Ich hätte gern mal gewusst, ob das System befallen ist. Mir kommen da einige Dateien sehr "spanisch" vor und kann damit nix anfangen ...
Hier ein log von Hijackthis:
Logfile of HijackThis v1.98.2
Scan saved at 11:34:49, on 18.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:ProgrammeAVPersonalAVGUARD.EXE
C:ProgrammeAVPersonalAVWUPSRV.EXE
C:ProgrammeAVPersonalAVGNT.EXE
C:ProgrammeMessenger Plus! 3MsgPlus.exe
C:WINDOWSsystem32wscntfy.exe
D:Mircmirc.exe
C:ProgrammeWinRARWinRAR.exe
C:DOKUME~1domadLOKALE~1TempRar$EX00.750HijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = h**p://best-search.cc/search.php?v=6&aff=6182156
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = h**p://best-search.cc/index.php?v=6&aff=6182156
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = h**p://http://www.microsoft.com/isapi/redir.dl…&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = h**p://http://www.microsoft.com/isapi/redir.dl…amp;ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = h**p://http://www.microsoft.com/isapi/redir.dl…amp;ar=iesearch
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = h**p://http://www.microsoft.com/isapi/redir.dl…%7D&ar=home
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = iexplore
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O4 - HKLM..Run: [AVGCtrl] C:ProgrammeAVPersonalAVGNT.EXE /min
O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammeMessenger Plus! 3MsgPlus.exe"
O4 - HKLM..Run: [Windows SSL File] winssv.exe
O4 - HKLM..Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..RunServices: [Starting up] wvsvc.exe
O4 - HKLM..RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM..RunServices: [Windows media service] crsss.exe
O4 - HKLM..RunServices: [OEM Tools 32] tres32.exe
O4 - HKLM..RunServices: [Auto updat] crsrs.exe
O4 - HKLM..RunServices: [Windows SSL File] winssv.exe
O4 - HKLM..RunServices: [Window Monitor] winmon32.exe
O4 - HKLM..RunServices: [MSVsm] rpcxcntrx.exe
O4 - HKLM..RunServices: [Win32 USB Driver] mvsecn.exe
O4 - HKLM..RunServices: [MSChoExE] suge.exe
O4 - HKLM..RunServices: [Windows Updates] winupdate.exe
O4 - HKLM..RunServices: [Win32 USB2 Driver] sys32snd.exe
O4 - HKLM..RunServices: [Microsoft Windows Secure Update] rpcxwinupdt.exe
O4 - HKLM..RunOnce: [Windows SSL File] winssv.exe
O4 - HKLM..RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..Run: [Windows SSL File] winssv.exe
O4 - HKCU..Run: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..RunServices: [Window Monitor] winmon32.exe
O4 - HKCU..RunOnce: [Windows SSL File] winssv.exe
O4 - HKCU..RunOnce: [Win32 USB2 Driver] sys32snd.exe
O4 - HKCU..RunOnce: [ICQ Lite] C:ProgrammeICQLiteICQLite.exe -trayboot
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - ***://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:ProgrammeICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:ProgrammeICQLiteICQLite.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097403226703
O17 - HKLMSystemCCSServicesTcpip..{3CDF1578-26EA-40C0-8458-84B3E4871ECC}: NameServer = 217.237.149.225 217.237.151.97
zb. das suge. exe?
Kann das mal jem. checken und mir dann bescheid geben?
Wäre echt lieb.
danke domad