Extrem hartnäckiger Hijacker - Beitrag #3 - Post 182499 - Computer Hardware Forum - TweakPC -

Stümper · 04.08.2004, 19:11

Logfile of HijackThis v1.97.7
Scan saved at 20:07:48, on 04.08.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\srvany.exe
C:\Programme\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\resetservice.exe
C:\Programme\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\addkv32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\McAfee\McAfee VirusScan\Avconsol.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\d3ci32.exe
C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe
C:\Dokumente und Einstellungen\Gerd\Eigene Dateien\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfwax.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gfwax.dll/index.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gfwax.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfwax.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gfwax.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gfwax.dll/sp.html#37794
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {89F014C0-EC39-66DE-2373-1D4CCF27E2C8} - C:\WINDOWS\iphc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [*******ElbyCDFL] "C:\Programme\Elaborate Bytes\*******\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UIUCU] C:\DOKUME~1\Gerd\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Alogserv] C:\Programme\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [d3ci32.exe] C:\WINDOWS\system32\d3ci32.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKLM\..\RunOnce: [addkv32.exe] C:\WINDOWS\system32\addkv32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NewShortcut4.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O16 - DPF: Fortune Bingo by pogo - http://game.pogo.com/applet-5.8.1.28...-ob-assets.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29e0e4ab...dxIE601_de.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -

04.08.2004, 19:11	#3 (permalink)
Stümper Overclocker Registriert seit: 25.06.2003 Beiträge: 234	Logfile of HijackThis v1.97.7 Scan saved at 20:07:48, on 04.08.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe C:\Programme\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINDOWS\system32\srvany.exe C:\Programme\McAfee\McAfee VirusScan\VsStat.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\resetservice.exe C:\Programme\McAfee\McAfee VirusScan\Vshwin32.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\addkv32.exe C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe C:\Programme\McAfee\McAfee VirusScan\Avconsol.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Microsoft Hardware\Mouse\point32.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\McAfee\McAfee VirusScan\alogserv.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\d3ci32.exe C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe C:\Dokumente und Einstellungen\Gerd\Eigene Dateien\Programme\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfwax.dll/sp.html#37794 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gfwax.dll/index.html#37794 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gfwax.dll/index.html#37794 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfwax.dll/sp.html#37794 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gfwax.dll/index.html#37794 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gfwax.dll/sp.html#37794 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {89F014C0-EC39-66DE-2373-1D4CCF27E2C8} - C:\WINDOWS\iphc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [*****ElbyCDFL] "C:\Programme\Elaborate Bytes\*****\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [UIUCU] C:\DOKUME~1\Gerd\LOKALE~1\Temp\UIUCU.EXE -CLEAN_UP -S O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [Alogserv] C:\Programme\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [d3ci32.exe] C:\WINDOWS\system32\d3ci32.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor O4 - HKLM\..\RunOnce: [addkv32.exe] C:\WINDOWS\system32\addkv32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NewShortcut4.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\GER\W2K\PDFSaver.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: ICQ 4.0 (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O16 - DPF: Fortune Bingo by pogo - http://game.pogo.com/applet-5.8.1.28...-ob-assets.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/29e0e4ab...dxIE601_de.cab O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -