Hallo
Auch ich habe leider das Problem mit der Startseite. Mit Spybot habe ich etliche Spyware entfernen können, das Problem hat sich jedoch nicht gelöst.
Hier nun mein Logfile von HijackThis:
Logfile of HijackThis v1.98.0
Scan saved at 14:07:47, on 02.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\EASYCD~1\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\qttask.exe
D:\Programme\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\umonit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\Logitech\KEYCOM~1\Commandr.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Microsoft Money\System\reminder.exe
C:\PROGRA~1\POCKET~1\MICROS~1\WCESCOMM.EXE
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\DOKUME~1\FRI\LOKALE~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://crryzb.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://crryzb.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = C:\WINDOWS\search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://crryzb.t.muxa.cc/s.php?aid=420 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://crryzb.t.muxa.cc/h.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://crryzb.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://crryzb.t.muxa.cc/s.php?aid=420 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bluewin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://crryzb.t.muxa.cc/h.php?aid=420 (obfuscated)
F1 - win.ini: run=fntldr.exe info32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O1 - Hosts: 66.197.100.83 auto.search.msn.com
O1 - Hosts: 66.197.100.83 sitefinder.verisign.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\Ad Block (Bitte beachten: Unsere Regeln zu Werbeblockern!)ing\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\Ad Block (Bitte beachten: Unsere Regeln zu Werbeblockern!)ing\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\PROGRA~1\EASYCD~1\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [RealTray] D:\Programme\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup --
O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\KEYCOM~1\Commandr.EXE /HIDDEN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\wininet.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\POCKET~1\MICROS~1\WCESCOMM.EXE"
O4 - Startup: Windows Update-Installation fortsetzen.lnk = C:\WINDOWS\Windows Update Setup-Dateien\ie6setup.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Web Search - c:\windows\ex.htm
O9 - Extra button: Microsoft® JavaScript® Console - {0210AB30-0F32-429D-AD76-CD0D4BCE743A} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {0210AB30-0F32-429D-AD76-CD0D4BCE743A} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL (file missing)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft® JavaScript® Console - {0210AB30-0F32-429D-AD76-CD0D4BCE743A} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {0210AB30-0F32-429D-AD76-CD0D4BCE743A} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://cashsearch.biz/legal/x.chm::/load.exe
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/ch/2/060194ch.exe
O19 - User stylesheet: c:\windows\system.css
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
Hoffe, Ihr könnt mir weiterhelfen. Bin Euch sehr dankbar!
simon Gast |