D
domad
Guest
Ich hätte gern mal gewusst, ob das System befallen ist. Mir kommen da einige Dateien sehr "spanisch" vor und kann damit nix anfangen ...
Hier ein log von Hijackthis:
Logfile of HijackThis v1.98.2
Scan saved at 11:34:49, on 18.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C
rogrammeAVPersonalAVGUARD.EXE
CrogrammeAVPersonalAVWUPSRV.EXE
CrogrammeAVPersonalAVGNT.EXE
CrogrammeMessenger Plus! 3MsgPlus.exe
C:WINDOWSsystem32wscntfy.exe
D:Mircmirc.exe
CrogrammeWinRARWinRAR.exe
COKUME~1domadLOKALE~1TempRar$EX00.750HijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = h**p://best-search.cc/search.php?v=6&aff=6182156
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = h**p://best-search.cc/index.php?v=6&aff=6182156
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = h**p://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = iexplore
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CrogrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O4 - HKLM..Run: [AVGCtrl] CrogrammeAVPersonalAVGNT.EXE /min
O4 - HKLM..Run: [MessengerPlus3] "CrogrammeMessenger Plus! 3MsgPlus.exe"
O4 - HKLM..Run: [Windows SSL File] winssv.exe
O4 - HKLM..Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..RunServices: [Starting up] wvsvc.exe
O4 - HKLM..RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM..RunServices: [Windows media service] crsss.exe
O4 - HKLM..RunServices: [OEM Tools 32] tres32.exe
O4 - HKLM..RunServices: [Auto updat] crsrs.exe
O4 - HKLM..RunServices: [Windows SSL File] winssv.exe
O4 - HKLM..RunServices: [Window Monitor] winmon32.exe
O4 - HKLM..RunServices: [MSVsm] rpcxcntrx.exe
O4 - HKLM..RunServices: [Win32 USB Driver] mvsecn.exe
O4 - HKLM..RunServices: [MSChoExE] suge.exe
O4 - HKLM..RunServices: [Windows Updates] winupdate.exe
O4 - HKLM..RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM..RunServices: [Microsoft Windows Secure Update] rpcxwinupdt.exe
O4 - HKLM..RunOnce: [Windows SSL File] winssv.exe
O4 - HKLM..RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..Run: [Windows SSL File] winssv.exe
O4 - HKCU..Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..RunServices: [Window Monitor] winmon32.exe
O4 - HKCU..RunOnce: [Windows SSL File] winssv.exe
O4 - HKCU..RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..RunOnce: [ICQ Lite] CrogrammeICQLiteICQLite.exe -trayboot
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - ***://CROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - CrogrammeICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - CrogrammeICQLiteICQLite.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:foo.mht!
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097403226703
O17 - HKLMSystemCCSServicesTcpip..{3CDF1578-26EA-40C0-8458-84B3E4871ECC}: NameServer = 217.237.149.225 217.237.151.97
zb. das suge. exe?
Kann das mal jem. checken und mir dann bescheid geben?
Wäre echt lieb.
danke domad
Hier ein log von Hijackthis:
Logfile of HijackThis v1.98.2
Scan saved at 11:34:49, on 18.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C
rogrammeAVPersonalAVGUARD.EXEC
rogrammeAVPersonalAVWUPSRV.EXEC
rogrammeAVPersonalAVGNT.EXEC
rogrammeMessenger Plus! 3MsgPlus.exeC:WINDOWSsystem32wscntfy.exe
D:Mircmirc.exe
C
rogrammeWinRARWinRAR.exeC
OKUME~1domadLOKALE~1TempRar$EX00.750HijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = h**p://best-search.cc/search.php?v=6&aff=6182156
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = h**p://best-search.cc/index.php?v=6&aff=6182156
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = h**p://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = iexplore
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C
rogrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dllO4 - HKLM..Run: [AVGCtrl] C
rogrammeAVPersonalAVGNT.EXE /minO4 - HKLM..Run: [MessengerPlus3] "C
rogrammeMessenger Plus! 3MsgPlus.exe"O4 - HKLM..Run: [Windows SSL File] winssv.exe
O4 - HKLM..Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..RunServices: [Starting up] wvsvc.exe
O4 - HKLM..RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM..RunServices: [Windows media service] crsss.exe
O4 - HKLM..RunServices: [OEM Tools 32] tres32.exe
O4 - HKLM..RunServices: [Auto updat] crsrs.exe
O4 - HKLM..RunServices: [Windows SSL File] winssv.exe
O4 - HKLM..RunServices: [Window Monitor] winmon32.exe
O4 - HKLM..RunServices: [MSVsm] rpcxcntrx.exe
O4 - HKLM..RunServices: [Win32 USB Driver] mvsecn.exe
O4 - HKLM..RunServices: [MSChoExE] suge.exe
O4 - HKLM..RunServices: [Windows Updates] winupdate.exe
O4 - HKLM..RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM..RunServices: [Microsoft Windows Secure Update] rpcxwinupdt.exe
O4 - HKLM..RunOnce: [Windows SSL File] winssv.exe
O4 - HKLM..RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..Run: [Windows SSL File] winssv.exe
O4 - HKCU..Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..RunServices: [Window Monitor] winmon32.exe
O4 - HKCU..RunOnce: [Windows SSL File] winssv.exe
O4 - HKCU..RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..RunOnce: [ICQ Lite] C
rogrammeICQLiteICQLite.exe -traybootO8 - Extra context menu item: Nach Microsoft &Excel exportieren - ***://C
ROGRA~1MICROS~2Office10EXCEL.EXE/3000O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C
rogrammeICQLiteICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C
rogrammeICQLiteICQLite.exeO16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:foo.mht!
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097403226703
O17 - HKLMSystemCCSServicesTcpip..{3CDF1578-26EA-40C0-8458-84B3E4871ECC}: NameServer = 217.237.149.225 217.237.151.97
zb. das suge. exe?
Kann das mal jem. checken und mir dann bescheid geben?
Wäre echt lieb.
danke domad
