IE öffnet sich automatisch |
||
---|---|---|
#0
| ||
09.11.2005, 13:20
...neu hier
Beiträge: 2 |
||
|
||
09.11.2005, 15:02
Ehrenmitglied
Beiträge: 29434 |
#2
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [updater] C:\Programme\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [5GEh] C:\WINDOWS\uubgcghs.exe O4 - HKLM\..\Run: [5GEh$vùõš/‚²‘ÆßfÏNC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\uubgcghs.exe O4 - HKLM\..\Run: [5GEh$ÂÆõö/ØF%)ßfÏNC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\uubgcghs.exe O4 - HKLM\..\Run: [MGA_CD_Install] F:\mgasetup.exe /No_Welcome /Langeutsch O4 - HKLM\..\Run: [5GEh$ÂÆßfÏNbѾõñ C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\uubgcghs.exe O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe PC neustarten wende CleanUp an http://virus-protect.org/cleanup.html Entfernungstool: FxIstbar.exe http://virus-protect.org/spyware2.html#Trojan-Downloader.Win32.IstBar poste die 4 Logs http://virus-protect.org/datfindbat.html poste das Log (nur von Option 1) http://virus-protect.org/l2mfix.html dann sehen wir weiter __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2005, 15:57
...neu hier
Themenstarter Beiträge: 2 |
#3
1. LOG
Datentr„ger in Laufwerk C: ist WK_2 Volumeseriennummer: 081D-443E Verzeichnis von C:\WINDOWS\system32 09.11.2005 12:25 235.058 wti.dll 09.11.2005 12:25 236.779 en2sl1f71.dll 09.11.2005 09:50 24.888 BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000002-80641102}.rfx 09.11.2005 09:50 24.888 BMXCtrlState-{00000001-00000000-00000001-00001102-00000002-80641102}.rfx 09.11.2005 09:50 16.420 BMXStateBkp-{00000001-00000000-00000001-00001102-00000002-80641102}.rfx 09.11.2005 09:50 16.420 BMXState-{00000001-00000000-00000001-00001102-00000002-80641102}.rfx 09.11.2005 09:50 1.080 settingsbkup.sfm 09.11.2005 09:50 1.080 settings.sfm 09.11.2005 09:50 24 DVCStateBkp-{00000001-00000000-00000001-00001102-00000002-80641102}.dat 09.11.2005 09:50 24 DVCState-{00000001-00000000-00000001-00001102-00000002-80641102}.dat 09.11.2005 09:23 235.058 ennul1591.dll 09.11.2005 08:24 13.002 wpa.dbl 02.11.2005 11:42 1.015 img103sql5.bin 02.11.2005 08:23 236.760 FNTCACHE.DAT 31.10.2005 13:20 687.592 atmtd.dll._ 31.10.2005 13:20 687.592 atmtd.dll 31.10.2005 08:25 383.254 perfh009.dat 31.10.2005 08:25 53.608 perfc009.dat 31.10.2005 08:25 394.500 perfh007.dat 31.10.2005 08:25 64.598 perfc007.dat 31.10.2005 08:25 906.552 PerfStringBackup.INI 05.10.2005 03:09 2.301.792 MRT.exe 04.10.2005 16:26 3.013.120 mshtml.dll 29.09.2005 14:38 3.082 affv9553p4now.sys 23.09.2005 04:06 8.491.520 shell32.dll 10.09.2005 02:54 2.067.968 cdosys.dll 03.09.2005 00:53 664.064 wininet.dll 03.09.2005 00:53 474.112 shlwapi.dll 03.09.2005 00:53 605.696 urlmon.dll 03.09.2005 00:53 1.484.288 shdocvw.dll 03.09.2005 00:53 251.392 iepeers.dll 03.09.2005 00:53 96.768 inseng.dll 03.09.2005 00:53 530.432 mstime.dll 09.11.2004 14:45 84.992 atl70.dll 04.11.2004 13:47 0 h323log.txt 04.11.2004 12:55 2.951 CONFIG.NT 29.10.2004 16:50 172.032 nvudisp.exe 28.10.2004 02:23 729.600 lsasrv.dll 26.10.2004 23:39 3.375.104 qt-mt331.dll |
|
|
||
09.11.2005, 16:50
Ehrenmitglied
Beiträge: 29434 |
#4
je je, ich will nicht sie Daten von 2001 sehen, dafuer aber die anderen drei Logs (schau noch mal auf meiner Seite...wie das funktioniert )
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
hir is mal der
HjackThis log
Logfile of HijackThis v1.99.1
Scan saved at 13:14:19, on 09.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\mgabg.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCTVRemote] C:\Programme\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [updater] C:\Programme\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [5GEh] C:\WINDOWS\uubgcghs.exe
O4 - HKLM\..\Run: [5GEh$vùõš/‚²‘ÆßfÏNC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\uubgcghs.exe
O4 - HKLM\..\Run: [5GEh$ÂÆõö/ØF%)ßfÏNC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\uubgcghs.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [MGA_CD_Install] F:\mgasetup.exe /No_Welcome /Lang:Deutsch
O4 - HKLM\..\Run: [5GEh$ÂÆßfÏNbѾõñ
C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\uubgcghs.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\PCTV Stereo\ERegister\RegTool.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099570223090
O17 - HKLM\System\CCS\Services\Tcpip\..\{39EE0173-DBD9-4FDF-BBA9-6E9C934F553A}: NameServer = 209.47.15.118,64.157.143.38,195.34.133.10,195.34.133.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6966590E-CE82-4EC5-9AAA-0BDAB8A88599}: NameServer = 195.34.133.10,195.34.133.11
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\ennul1591.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWRtaW5pc3RyYXRvcgAA\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
Ich danke euch um eure hilfe...
Mfg
Steff