Wieder mal die explorer.exe HIJACKTHIS

Status
Für weitere Antworten geschlossen.
J

japanese-toy

Guest
Moin User,

auch bei mir eine CPU Auslastung von bis 99 %, Explorer.exe.

Hier der Logfile von HIJACKTHIS:

Logfile of HijackThis v1.98.2
Scan saved at 20:07:26, on 25.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:programmeSygateSPFsmc.exe
C:WINDOWSsystem32spoolsv.exe
C:programmeGemeinsame DateienSymantec SharedccSetMgr.exe
C:programmeNorton AntiVirusnavapsvc.exe
C:programmeNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSsystem32nvsvc32.exe
C:programmeNorton AntiVirusSAVScan.exe
C:WINDOWSSystem32svchost.exe
C:programmeGemeinsame DateienSymantec SharedccEvtMgr.exe
C:programmeGemeinsame DateienSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSsystem32RunDll32.exe
C:programmeGemeinsame DateienSymantec SharedccApp.exe
C:WINDOWSsystem32RUNDLL32.EXE
D:programmePopup Ad FilterPopFilter.exe
C:WINDOWSsystem32wscntfy.exe
C:programmeSpywareGuardsgmain.exe
C:programmeSpywareGuardsgbhp.exe
C:programmeInternet Exploreriexplore.exe
C:WINDOWSsystem32taskmgr.exe
C:WINDOWSexplorer.exe
D:HijackThis.exe
C:programmeMessengermsmsgs.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
Please, Anmelden or Registrieren to view URLs content!

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
Please, Anmelden or Registrieren to view URLs content!

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
Please, Anmelden or Registrieren to view URLs content!

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSPCHealthHelpCtrSystempanelsblank.htm
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak =
Please, Anmelden or Registrieren to view URLs content!

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:WINDOWSlocalNRD.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:programmeYahoo!CompanionInstallscpnycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:programmeAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:programmeSpywareGuarddlprotect.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:WINDOWSwsem301.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:programmeNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:programmeNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:programmeYahoo!CompanionInstallscpnycomp5_3_12_0.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [ccApp] "C:programmeGemeinsame DateienSymantec SharedccApp.exe"
O4 - HKLM..Run: [Advanced Tools Check] C:pROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 - HKLM..Run: [SmcService] C:pROGRA~1SygateSPFsmc.exe -startgui
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [LogitechVideoRepair] C:programmeLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:programmeLogitechVideoLogiTray.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKCU..Run: [Popup Ad Filter] D:programmePopup Ad FilterPopFilter.exe
O4 - Startup: SpywareGuard.lnk = C:programmeSpywareGuardsgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:programmeMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: Allow Popups - D:programmePopup Ad FilterWhiteGetUrl.js
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:pROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: concept/design's onlineTV - {541830BD-DDCA-4725-B14F-A845BB5D0812} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:programmeMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:programmeMessengermsmsgs.exe
O12 - Plugin for .spop: C:programmeInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: Yahoo! Hearts -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: Yahoo! Pool 2 -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) -
Please, Anmelden or Registrieren to view URLs content!

O17 - HKLMSystemCCSServicesTcpip..{5F8B00C6-6D62-4644-92D9-08F2A9623C8E}: NameServer = 194.97.173.124 194.97.173.125

Dank und Gruß
Andreas

 
A

anonymum2

Guest
Re: Wieder mal die explorer.exe HIJACKTHIS

Hallo japanese-toy
Diese fixen und neuen Log posten
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
Please, Anmelden or Registrieren to view URLs content!
00834
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

Gruss rolfpower

 
C

chris7ian

Guest
Re: Wieder mal die explorer.exe HIJACKTHIS

folgende einträge wären zu fixen (beim fixen wenns geht Internet trennen, ansonsten alles was mit dem internet verbunden ist (ausgenommen schutzsoftware) beenden)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Please, Anmelden or Registrieren to view URLs content!

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
Please, Anmelden or Registrieren to view URLs content!
00834
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem301.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: concept/design's onlineTV - {541830BD-DDCA-4725-B14F-A845BB5D0812} - (no file)
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) -
Please, Anmelden or Registrieren to view URLs content!


danach bitte adaware, CWshredder, Spybot und Regsupreme durchlaufen lassen. In dieser Reihenfolge, HINTEREINANDER, und OHNE Internet!

Nach Regsupreme bitte neustart, und nen neuen Log posten.

lg

christian

 
J

japanese-toy

Guest
Re: Wieder mal die explorer.exe HIJACKTHIS

Moin Jungs,

erstmal vielen Dank für die wirklich schnelle Reaktion.

