hosts: 213.203.193.164 nysite.it O1 - Hosts: 213.203.193.164 www.nysite.it O1 - Hosts: 213.203.193.164 www.mysimon.search.com.com O1 - Hosts: 213.203.193.164 mysimon.search.com.com O1 - Hosts: 213.203.193.164 multimedia.ftpk.net O1 - Hosts: 213.203.193.164 www.multimedia.ftpk.net O1 - Hosts: 213.203.193.164 mindonwheels.com O1 - Hosts: 213.203.193.164 www.mindonwheels.com O1 - Hosts: 213.203.193.164 www.metaeureka.com O1 - Hosts: 213.203.193.164 www.k-litecodecpack.com O1 - Hosts: 213.203.193.164 metaeureka.com O1 - Hosts: 213.203.193.164 www.klboard.ath.cx O1 - Hosts: 213.203.193.164 k-litecodecpack.com O1 - Hosts: 213.203.193.164 klboard.ath.cx O1 - Hosts: 213.203.193.164 www.kazza.abandonware.nu O1 - Hosts: 213.203.193.164 kazza.abandonware.nu O1 - Hosts: 213.203.193.164 www.kazaa-lite.de.tc O1 - Hosts: 213.203.193.164 kazaa-lite.de.tc O1 - Hosts: 213.203.193.164 www.kazaa-light.de.vu O1 - Hosts: 213.203.193.164 kazaa-light.de.vu O1 - Hosts: 213.203.193.164 www.kazaa-light.de.tc O1 - Hosts: 213.203.193.164 kazaa-light.de.tc O1 - Hosts: 213.203.193.164 home.hccnet.nl O1 - Hosts: 213.203.193.164 www.home.hccnet.nl O1 - Hosts: 213.203.193.164 www.download.freeweb-hosting.com O1 - Hosts: 213.203.193.164 www.aldostools.com O1 - Hosts: 213.203.193.164 aldostools.com O1 - Hosts: 213.203.193.164 addlogs.de O1 - Hosts: 213.203.193.164 www.addlogs.de O1 - Hosts: 213.203.193.164 www.zuccaweb.it O1 - Hosts: 213.203.193.164 zuccaweb.it O1 - Hosts: 213.203.193.164 zeropaid.com O1 - Hosts: 213.203.193.164 www.tvdance.com O1 - Hosts: 213.203.193.164 tvdance.com O1 - Hosts: 213.203.193.164 www.telecharger.01net.com O1 - Hosts: 213.203.193.164 www.softdepia.com O1 - Hosts: 213.203.193.164 telecharger.01net.com O1 - Hosts: 213.203.193.164 softdepia.com O1 - Hosts: 213.203.193.164 www.sofotex.com O1 - Hosts: 213.203.193.164 sofotex.com O1 - Hosts: 213.203.193.164 www.runterladen.de O1 - Hosts: 213.203.193.164 paulkaza.com O1 - Hosts: 213.203.193.164 www.paulkaza.com O1 - Hosts: 213.203.193.164 runterladen.de O1 - Hosts: 213.203.193.164 www.paint-effects.co.uk O1 - Hosts: 213.203.193.164 www.p2p.at-web.de O1 - Hosts: 213.203.193.164 paint-effects.co.uk O1 - Hosts: 213.203.193.164 oldversion.com O1 - Hosts: 213.203.193.164 www.nutzwerk.de O1 - Hosts: 213.203.193.164 nutzwerk.de O1 - Hosts: 213.203.193.164 www.nuke.hun.edu.tr O1 - Hosts: 213.203.193.164 nuke.hun.edu.tr O1 - Hosts: 213.203.193.164 www.nationalreview.com O1 - Hosts: 213.203.193.164 nationalreview.com O1 - Hosts: 213.203.193.164 www.napstermp3.com O1 - Hosts: 213.203.193.164 napstermp3.com O1 - Hosts: 213.203.193.164 mpex.net O1 - Hosts: 213.203.193.164 www.microchem.dk O1 - Hosts: 213.203.193.164 microchem.dk O1 - Hosts: 213.203.193.164 www.linguasphere.org O1 - Hosts: 213.203.193.164 linguasphere.org O1 - Hosts: 213.203.193.164 k-lite.tk O1 - Hosts: 213.203.193.164 www.kazaaplus.com O1 - Hosts: 213.203.193.164 kazaaplus.com O1 - Hosts: 213.203.193.164 kazaalite.nl O1 - Hosts: 213.203.193.164 kazaalite.de O1 - Hosts: 213.203.193.164 kazaalite.com O1 - Hosts: 213.203.193.164 kazaagold.com O1 - Hosts: 213.203.193.164 www.kazaagold.com O1 - Hosts: 213.203.193.164 www.kazaa-file-sharing-downloads.com O1 - Hosts: 213.203.193.164 kazaa-file-sharing-downloads.com O1 - Hosts: 213.203.193.164 www.kazaa-download-accelerator.com O1 - Hosts: 213.203.193.164 kazaa-download-accelerator.com O1 - Hosts: 213.203.193.164 www.kazaa-download.de.pn O1 - Hosts: 213.203.193.164 kazaa-download.de.pn O1 - Hosts: 213.203.193.164 www.kazaa.infos-du-net.com O1 - Hosts: 213.203.193.164 kazaa.infos-du-net.com O1 - Hosts: 213.203.193.164 kazaa.de O1 - Hosts: 213.203.193.164 kazaa.com O1 - Hosts: 213.203.193.164 www.kaza.de.tc O1 - Hosts: 213.203.193.164 kaza.de.tc O1 - Hosts: 213.203.193.164 www.juszczakiewicz.pl O1 - Hosts: 213.203.193.164 juszczakiewicz.pl O1 - Hosts: 213.203.193.164 www.jolster.nu O1 - Hosts: 213.203.193.164 jolster.nu O1 - Hosts: 213.203.193.164 www.imilly.com O1 - Hosts: 213.203.193.164 imilly.com O1 - Hosts: 213.203.193.164 www.icisnet.org O1 - Hosts: 213.203.193.164 icisnet.org O1 - Hosts: 213.203.193.164 www.globalshareware.com O1 - Hosts: 213.203.193.164 www.gef.be.ch O4 - HKLM\..\Run: [PL2210Z] C:\WINDOWS\P221ZI98.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\System\plugin.exe neustarten Lade den XP\Clean, Version 5.5 unter Host loesche alles, so dass nur 127.0.0.1 bleibt http://www.xpclean.de/index.htm?http://www.xpclean.de/xpcleangold.htm Geh mal zu C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts mit dem Editor oeffen ..notepad Dort sollte nur 127.0.0.1 drinstehen . Alles andere loeschen ............................................................................................ Lade AdAware. free und scanne http://www.lavasoft.de/ Lade die mwav.exe, mache einen Vollscann und poste, was das Tool findet. http://www.mwti.net/antivirus/free_utilities.asp Lade Antivr., falls du noch keinen Virenscanner hast http://www.free-av.de/ stelle ein\alle Dateien scannen\ #Gehe in den abgesicherten Modus....F8 beim Hochfahren druecken und loesche alles, was der Scanner anzeigt. loesche die C:\WINDOWS\System\plugin.exe C:\WINDOWS\P221ZI98.exe und auch in der Registry Start\Ausfuehren\regedit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run normal neustarten Dann loesche unter InternetOptionen die TemporaryInternetFiles und stelle eine neue Startseite ein Poste das Log dann noch einmal MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 20.06.2004 um 13:27 Uhr von Sabina editiert.
|
|
|
||
20.06.2004, 14:33
...neu hier
Themenstarter Beiträge: 2 |
#3
Hallo Sabrina,
vielen Dank, bin den hijacker los!! |
|
|
||
20.06.2004, 14:35
Ehrenmitglied
Beiträge: 29434 |
#4
Du kannst ja noch mal das Log posten...zur Sicherheit.
