hijackthis

von **ferro** am 29.06.2004, 00:21

Hallo @ all

ich habe mir vor kurzem hijackthis runtergeladen und es scannen lassen, nun weiss ich nicht, was ich da löschen soll oder nicht
ich würde dankbar, wenn mir jemand helfen könnte

Logfile of HijackThis v1.97.7
Scan saved at 23:40:09, on 28.06.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sysmtd32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hpsysmon.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\ejay\St2_Demo\Station2\MP3Station2.exe
C:\ejay\St2_Demo\Station2\technik.exe
C:\ejay\St2_Demo\Station2\technik2.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\raxslf.exe
C:\Dokumente und Einstellungen\ferhat\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsearching.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.portalsearching.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portalsearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.portalsearching.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.portalsearching.com/search.php?phrase=%s
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [T-DSL SpeedMgr] C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
O4 - HKLM\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccess
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\System32\sysmtd32.exe
O4 - HKLM\..\Run: [HP System Monitor] hpsysmon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\raxslf.exe
O4 - HKLM\..\RunServices: [HP System Monitor] hpsysmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccess
O4 - HKCU\..\Run: [HP System Monitor] hpsysmon.exe
O4 - HKLM\..\RunOnce: [T-DSL SpeedMgr] grpconv /o
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: freenetiPhone Autostart.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Locators.com Search Bar (HKLM)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar (HKLM)
O9 - Extra button: XM2002® (HKLM)
O9 - Extra 'Tools' menuitem: &XM2002® (HKLM)
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} (preload control) - http://www.thepaymentcentre.com/build/preload2.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/I ... _FR_XP.cab
O16 - DPF: {103DFAE7-50CC-41FC-9D57-1A4BCA0DFD87} (Upload Control) - https://img.web.de/v/mail/mms/activex/m ... d_1104.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwe ... .0.0.5.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/D ... ack_XP.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://17.sharedsource.org/html/UDConn_5.2.1.0.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/ ... mv9VCM.CAB
O16 - DPF: {3C3B0B97-3DD5-479B-9777-59307B22C34A} (Start.UserControl1) - http://wm.xxx-adultportal.com/loader/JamLoad.CAB
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {6AA93DF6-6757-4338-9087-F7601DE18402} - http://akamai.downloadv3.com/binaries/D ... 040_XP.cab
O16 - DPF: {7EB2A76C-97AE-4CF3-9C6A-EA0F61F137E1} - http://www.sexxx-direct.com/psfiles/Updater.exe
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {91413D86-9F27-402C-B5E3-DEBDD122C339} - http://content.netvenda.com/sites/games ... games5.cab
O16 - DPF: {AA14C86B-DA22-4811-8186-BB496A299C5F} (Be Here TotalView Player ActiveX Control, Version 3.0) - http://www.hannover360.de/iVideoViewer3_0.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {D6862A22-1DD6-11D3-BB7C-444553540000} - http://www.sexxx-direct.com/BHO.CAB
O16 - DPF: {D7B59209-0ED9-4986-BD4A-527BE836C6B2} - http://akamai.downloadv3.com/binaries/D ... 042_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5B226F4-C5D9-4804-98B2-B1B8ACB1841E}: NameServer = 217.237.149.161 194.25.2.129

Danke voraus

von **Nikita** am 29.06.2004, 11:38

fixe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsearching.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.portalsearching.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.portalsearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.portalsearching.com/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.portalsearching.com/search.php?phrase=%s
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\System32\sysmtd32.exe
O4 - HKLM\..\Run: [HP System Monitor] hpsysmon.exe
O4 - HKLM\..\RunServices: [HP System Monitor] hpsysmon.exe
O4 - HKCU\..\Run: [HP System Monitor] hpsysmon.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\raxslf.exe
O15 - Trusted Zone: http://ad.searchsquire.com
O15 - Trusted Zone: http://search.searchsquire.com
O15 - Trusted Zone: http://update.searchsquire.com
O15 - Trusted Zone: http://www.searchsquire.com

O16 - DPF: {7EB2A76C-97AE-4CF3-9C6A-EA0F61F137E1} - http://www.sexxx-direct.com/psfiles/Updater.exe
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://www.pussyharem.com/stream/mmp.cab
O16 - DPF: {D6862A22-1DD6-11D3-BB7C-444553540000} - http://www.sexxx-direct.com/BHO.CAB

neustarten

#deinstalliere den Antivr...installiere neu und sieh, dass nach dem Scannen der Antivirus im Autostart unter 04 erscheint.
#Lade Antivir.
http://www.free-av.de/
..............................................................................................

boote und gehe in den abgesicherten Modus...F8 druecken
stelle ein \alle Dateien scannen\ und mache einen Vollscann

neustarten

...............................................................................................

#lade escan ...meav.exe ...30 Tage free
scanne \alle Dateien\..poste, was der Scanner gefunden, aber nicht geloescht hat
http://www.mwti.net/antivirus/free_utilities.asp

#Lade AdAware free...udate und scanne
http://www.lavasoft.de/

#Loesche unter InternetOptionen die TemporaryInternetFiles und stelle eine neue Startseite ein.

#Lade SpywareGuard..aktiviere
http://www.javacoolsoftware.com/sgdownload.html

#Lade Cwhredder
http://www.spywareinfo.com/~merijn/downloads.html

Poste das Log noch einmal.

MfG
Nikita

hijackthis

hijackthis

Ähnliche Themen

Wer ist online?