Tag da!
Mal wieder einer...
svchost.exe verursacht 100% CPU-Auslastung!
Würde mich ja jetzt beruhigt zurücklehnen und auf BadBits jagd machen, wenn ich nicht schon den hijackthis gemacht hätte!
Beunruhigend finde ich die ganzen Hosts besonders, da das alles Banken sind! Hatte gerade gestern meine Kreditkarten Nummer durchs Netz geschickt! Wollte das eigentlich nie machen und nun ist es passiert!
Was hat das alles zu bedeuten?
Hilfe!?!
Besten Dank schon mal!
Gruß der_kai
Logfile of HijackThis v1.99.1
Scan saved at 18:29:15, on 23.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mmsvc32.exe
C:\WINDOWS\System32\spools.exe
F:\Musik\WinAmp5\Winamp\winampa.exe
C:\Programme\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\windows\temp\adware\fsg_4203.exe
C:\Programme\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programme\Internet Explorer\iexplore.exe
F:\Internet\hijackthis\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenet.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.freenet.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von freenet.de
O1 - Hosts: 209.160.64.29 lloydstsb.co.uk
O1 - Hosts: 209.160.64.29 online.lloydstsb.co.uk
O1 - Hosts: 209.160.64.29 www.lloydstsb.co.uk
O1 - Hosts: 209.160.64.29 www.lloydstsb.com
O1 - Hosts: 209.160.64.29 personal.barclays.co.uk
O1 - Hosts: 209.160.64.29 barclays.co.uk
O1 - Hosts: 209.160.64.29 ibank.barclays.co.uk
O1 - Hosts: 209.160.64.29 www.barclays.co.uk
O1 - Hosts: 209.160.64.29 www.nwolb.com
O1 - Hosts: 209.160.64.29 nwolb.com
O1 - Hosts: 209.160.64.29 hsbc.co.uk
O1 - Hosts: 209.160.64.29 www.hsbc.co.uk
O1 - Hosts: 209.160.64.29 abbey.com
O1 - Hosts: 209.160.64.29 www.abbey.com
O1 - Hosts: 209.160.64.29 www.abbey.co.uk
O1 - Hosts: 209.160.64.29 abbey.co.uk
O1 - Hosts: 209.160.64.29 cahoot.com
O1 - Hosts: 209.160.64.29 www.cahoot.com
O1 - Hosts: 209.160.64.29 www.cahoot.co.uk
O1 - Hosts: 209.160.64.29 cahoot.co.uk
O1 - Hosts: 209.160.64.29 www.co-operativebank.co.uk
O1 - Hosts: 209.160.64.29 co-operativebank.co.uk
O1 - Hosts: 209.160.64.29 www.co-operativebank.com
O1 - Hosts: 209.160.64.29 co-operativebank.com
O1 - Hosts: 209.160.64.29 welcome2.co-operativebankonline.co.uk
O1 - Hosts: 209.160.64.29 welcome6.co-operativebankonline.co.uk
O1 - Hosts: 209.160.64.29 welcome8.co-operativebankonline.co.uk
O1 - Hosts: 209.160.64.29 welcome10.co-operativebankonline.co.uk
O1 - Hosts: 209.160.64.29 www.smile.co.uk
O1 - Hosts: 209.160.64.29 smile.co.uk
O1 - Hosts: 209.160.64.29 www.cajamar.es
O1 - Hosts: 209.160.64.29 cajamar.es
O1 - Hosts: 209.160.64.29 www.cajamar.com
O1 - Hosts: 209.160.64.29 www.unicaja.es
O1 - Hosts: 209.160.64.29 unicaja.es
O1 - Hosts: 209.160.64.29 www.unicaja.com
O1 - Hosts: 209.160.64.29 unicaja.com
O1 - Hosts: 209.160.64.29 www.caixagalicia.es
O1 - Hosts: 209.160.64.29 caixagalicia.es
O1 - Hosts: 209.160.64.29 www.caixagalicia.com
O1 - Hosts: 209.160.64.29 caixagalicia.com
O1 - Hosts: 209.160.64.29 activa.caixagalicia.es
O1 - Hosts: 209.160.64.29 www.caixapenedes.es
O1 - Hosts: 209.160.64.29 caixapenedes.es
O1 - Hosts: 209.160.64.29 www.caixapenedes.com
O1 - Hosts: 209.160.64.29 caixapenedes.com
O1 - Hosts: 209.160.64.29 bancae.caixapenedes.com
O1 - Hosts: 209.160.64.29 www.caixasabadell.es
O1 - Hosts: 209.160.64.29 caixasabadell.es
O1 - Hosts: 209.160.64.29 www.caixasabadell.net
O1 - Hosts: 209.160.64.29 caixasabadell.net
O1 - Hosts: 209.160.64.29 www.cajamadrid.es
O1 - Hosts: 209.160.64.29 cajamadrid.es
O1 - Hosts: 209.160.64.29 www.cajamadrid.com
O1 - Hosts: 209.160.64.29 cajamadrid.com
O1 - Hosts: 209.160.64.29 oi.cajamadrid.es
O1 - Hosts: 209.160.64.29 www.ccm.es
O1 - Hosts: 209.160.64.29 ccm.es
O1 - Hosts: 209.160.64.29 www.haspa.de
O1 - Hosts: 209.160.64.29 haspa.de
O1 - Hosts: 209.160.64.29 ssl2.haspa.de
O1 - Hosts: 209.160.64.29 www.dresdner-bank.de
O1 - Hosts: 209.160.64.29 dresdner-bank.de
O1 - Hosts: 209.160.64.29 www.dresdner-privat.de
O1 - Hosts: 209.160.64.29 postbank.de
O1 - Hosts: 209.160.64.29 www.postbank.de
O1 - Hosts: 209.160.64.29 banking.postbank.de
O1 - Hosts: 209.160.64.29 www.sparda-b.de
O1 - Hosts: 209.160.64.29 sparda-b.de
O1 - Hosts: 209.160.64.29 www.bankingonline.de
O1 - Hosts: 209.160.64.29 www.raiffeisenbank-erding.de
O1 - Hosts: 209.160.64.29 raiffeisenbank-erding.de
O1 - Hosts: 209.160.64.29 www.vr-networld-ebanking.de
O1 - Hosts: 209.160.64.29 vr-networld-ebanking.de
O1 - Hosts: 209.160.64.29 www.bnhof.de
O1 - Hosts: 209.160.64.29 bnhof.de
O1 - Hosts: 209.160.64.29 www.deutsche-bank.de
O1 - Hosts: 209.160.64.29 deutsche-bank.de
O1 - Hosts: 209.160.64.29 meine.deutsche-bank.de
O1 - Hosts: 209.160.64.29 www.citibank.de
O1 - Hosts: 209.160.64.29 citibank.de
O1 - Hosts: 209.160.64.29 cipehb13.cdg.citibank.de
O1 - Hosts: 209.160.64.29 www.dkb.de
O1 - Hosts: 209.160.64.29 dkb.de
O1 - Hosts: 209.160.64.29 www.sparkasse-regensburg.de
O1 - Hosts: 209.160.64.29 sparkasse-regensburg.de
O1 - Hosts: 209.160.64.29 www.berliner-bank.de
O1 - Hosts: 209.160.64.29 berliner-bank.de
O1 - Hosts: 209.160.64.29 www.berliner-sparkasse.de
O1 - Hosts: 209.160.64.29 berliner-sparkasse.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe\reader 7\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINDOWS\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINDOWS\System32\spools.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Musik\WinAmp5\Winamp\winampa.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Programme\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] F:\DVD\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = F:\Adobe\reader 7\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
der_kai Gast |