R
Rupp
Guest
Hi Anni! Hab deine rettung von beteigeuze! Der das Prop. mit dem Worm/Rbot ?? hatte, war begeistert von deiner hilfe
, hab da irgendwie die gleichen symptome! Kannst dir BITTE mal mein LogFile von HiJackthis ansehn und einfach mal durchseh und mir dann eine kurze antwort geben?!?!? Wär super net!
Logfile of HijackThis v1.98.2
Scan saved at 22:27:50, on 18.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C
rogrammeAVPersonalAVGUARD.EXE
C
rogrammeATI TechnologiesATI Control Panelatiptaxx.exe
C
rogrammeAVPersonalAVWUPSRV.EXE
C:WINDOWSSOUNDMAN.EXE
C
rogrammeMSILive Update 3LMonitor.exe
C
rogrammeAVPersonalAVGNT.EXE
C
rogrammeMSN MessengerMsnMsgr.Exe
C
rogrammeWinAceWinAce.exe
C
OKUME~1KundeLOKALE~1Temp~AceTemphijackthis1982HijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
O1 - Hosts: 127.159.97.155
O1 - Hosts: 127.235.39.31 securityresponse.symantec.com
O1 - Hosts: 127.133.244.184 symantec.com
O1 - Hosts: 127.114.89.120
O1 - Hosts: 127.139.141.35 mcafee.com
O1 - Hosts: 127.170.114.208 us.mcafee.com
O1 - Hosts: 127.245.59.89
O1 - Hosts: 127.192.131.20 sophos.com
O1 - Hosts: 127.119.215.152
O1 - Hosts: 127.12.66.108 viruslist.com
O1 - Hosts: 127.173.178.124 f-secure.com
O1 - Hosts: 127.12.49.88
O1 - Hosts: 127.54.181.118 kaspersky.com
O1 - Hosts: 127.117.112.229
O1 - Hosts: 127.62.183.41
O1 - Hosts: 127.113.212.132 avp.com
O1 - Hosts: 127.164.237.33
O1 - Hosts: 127.159.14.27 networkassociates.com
O1 - Hosts: 127.4.188.93
O1 - Hosts: 127.124.13.114 ca.com
O1 - Hosts: 127.63.101.156 my-etrust.com
O1 - Hosts: 127.41.226.6
O1 - Hosts: 127.99.48.112 secure.nai.com
O1 - Hosts: 127.222.199.228 nai.com
O1 - Hosts: 127.0.47.135
O1 - Hosts: 127.96.33.35 trendmicro.com
O1 - Hosts: 127.69.170.170
O1 - Hosts: 127.85.146.15 housecall.trendmicro.com
O1 - Hosts: 127.127.211.90
O1 - Hosts: 127.77.111.35
O1 - Hosts: 127.211.87.31
O1 - Hosts: 127.215.66.104 www3.ca.com
O1 - Hosts: 127.70.222.223 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.255.23.210 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.114.165.210 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.0.200.174 windowsupdate.microsoft.com
O1 - Hosts: 127.116.172.245
O1 - Hosts: 127.25.134.68 windowsupdate.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C
rogrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C
rogrammeSpybot - Search & DestroySDHelper.dll
O4 - HKLM..Run: [ATIPTA] C
rogrammeATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [LiveMonitor] C
rogrammeMSILive Update 3LMonitor.exe
O4 - HKLM..Run: [AVGCtrl] C
rogrammeAVPersonalAVGNT.EXE /min
O4 - HKLM..RunServices: [ccEvtMrg.exe] ccEvtMrg.exe
O4 - HKLM..RunServices: [RegService] sysload16.exe -services
O4 - HKCU..Run: [MsnMsgr] "C
rogrammeMSN MessengerMsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C
rogrammeMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C
rogrammeMessengermsmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
O20 - AppInit_DLLs: PAVWAIT.DLL
THX im vorraus! MFG Rupp

Logfile of HijackThis v1.98.2
Scan saved at 22:27:50, on 18.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C
C
C
C:WINDOWSSOUNDMAN.EXE
C
C
C
C
C
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
Please,
Anmelden
or
Registrieren
to view URLs content!
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
Please,
Anmelden
or
Registrieren
to view URLs content!
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
Please,
Anmelden
or
Registrieren
to view URLs content!
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
Please,
Anmelden
or
Registrieren
to view URLs content!
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
Please,
Anmelden
or
Registrieren
to view URLs content!
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
Please,
Anmelden
or
Registrieren
to view URLs content!
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
Please,
Anmelden
or
Registrieren
to view URLs content!
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
Please,
Anmelden
or
Registrieren
to view URLs content!
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak =
Please,
Anmelden
or
Registrieren
to view URLs content!
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
O1 - Hosts: 127.159.97.155
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.235.39.31 securityresponse.symantec.com
O1 - Hosts: 127.133.244.184 symantec.com
O1 - Hosts: 127.114.89.120
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.139.141.35 mcafee.com
O1 - Hosts: 127.170.114.208 us.mcafee.com
O1 - Hosts: 127.245.59.89
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.192.131.20 sophos.com
O1 - Hosts: 127.119.215.152
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.12.66.108 viruslist.com
O1 - Hosts: 127.173.178.124 f-secure.com
O1 - Hosts: 127.12.49.88
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.54.181.118 kaspersky.com
O1 - Hosts: 127.117.112.229
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.62.183.41
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.113.212.132 avp.com
O1 - Hosts: 127.164.237.33
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.159.14.27 networkassociates.com
O1 - Hosts: 127.4.188.93
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.124.13.114 ca.com
O1 - Hosts: 127.63.101.156 my-etrust.com
O1 - Hosts: 127.41.226.6
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.99.48.112 secure.nai.com
O1 - Hosts: 127.222.199.228 nai.com
O1 - Hosts: 127.0.47.135
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.96.33.35 trendmicro.com
O1 - Hosts: 127.69.170.170
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.85.146.15 housecall.trendmicro.com
O1 - Hosts: 127.127.211.90
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.77.111.35
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.211.87.31
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.215.66.104 www3.ca.com
O1 - Hosts: 127.70.222.223 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.255.23.210 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.114.165.210 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.0.200.174 windowsupdate.microsoft.com
O1 - Hosts: 127.116.172.245
Please,
Anmelden
or
Registrieren
to view URLs content!
O1 - Hosts: 127.25.134.68 windowsupdate.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C
O4 - HKLM..Run: [ATIPTA] C
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [LiveMonitor] C
O4 - HKLM..Run: [AVGCtrl] C
O4 - HKLM..RunServices: [ccEvtMrg.exe] ccEvtMrg.exe
O4 - HKLM..RunServices: [RegService] sysload16.exe -services
O4 - HKCU..Run: [MsnMsgr] "C
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O20 - AppInit_DLLs: PAVWAIT.DLL
THX im vorraus! MFG Rupp