Anbei die neue Logfile:

Logfile of HijackThis v1.98.2
Scan saved at 23:10:27, on 25.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Popup Ad Filter\PopFilter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\SpywareGuard\sgmain.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Please, Anmelden or Registrieren to view URLs content!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
Please, Anmelden or Registrieren to view URLs content!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Popup Ad Filter] D:\Programme\Popup Ad Filter\PopFilter.exe
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Allow Popups - D:\Programme\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Hearts -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: Yahoo! Pool 2 -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) -
Please, Anmelden or Registrieren to view URLs content!


Dank und erneuten Gruß
Andreas

 
C

chris7ian

Guest
Re: Wieder mal die explorer.exe HIJACKTHIS

log ist jezt sauber

lg

christian

 
J

japanese-toy

Guest
Re: Wieder mal die explorer.exe HIJACKTHIS

1f44d.png
DANKE
263a.png


Gruß
Andreas

 
J

japanese-toy

Guest
Re: Wieder mal die explorer.exe HIJACKTHIS

Hallo Jungs,
was für eine zeitlang gut aussah, hat sich jetzt wieder zum Negativen entwickelt:

--------------------> es ist schon wieder das gleiche Problem aufgetreten.

Ich dneke dass ich um eine Formatierung nicht rumkomme, oder??????

So, erneut die Logfile:
Logfile of HijackThis v1.98.2
Scan saved at 11:44:45, on 26.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Popup Ad Filter\PopFilter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\SpywareGuard\sgmain.exe
C:\Programme\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
D:\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Please, Anmelden or Registrieren to view URLs content!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
Please, Anmelden or Registrieren to view URLs content!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Popup Ad Filter] D:\Programme\Popup Ad Filter\PopFilter.exe
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Allow Popups - D:\Programme\Popup Ad Filter\WhiteGetUrl.js
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Hearts -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: Yahoo! Pool 2 -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) -
Please, Anmelden or Registrieren to view URLs content!

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F8B00C6-6D62-4644-92D9-08F2A9623C8E}: NameServer = 194.97.173.125 194.97.173.124

Und ein Image:
explorer-exe.jpg


 
C

chris7ian

Guest
Re: Wieder mal die explorer.exe HIJACKTHIS

folgende einträge wären zu fixen (beim fixen wenns geht Internet trennen, ansonsten alles was mit dem internet verbunden ist (ausgenommen schutzsoftware) beenden)

O8 - Extra context menu item: Allow Popups - D:\Programme\Popup Ad Filter\WhiteGetUrl.js

danach bitte adaware, CWshredder, Spybot und Regsupreme durchlaufen lassen. In dieser Reihenfolge, HINTEREINANDER, und OHNE Internet!

Nach Regsupreme bitte neustart, und nen neuen Log posten.

zu downloaden hir -->
Please, Anmelden or Registrieren to view URLs content!


lg

christian

 
J

japanese-toy

Guest
Re: Wieder mal die explorer.exe HIJACKTHIS

Hallo CHRIS,

auf ein Neues:

Logfile of HijackThis v1.98.2
Scan saved at 15:14:19, on 26.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Popup Ad Filter\PopFilter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\SpywareGuard\sgmain.exe
C:\Programme\SpywareGuard\sgbhp.exe
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Please, Anmelden or Registrieren to view URLs content!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
Please, Anmelden or Registrieren to view URLs content!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programme\SpywareGuard\dlprotect.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Popup Ad Filter] D:\Programme\Popup Ad Filter\PopFilter.exe
O4 - Startup: SpywareGuard.lnk = C:\Programme\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Hearts -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: Yahoo! Pool 2 -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
Please, Anmelden or Registrieren to view URLs content!

O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) -
Please, Anmelden or Registrieren to view URLs content!


Gruß
Andreas

 
Status
Für weitere Antworten geschlossen.

Windows Forum

Willkommen im Windows Forum – deine Anlaufstelle für alle Fragen, Diskussionen und Tipps rund um Windows! Tausche dich mit der Community aus, finde Lösungen für technische Probleme, entdecke hilfreiche Anleitungen und teile dein Wissen. Egal, ob Windows 10, Windows 11 oder ältere Versionen

Neueste Beiträge

Partner

Online-Statistiken

Zurzeit aktive Mitglieder
0
Zurzeit aktive Gäste
40
Besucher gesamt
40
Die Summen können auch versteckte Besucher enthalten.
Oben