Und lade den Firefox als SurfBrowser...ist hijackerfrei http://www.firebird-browser.de/ Gruss Sabina __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Logfile of HijackThis v1.97.7
Scan saved at 12:17:06, on 20.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System\plugin.exe
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Paragon\LASTMI~1\plmg.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Heinz\LOKALE~1\Temp\Rar$EX00.563\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1md.de
O1 - Hosts: 213.203.193.164 thirdforum.org
O1 - Hosts: 213.203.193.164 www.thirdforum.org
O1 - Hosts: 213.203.193.164 www.symynet.com
O1 - Hosts: 213.203.193.164 symynet.com
O1 - Hosts: 213.203.193.164 www.soft-ware.net
O1 - Hosts: 213.203.193.164 soft-ware.net
O1 - Hosts: 213.203.193.164 www.shareware.deep-ice.com
O1 - Hosts: 213.203.193.164 shareware.deep-ice.com
O1 - Hosts: 213.203.193.164 www.reacteur.com
O1 - Hosts: 213.203.193.164 reacteur.com
O1 - Hosts: 213.203.193.164 nysite.it
O1 - Hosts: 213.203.193.164 www.nysite.it
O1 - Hosts: 213.203.193.164 www.mysimon.search.com.com
O1 - Hosts: 213.203.193.164 mysimon.search.com.com
O1 - Hosts: 213.203.193.164 multimedia.ftpk.net
O1 - Hosts: 213.203.193.164 www.multimedia.ftpk.net
O1 - Hosts: 213.203.193.164 mindonwheels.com
O1 - Hosts: 213.203.193.164 www.mindonwheels.com
O1 - Hosts: 213.203.193.164 www.metaeureka.com
O1 - Hosts: 213.203.193.164 www.k-litecodecpack.com
O1 - Hosts: 213.203.193.164 metaeureka.com
O1 - Hosts: 213.203.193.164 www.klboard.ath.cx
O1 - Hosts: 213.203.193.164 k-litecodecpack.com
O1 - Hosts: 213.203.193.164 klboard.ath.cx
O1 - Hosts: 213.203.193.164 www.kazza.abandonware.nu
O1 - Hosts: 213.203.193.164 kazza.abandonware.nu
O1 - Hosts: 213.203.193.164 www.kazaa-lite.de.tc
O1 - Hosts: 213.203.193.164 kazaa-lite.de.tc
O1 - Hosts: 213.203.193.164 www.kazaa-light.de.vu
O1 - Hosts: 213.203.193.164 kazaa-light.de.vu
O1 - Hosts: 213.203.193.164 www.kazaa-light.de.tc
O1 - Hosts: 213.203.193.164 kazaa-light.de.tc
O1 - Hosts: 213.203.193.164 home.hccnet.nl
O1 - Hosts: 213.203.193.164 www.home.hccnet.nl
O1 - Hosts: 213.203.193.164 www.download.freeweb-hosting.com
O1 - Hosts: 213.203.193.164 www.aldostools.com
O1 - Hosts: 213.203.193.164 aldostools.com
O1 - Hosts: 213.203.193.164 addlogs.de
O1 - Hosts: 213.203.193.164 www.addlogs.de
O1 - Hosts: 213.203.193.164 www.zuccaweb.it
O1 - Hosts: 213.203.193.164 zuccaweb.it
O1 - Hosts: 213.203.193.164 zeropaid.com
O1 - Hosts: 213.203.193.164 www.tvdance.com
O1 - Hosts: 213.203.193.164 tvdance.com
O1 - Hosts: 213.203.193.164 www.telecharger.01net.com
O1 - Hosts: 213.203.193.164 www.softdepia.com
O1 - Hosts: 213.203.193.164 telecharger.01net.com
O1 - Hosts: 213.203.193.164 softdepia.com
O1 - Hosts: 213.203.193.164 www.sofotex.com
O1 - Hosts: 213.203.193.164 sofotex.com
O1 - Hosts: 213.203.193.164 www.runterladen.de
O1 - Hosts: 213.203.193.164 paulkaza.com
O1 - Hosts: 213.203.193.164 www.paulkaza.com
O1 - Hosts: 213.203.193.164 runterladen.de
O1 - Hosts: 213.203.193.164 www.paint-effects.co.uk
O1 - Hosts: 213.203.193.164 www.p2p.at-web.de
O1 - Hosts: 213.203.193.164 paint-effects.co.uk
O1 - Hosts: 213.203.193.164 oldversion.com
O1 - Hosts: 213.203.193.164 www.nutzwerk.de
O1 - Hosts: 213.203.193.164 nutzwerk.de
O1 - Hosts: 213.203.193.164 www.nuke.hun.edu.tr
O1 - Hosts: 213.203.193.164 nuke.hun.edu.tr
O1 - Hosts: 213.203.193.164 www.nationalreview.com
O1 - Hosts: 213.203.193.164 nationalreview.com
O1 - Hosts: 213.203.193.164 www.napstermp3.com
O1 - Hosts: 213.203.193.164 napstermp3.com
O1 - Hosts: 213.203.193.164 mpex.net
O1 - Hosts: 213.203.193.164 www.microchem.dk
O1 - Hosts: 213.203.193.164 microchem.dk
O1 - Hosts: 213.203.193.164 www.linguasphere.org
O1 - Hosts: 213.203.193.164 linguasphere.org
O1 - Hosts: 213.203.193.164 k-lite.tk
O1 - Hosts: 213.203.193.164 www.kazaaplus.com
O1 - Hosts: 213.203.193.164 kazaaplus.com
O1 - Hosts: 213.203.193.164 kazaalite.nl
O1 - Hosts: 213.203.193.164 kazaalite.de
O1 - Hosts: 213.203.193.164 kazaalite.com
O1 - Hosts: 213.203.193.164 kazaagold.com
O1 - Hosts: 213.203.193.164 www.kazaagold.com
O1 - Hosts: 213.203.193.164 www.kazaa-file-sharing-downloads.com
O1 - Hosts: 213.203.193.164 kazaa-file-sharing-downloads.com
O1 - Hosts: 213.203.193.164 www.kazaa-download-accelerator.com
O1 - Hosts: 213.203.193.164 kazaa-download-accelerator.com
O1 - Hosts: 213.203.193.164 www.kazaa-download.de.pn
O1 - Hosts: 213.203.193.164 kazaa-download.de.pn
O1 - Hosts: 213.203.193.164 www.kazaa.infos-du-net.com
O1 - Hosts: 213.203.193.164 kazaa.infos-du-net.com
O1 - Hosts: 213.203.193.164 kazaa.de
O1 - Hosts: 213.203.193.164 kazaa.com
O1 - Hosts: 213.203.193.164 www.kaza.de.tc
O1 - Hosts: 213.203.193.164 kaza.de.tc
O1 - Hosts: 213.203.193.164 www.juszczakiewicz.pl
O1 - Hosts: 213.203.193.164 juszczakiewicz.pl
O1 - Hosts: 213.203.193.164 www.jolster.nu
O1 - Hosts: 213.203.193.164 jolster.nu
O1 - Hosts: 213.203.193.164 www.imilly.com
O1 - Hosts: 213.203.193.164 imilly.com
O1 - Hosts: 213.203.193.164 www.icisnet.org
O1 - Hosts: 213.203.193.164 icisnet.org
O1 - Hosts: 213.203.193.164 www.globalshareware.com
O1 - Hosts: 213.203.193.164 www.gef.be.ch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [System] C:\WINDOWS\System\plugin.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PL2210Z] C:\WINDOWS\P221ZI98.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [plmg.exe] C:\PROGRA~1\Paragon\LASTMI~1\plmg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Artikel hinzufügen - file://c:\add.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren (HKLM)
O9 - Extra button: Add bid (HKCU)
O9 - Extra 'Tools' menuitem: Add bid (HKCU)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38088.1098842593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab