Startseite ndert sich immer um (www.buldog-search.com)

#0
21.01.2005, 20:09
...neu hier

Beiträge: 1
#1 also Schei... erstmal. Kenn mich zwar null aus aber ich habe (da ich andere Pins schon durchgelesen habe) festgestellt dass ich hijackthis installieren muss. Bin auch wieder auf irgendwelche sides geraten wo ich nicht rein wollte...auf jeden fall hier meine Logfile. Danke schon mal im Vorraus...


Logfile of HijackThis v1.99.0
Scan saved at 20:00:10, on 21.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ZoneAlarm\zlclient.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\Programme\Labtec\Wireless Mouse\MulMouse.exe
C:\Programme\Anti-Vir\AVWUPSRV.EXE
C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\SLEE503.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\hhnt.exe
C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
C:\Programme\Diablo LOD\Game.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Andi\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = F***' Rock Out
O1 - Hosts: 69.50.188.82 google.com
O1 - Hosts: 69.50.188.82 altavista.com
O1 - Hosts: 69.50.188.82 www.altavista.com
O1 - Hosts: 69.50.188.82 msn.com
O1 - Hosts: 69.50.188.82 www.msn.com
O1 - Hosts: 69.50.188.82 search.msn.com
O1 - Hosts: 69.50.188.82 search.yahoo.com
O1 - Hosts: 69.50.188.82 yahoo.com
O1 - Hosts: 69.50.188.82 www.yahoo.com
O1 - Hosts: 69.50.188.82 search.aol.com
O1 - Hosts: 69.50.188.82 askjeeves.com
O1 - Hosts: 69.50.188.82 www.askjeeves.com
O1 - Hosts: 69.50.188.82 www.directhit.com
O1 - Hosts: 69.50.188.82 directhit.com
O1 - Hosts: 69.50.188.82 www.excite.com
O1 - Hosts: 69.50.188.82 excite.com
O1 - Hosts: 69.50.188.82 alltheweb.com
O1 - Hosts: 69.50.188.82 www.alltheweb.com
O1 - Hosts: 69.50.188.82 go.com
O1 - Hosts: 69.50.188.82 www.go.com
O1 - Hosts: 69.50.188.82 goto.com
O1 - Hosts: 69.50.188.82 www.goto.com
O1 - Hosts: 69.50.188.82 hotbot.com
O1 - Hosts: 69.50.188.82 www.hotbot.com
O1 - Hosts: 69.50.188.82 lycos.com
O1 - Hosts: 69.50.188.82 www.lycos.com
O1 - Hosts: 69.50.188.82 dmoz.org
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O4 - HKLM\..\Run: [soundmanager] soundman.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\letsroll.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe
O4 - HKLM\..\Run: [Sonnettiebio] WinUpdate.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HUdmjm3] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [HUdm"igY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [K04W
}z[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [K0@]"iC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [HUdmjm"igY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [K0]"igC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzwj32.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Rlos] C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
O4 - Global Startup: Labtec Maus Software 2.0.lnk = C:\Programme\Labtec\Wireless Mouse\MulMouse.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VR-NetWorld Auftragsprfung.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: hnliche Seiten - res://c:\programme\google\GoogleToolbar3.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: MedionShop - {811DDDB7-933B-4717-8A6B-4F86A67E0F9F} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de
O15 - Trusted IP range: (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1024_EN_XP.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a></a>toolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3680
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/partner/mcbeat/MY-PLAYLIST-WEBINSTALLER_loader.exe
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAccess/exe/access_special.ocx
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{6342E316-501D-44C9-9BCE-6D9C40D93C63}: NameServer = 217.237.151.97 217.237.150.33
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Update - H+<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">BED</a></a></a></a>V Datentechnik GmbH, Germany - C:\Programme\Anti-Vir\AVWUPSRV.EXE
O23 - Service: RvscomSv - Living Byte Software GmbH, Mnchen - C:\Programme\Teledat\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer - Living Byte Software GmbH, Mnchen - C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] - Unknown - C:\WINDOWS\System32\SLEE503.exe
O23 - Service: TrueVector <a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a></a> Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Dieser Beitrag wurde am 21.01.2005 um 20:53 Uhr von slash15 editiert.
Seitenanfang Seitenende
23.01.2005, 22:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@slash15

Start<Ausfuehren<regedit

die Registry oeffnet sich:
suche folgende Schluessel:

<HKEY_CURRENT_USER\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
loesche:
v3cab

<HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\
loesche:
C:/WINDOWS/Downloaded Program Files/v3.dll

<HKEY_LOCAL_MACHINE\SOFTWARE\
loesche:
backup\EliteToolBar

<HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
loesche:
{28CAEFF3-0F18-4036-B504-51D73BD81ABC}

<HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
loesche:
{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

<HKEY_LOCAL_MACHINE\SOFTWARE\
loesche:
Elitum\EliteToolBar

Bearbeiten--suchen-->
kopiere rein und loesche alles, was du findest:
HUdmjm"igY
K0]"ig
qqbdy.exe
istsvc.exe
IST Service

#ffne das HijackThis-->> Button "scan" -->> Hkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O1 - Hosts: 69.50.188.82 google.com
O1 - Hosts: 69.50.188.82 altavista.com
O1 - Hosts: 69.50.188.82 www.altavista.com
O1 - Hosts: 69.50.188.82 msn.com
O1 - Hosts: 69.50.188.82 www.msn.com
O1 - Hosts: 69.50.188.82 search.msn.com
O1 - Hosts: 69.50.188.82 search.yahoo.com
O1 - Hosts: 69.50.188.82 yahoo.com
O1 - Hosts: 69.50.188.82 www.yahoo.com
O1 - Hosts: 69.50.188.82 search.aol.com
O1 - Hosts: 69.50.188.82 askjeeves.com
O1 - Hosts: 69.50.188.82 www.askjeeves.com
O1 - Hosts: 69.50.188.82 www.directhit.com
O1 - Hosts: 69.50.188.82 directhit.com
O1 - Hosts: 69.50.188.82 www.excite.com
O1 - Hosts: 69.50.188.82 excite.com
O1 - Hosts: 69.50.188.82 alltheweb.com
O1 - Hosts: 69.50.188.82 www.alltheweb.com
O1 - Hosts: 69.50.188.82 go.com
O1 - Hosts: 69.50.188.82 www.go.com
O1 - Hosts: 69.50.188.82 goto.com
O1 - Hosts: 69.50.188.82 www.goto.com
O1 - Hosts: 69.50.188.82 hotbot.com
O1 - Hosts: 69.50.188.82 www.hotbot.com
O1 - Hosts: 69.50.188.82 lycos.com
O1 - Hosts: 69.50.188.82 www.lycos.com
O1 - Hosts: 69.50.188.82 dmoz.org
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\letsroll.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe
O4 - HKLM\..\Run: [Sonnettiebio] WinUpdate.exe
O4 - HKLM\..\Run: [HUdmjm3] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [HUdm"igY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [K04W
}z[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [K0@]"iC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [HUdmjm"igY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [K0]"igC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzwj32.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Rlos] C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
O15 - Trusted IP range: (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1024_EN_XP.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a></a>toolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3680
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/partner/mcbeat/MY-PLAYLIST-WEBINSTALLER_loader.exe
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAccess/exe/access_special.ocx
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx

O23 - Service: AntiVir Update - H+<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">BED</a></a></a></a>V Datentechnik GmbH, Germany - C:\Programme\Anti-Vir\AVWUPSRV.EXE
O23 - Service: TrueVector <a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a></a> Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PC neustarten

Deinstalliere Antivirus und Zonealarm-->sind verseucht

#Hoster-Tool : http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.

#eScan-Trial
http://www.mwti.net/antivirus/escan/escandl_antivirus.asp (15-Tage- trial-Freeversion)

KillBox
http://www.bleepingcomputer.com/files/killbox.php
<Delete File on Reboot
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
C:\RECYCLER\Desktop.ini
C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
C:\windows\system32\taskmgn.exe
C:\WINDOWS\System32\letsroll.exe
C:\WINDOWS\System32\securer\syshost.exe
C:\windows\system32\WinUpdate.exe
C:\WINDOWS\qqbdy.exe
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\WINDOWS\qqbdy.exe
C:\Programme\ISTsvc\istsvc.exe
C:/WINDOWS/Downloaded Program Files/v3.dll
C:\windows\system32\kalvzwj32.exe
C:\WINDOWS\hhnt.exe

<gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml

Loeschen temporaere Dateien --> loesche die Dateien in den Ordnern, nicht die ordner selbst
C:\WINDOWS\Temp\
C:\Temp\
C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\
C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat)

klicke auf: awn2k3e.exe (Escan)

gehe wieder in den Normalmodus

#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm lscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporre Internetfiles (Cache)
- die eingetragenen URLs


Adware.Istbar Removal Tool
The tool can be found here:
securityresponse.symantec.com/avcenter/FxIstbar.exe
http://www.chip.de/forum/thread.html?bwthreadid=762276

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
laden-->scannen-->PC neustarten--> noch mal scannen--> poste das Log

#Search&Destroy
http://www.safer-networking.org/de/download/index.html
Spybot - Search && Destroy process list report,-->bitte abkopieren und posten

#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporre Internetdateien klickst du Dateien lschen --> auch bei Alle Offlineinhalte lschen das Hkchen setzen und mit OK besttigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurcksetzen klicken, mit Ja besttigen, fall Nachfrage kommt --> auf bernehmen und abschlieend auf OK klicken und stelle eine neue Startseite ein

+ das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 23.01.2005 um 22:56 Uhr von Sabina editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »