Hallo!
Hab mir zum ersten Mal so ein Mistdings eingefangen und natürlich keinen Plan wie ich ihn entfernen kann. Bin GOTTSEIDANK auf diese Seite gestoßen und hoffe, dass mir jemand helfen kann
So siehts aus das Logfile, was soll ich tun
Logfile of HijackThis v1.99.1
Scan saved at 22:53:11, on 29.05.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\SMSSU.EXE
C:\WINDOWS\System32\Tmntsrv32.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRAMME\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\pntask.exe
C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\SMSSU.EXE
C:\WINDOWS\System32\Tmntsrv32.EXE
C:\Programme\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Programme\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRAMME\NORMAN\Nvc\BIN\NYMSE.EXE
C:\PROGRAMME\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\PROGRAMME\NORMAN\Nvc\BIN\nvcoas.exe
C:\PROGRAMME\NORMAN\Nvc\BIN\cclaw.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\WEBDE\SmartSurfer2.31\SmartSurfer.exe
C:\Programme\ICQ\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://default.home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://default.home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.searchv.com/search.html
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\PROGRAMME\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PNtask Services] C:\WINDOWS\System32\pntask.exe
O4 - HKLM\..\Run: [System Update] sysupdt32.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WindowsMGM] C:\WINDOWS\winmgm32.exe
O4 - HKCU\..\Run: [System Update] sysupdt32.exe
O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE
O4 - HKCU\..\RunOnce: [ICQ] C:\Programme\ICQ\ICQ.exe -trayboot
O4 - Global Startup: Erinnerungen in Microsoft Works-Kalender.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - https://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - https://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF7D012B-F95F-4BF7-BC62-A1F5C9EE1BD7}: NameServer = 62.104.191.241 62.104.196.134
O23 - Service: Norman ZANDA - Unknown owner - C:\Programme\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\PROGRAMME\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\PROGRAMME\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
vielen Dank für eure Hilfe
Grüßle
LOS