Startseite ändert sich immer um (www.buldog-search.com)

21.01.2005, 20:09

slash15

...neu hier

Beiträge: 1

#1 also Schei... erstmal. Kenn mich zwar null aus aber ich habe (da ich andere Pins schon durchgelesen habe) festgestellt dass ich hijackthis installieren muss. Bin auch wieder auf irgendwelche sides geraten wo ich nicht rein wollte...auf jeden fall hier meine Logfile. Danke schon mal im Vorraus...

Logfile of HijackThis v1.99.0
Scan saved at 20:00:10, on 21.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ZoneAlarm\zlclient.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\Programme\Labtec\Wireless Mouse\MulMouse.exe
C:\Programme\Anti-Vir\AVWUPSRV.EXE
C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\System32\SLEE503.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\hhnt.exe
C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
C:\Programme\Diablo LOD\Game.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Andi\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = F***' Rock Out
O1 - Hosts: 69.50.188.82 google.com
O1 - Hosts: 69.50.188.82 altavista.com
O1 - Hosts: 69.50.188.82 www.altavista.com
O1 - Hosts: 69.50.188.82 msn.com
O1 - Hosts: 69.50.188.82 www.msn.com
O1 - Hosts: 69.50.188.82 search.msn.com
O1 - Hosts: 69.50.188.82 search.yahoo.com
O1 - Hosts: 69.50.188.82 yahoo.com
O1 - Hosts: 69.50.188.82 www.yahoo.com
O1 - Hosts: 69.50.188.82 search.aol.com
O1 - Hosts: 69.50.188.82 askjeeves.com
O1 - Hosts: 69.50.188.82 www.askjeeves.com
O1 - Hosts: 69.50.188.82 www.directhit.com
O1 - Hosts: 69.50.188.82 directhit.com
O1 - Hosts: 69.50.188.82 www.excite.com
O1 - Hosts: 69.50.188.82 excite.com
O1 - Hosts: 69.50.188.82 alltheweb.com
O1 - Hosts: 69.50.188.82 www.alltheweb.com
O1 - Hosts: 69.50.188.82 go.com
O1 - Hosts: 69.50.188.82 www.go.com
O1 - Hosts: 69.50.188.82 goto.com
O1 - Hosts: 69.50.188.82 www.goto.com
O1 - Hosts: 69.50.188.82 hotbot.com
O1 - Hosts: 69.50.188.82 www.hotbot.com
O1 - Hosts: 69.50.188.82 lycos.com
O1 - Hosts: 69.50.188.82 www.lycos.com
O1 - Hosts: 69.50.188.82 dmoz.org
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O4 - HKLM\..\Run: [soundmanager] soundman.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\letsroll.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe
O4 - HKLM\..\Run: [Sonnettiebio] WinUpdate.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HUdmjm3] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [HUdmú"ü‰üžigÝY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0¨4W
}ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [HUdmjmú"ü‰üžigÝY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzwj32.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Rlos] C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
O4 - Global Startup: Labtec Maus Software 2.0.lnk = C:\Programme\Labtec\Wireless Mouse\MulMouse.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar3.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: MedionShop - {811DDDB7-933B-4717-8A6B-4F86A67E0F9F} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de
O15 - Trusted IP range: (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1024_EN_XP.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a></a>toolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3680
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/partner/mcbeat/MY-PLAYLIST-WEBINSTALLER_loader.exe
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAccess/exe/access_special.ocx
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{6342E316-501D-44C9-9BCE-6D9C40D93C63}: NameServer = 217.237.151.97 217.237.150.33
O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Update - H+<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">BED</a></a></a></a>V Datentechnik GmbH, Germany - C:\Programme\Anti-Vir\AVWUPSRV.EXE
O23 - Service: RvscomSv - Living Byte Software GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer - Living Byte Software GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] - Unknown - C:\WINDOWS\System32\SLEE503.exe
O23 - Service: TrueVector <a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a></a> Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Dieser Beitrag wurde am 21.01.2005 um 20:53 Uhr von slash15 editiert.

23.01.2005, 22:33

Sabina

Ehrenmitglied

Beiträge: 29434

#2 Hallo@slash15

Start<Ausfuehren<regedit

die Registry oeffnet sich:
suche folgende Schluessel:

<HKEY_CURRENT_USER\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
loesche:
v3cab

<HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\
loesche:
C:/WINDOWS/Downloaded Program Files/v3.dll

<HKEY_LOCAL_MACHINE\SOFTWARE\
loesche:
backup\EliteToolBar

<HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
loesche:
{28CAEFF3-0F18-4036-B504-51D73BD81ABC}

<HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
loesche:
{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

<HKEY_LOCAL_MACHINE\SOFTWARE\
loesche:
Elitum\EliteToolBar

Bearbeiten--suchen-->
kopiere rein und loesche alles, was du findest:
HUdmjmú"ü‰üžigÝY
¢‰¸K0ÔÁß]§ú"ü‰üžigÝ
qqbdy.exe
istsvc.exe
IST Service

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O1 - Hosts: 69.50.188.82 google.com
O1 - Hosts: 69.50.188.82 altavista.com
O1 - Hosts: 69.50.188.82 www.altavista.com
O1 - Hosts: 69.50.188.82 msn.com
O1 - Hosts: 69.50.188.82 www.msn.com
O1 - Hosts: 69.50.188.82 search.msn.com
O1 - Hosts: 69.50.188.82 search.yahoo.com
O1 - Hosts: 69.50.188.82 yahoo.com
O1 - Hosts: 69.50.188.82 www.yahoo.com
O1 - Hosts: 69.50.188.82 search.aol.com
O1 - Hosts: 69.50.188.82 askjeeves.com
O1 - Hosts: 69.50.188.82 www.askjeeves.com
O1 - Hosts: 69.50.188.82 www.directhit.com
O1 - Hosts: 69.50.188.82 directhit.com
O1 - Hosts: 69.50.188.82 www.excite.com
O1 - Hosts: 69.50.188.82 excite.com
O1 - Hosts: 69.50.188.82 alltheweb.com
O1 - Hosts: 69.50.188.82 www.alltheweb.com
O1 - Hosts: 69.50.188.82 go.com
O1 - Hosts: 69.50.188.82 www.go.com
O1 - Hosts: 69.50.188.82 goto.com
O1 - Hosts: 69.50.188.82 www.goto.com
O1 - Hosts: 69.50.188.82 hotbot.com
O1 - Hosts: 69.50.188.82 www.hotbot.com
O1 - Hosts: 69.50.188.82 lycos.com
O1 - Hosts: 69.50.188.82 www.lycos.com
O1 - Hosts: 69.50.188.82 dmoz.org
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\letsroll.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [securer] C:\WINDOWS\System32\securer\syshost.exe
O4 - HKLM\..\Run: [Sonnettiebio] WinUpdate.exe
O4 - HKLM\..\Run: [HUdmjm3] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [HUdmú"ü‰üžigÝY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0¨4W
}ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0Ô@ÔÁß]§ú"ü‰üžiC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [HUdmjmú"ü‰üžigÝY] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [¢‰¸K0ÔÁß]§ú"ü‰üžigÝC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\qqbdy.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzwj32.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O4 - HKCU\..\Run: [Rlos] C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
O15 - Trusted IP range: (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1024_EN_XP.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=xxx">xxx</a></a></a></a>toolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3680
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://www.popfile.de/myplaylist/pc/partner/mcbeat/MY-PLAYLIST-WEBINSTALLER_loader.exe
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAccess/exe/access_special.ocx
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx

O23 - Service: AntiVir Update - H+<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">Bed</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Bed">BED</a></a></a></a>V Datentechnik GmbH, Germany - C:\Programme\Anti-Vir\AVWUPSRV.EXE
O23 - Service: TrueVector <a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=<a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a>"><a target="_blank" href="http://searchmiracle.com/text/search.php?qq=Internet">Internet</a></a></a></a> Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PC neustarten

Deinstalliere Antivirus und Zonealarm-->sind verseucht

#Hoster-Tool : http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.

#eScan-Trial
http://www.mwti.net/antivirus/escan/escandl_antivirus.asp (15-Tage- trial-Freeversion)

KillBox
http://www.bleepingcomputer.com/files/killbox.php
<Delete File on Reboot
und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\estr.exe
C:\RECYCLER\Desktop.ini
C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
C:\windows\system32\taskmgn.exe
C:\WINDOWS\System32\letsroll.exe
C:\WINDOWS\System32\securer\syshost.exe
C:\windows\system32\WinUpdate.exe
C:\WINDOWS\qqbdy.exe
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\WINDOWS\qqbdy.exe
C:\Programme\ISTsvc\istsvc.exe
C:/WINDOWS/Downloaded Program Files/v3.dll
C:\windows\system32\kalvzwj32.exe
C:\WINDOWS\hhnt.exe

<gehe in den abgesicherten Modus
http://www.tu-berlin.de/www/software/virus/savemode.shtml

Loeschen temporaere Dateien --> loesche die Dateien in den Ordnern, nicht die ordner selbst
C:\WINDOWS\Temp\
C:\Temp\
C:\Dokumente und Einstellungen\username\Lokale Einstellungen\Temp\
C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5 [loesche nicht die index.dat)

klicke auf: awn2k3e.exe (Escan)

gehe wieder in den Normalmodus

#ClaerProg..lade die neuste Version <1.4.0 Final
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
- die eingetragenen URLs

Adware.Istbar Removal Tool
The tool can be found here:
securityresponse.symantec.com/avcenter/FxIstbar.exe
http://www.chip.de/forum/thread.html?bwthreadid=762276

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
laden-->scannen-->PC neustarten--> noch mal scannen--> poste das Log

#Search&Destroy
http://www.safer-networking.org/de/download/index.html
Spybot - Search && Destroy process list report,-->bitte abkopieren und posten

#TuneUp2004 (30 Tage free)
http://www.tuneup.de/products/tuneup-utilities/
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

+ das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 23.01.2005 um 22:56 Uhr von Sabina editiert.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1