Hallo Leute
Habe meinen Compi wegen grossen Problemen neu aufgesetzt. Da aber nicht alle Probleme behoben sind, muss ich ihn nochmals frisch aufsetzen. (Windows XP, IE 6, Compi - HP Pavilion zd7000)
Um nicht bestehende Viren, Trojaner etc. mitzuschleppen hoffe ich auf eure Hilfe.
Probleme: Explorer stürzt oft ab, Auslastung schiesst auf 100% Auslastung, kann TaskManager nicht mehr öffnen etc. pp.
Habe eben ein Logfile mittels HijackThis hergestellt. Leider sind meine PC-Kenntnisse nicht so umfangreich. Bitte helft mir, meinen Compi vor dem nächsten Aufsetzen zu reinigen...
Danke schon jetzt und bis bald
Phil
Logfile of HijackThis v1.97.7
Scan saved at 13:33:01, on 20.09.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\winlw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\syscfg32.exe
C:\WINDOWS\System32\recall.exe
C:\WINDOWS\System32\crsrs.exe
C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Programme\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\winu32.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\sysentry32.exe
C:\WINDOWS\system32\hhs-hh.exe
C:\WINDOWS\System32\MSNMSGR5.exe
C:\WINDOWS\system32\crzr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\msnplugins.exe
C:\WINDOWS\System32\mswinrpc.exe
C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\vr?n.exe
C:\WINDOWS\ms32SP.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\system_44005.dat
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Phil\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7N31W0SE\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://realsearcher.com/?a=2&b=encry
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wxvyi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wxvyi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wxvyi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://realsearcher.com/?a=2&b=encry
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wxvyi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wxvyi.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wxvyi.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wxvyi.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.hp.com/
O2 - BHO: (no name) - {7DD79282-4F68-5C42-8508-A678BFEE9427} - C:\WINDOWS\system32\d3rw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programme\ISTbar\istbar.dll
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft Hardware\Mouse\point32.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programme\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programme\Gemeinsame Dateien\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programme\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [update service] winu32.exe
O4 - HKLM\..\Run: [ccApp.exe] ccApp.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\Run: [MSN UPDATER] msnplugins.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\Run: [Remote Procedure Calls] mswinrpc.exe
O4 - HKLM\..\Run: [netservices] recall.exe
O4 - HKLM\..\Run: [MSN Messanger] msnmsng.exe
O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\rdkndn.exe
O4 - HKLM\..\Run: [hhs-hh] C:\WINDOWS\system32\hhs-hh.exe
O4 - HKLM\..\Run: [MSNMSGR5] MSNMSGR5.exe
O4 - HKLM\..\Run: [crzr32.exe] C:\WINDOWS\system32\crzr32.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\programme\180solutions\sais.exe
O4 - HKLM\..\RunServices: [update service] winu32.exe
O4 - HKLM\..\RunServices: [ccApp.exe] ccApp.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\RunServices: [MSN UPDATER] msnplugins.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\RunServices: [Remote Procedure Calls] mswinrpc.exe
O4 - HKLM\..\RunServices: [netservices] recall.exe
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [MSNMSGR5] MSNMSGR5.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ccApp.exe] ccApp.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] syscfg32.exe
O4 - HKCU\..\Run: [MSN UPDATER] msnplugins.exe
O4 - HKCU\..\Run: [Remote Procedure Calls] mswinrpc.exe
O4 - HKCU\..\Run: [netservices] recall.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [MSN Messanger] msnmsng.exe
O4 - HKCU\..\Run: [SpywareGuard] C:\WINDOWS\system32\winproc32.exe
O4 - HKCU\..\Run: [hhs-hh] C:\WINDOWS\system32\hhs-hh.exe
O4 - HKCU\..\Run: [Mpsw] C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\vr?n.exe
O4 - HKCU\..\Run: [Windows Update Checker] C:\WINDOWS\ms32SP.exe
O4 - HKCU\..\RunServices: [MSN UPDATER] msnplugins.exe
O4 - HKCU\..\RunServices: [Remote Procedure Calls] mswinrpc.exe
O4 - HKCU\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKLM\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe
O4 - HKLM\..\RunOnce: [netservices] recall.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Win32 USB2 Driver] syscfg32.exe
O4 - HKCU\..\RunOnce: [netservices] recall.exe
O9 - Extra button: SideFind (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=37718639acdb57a29dc473a3e54b351c0003b1c7df5eb5fb3e448ff66563a5832683d342d227b523567400ef2f754ed6966db891:641cef8949b77b6afcb80f5c80250627
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97E73EE4-9DE2-4FC4-BB37-2495A960ED66}: NameServer = 194.230.1.168 194.230.1.200
Mister_Hickup Gast |