hijackthis
hallo,
habe von meinem freund ma einen log hier der riesige probleme mit allen erdenklichen viren hat:
Logfile of HijackThis v1.99.1
Scan saved at 20:33:44, on 15.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programme\Eset\nod32kui.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Yahoo!\Messenger\YPager.exe
C:\Programme\Opera7\Opera.exe
C:\Programme\Winamp\Winamp.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Dokumente und Einstellungen\Maurer\Eigene Dateien\ICQ Lite\254588884\Big Dago$$_348132961\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = https://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://my.search/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ie-search.com/home.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\windows\hp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://ie-search.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://my.search/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = https://ie-search.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = https://ie-search.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://ie-search.com/home.html (obfuscated)
F1 - win.ini: run=fntldr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDO WS\System32\svcpack.exe
O1 - Hosts: 206.161.200.105 auto.search.msn.com
O1 - Hosts: 206.161.200.105 sitefinder.verisign.com
O1 - Hosts: 206.161.200.105 sitefinder-idn.verisign.com
O1 - Hosts: 206.161.200.105 https://www.your.com
O1 - Hosts: 206.161.200.105 your.com
O1 - Hosts: 206.161.200.103 https://www.smutserver.com
O1 - Hosts: 206.161.200.103 www1.smutserver.com
O1 - Hosts: 206.161.200.103 www2.smutserver.com
O1 - Hosts: 206.161.200.103 www3.smutserver.com
O1 - Hosts: 206.161.200.103 www4.smutserver.com
O1 - Hosts: 206.161.200.103 www5.smutserver.com
O1 - Hosts: 206.161.200.103 www6.smutserver.com
O1 - Hosts: 206.161.200.103 www7.smutserver.com
O1 - Hosts: 206.161.200.103 www8.smutserver.com
O1 - Hosts: 206.161.200.103 www9.smutserver.com
O1 - Hosts: 206.161.200.103 www10.smutserver.com
O1 - Hosts: 206.161.200.103 www11.smutserver.com
O1 - Hosts: 206.161.200.103 www12.smutserver.com
O1 - Hosts: 206.161.200.103 www13.smutserver.com
O1 - Hosts: 206.161.200.103 www14.smutserver.com
O1 - Hosts: 206.161.200.103 www15.smutserver.com
O1 - Hosts: 206.161.200.103 www16.smutserver.com
O1 - Hosts: 206.161.200.103 www17.smutserver.com
O1 - Hosts: 206.161.200.103 www18.smutserver.com
O1 - Hosts: 206.161.200.103 www19.smutserver.com
O1 - Hosts: 206.161.200.103 www20.smutserver.com
O1 - Hosts: 206.161.200.103 www21.smutserver.com
O1 - Hosts: 206.161.200.103 www22.smutserver.com
O1 - Hosts: 206.161.200.103 www23.smutserver.com
O1 - Hosts: 206.161.200.103 www24.smutserver.com
O1 - Hosts: 206.161.200.103 www25.smutserver.com
O1 - Hosts: 206.161.200.103 www26.smutserver.com
O1 - Hosts: 206.161.200.103 www27.smutserver.com
O1 - Hosts: 206.161.200.103 www28.smutserver.com
O1 - Hosts: 206.161.200.103 www29.smutserver.com
O1 - Hosts: 206.161.200.103 www30.smutserver.com
O1 - Hosts: 206.161.200.103 www31.smutserver.com
O1 - Hosts: 206.161.200.103 www32.smutserver.com
O1 - Hosts: 206.161.200.103 https://www.kinghost.com
O1 - Hosts: 206.161.200.103 kinghost.com
O1 - Hosts: 206.161.200.103 www1.kinghost.com
O1 - Hosts: 206.161.200.103 www2.kinghost.com
O1 - Hosts: 206.161.200.103 www3.kinghost.com
O1 - Hosts: 206.161.200.103 www4.kinghost.com
O1 - Hosts: 206.161.200.103 www5.kinghost.com
O1 - Hosts: 206.161.200.103 www6.kinghost.com
O1 - Hosts: 206.161.200.103 www7.kinghost.com
O1 - Hosts: 206.161.200.103 www8.kinghost.com
O1 - Hosts: 206.161.200.103 www9.kinghost.com
O1 - Hosts: 206.161.200.103 www10.kinghost.com
O1 - Hosts: 206.161.200.103 www1.ndhosting.com
O1 - Hosts: 206.161.200.103 www3.ndhosting.com
O1 - Hosts: 206.161.200.103 www2.ndhosting.com
O1 - Hosts: 206.161.200.103 https://www.ndhosting.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 6.exe
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set -- by windows setup --
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [kernel32] C:\WINDOWS\System32\kernel32.dlI
O4 - HKLM\..\Run: [mnsvcsp] C:\WINDOWS\System32\mnsvcsp.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [1025-28-DE@4] C:\WINDOWS\Dutchweb24\\~dw24tmp.exe -t
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [sws.exe] c:\programme\GlobalDialer\domer00046\gd-domer00046_de.exe -remove
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Web Search - c:\windows\ex.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - https://www.emusic.com?fref=149133 (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - https://www.medionshop.de/ (file missing) (HKCU)
O13 - WWW. Prefix: https://ehttp.cc/?
O14 - IERESET.INF: START_PAGE_URL=https://www.medion.com/
O16 - DPF: Video Poker - https://download.games.yahoo.com/games/c ... vpt0_x.cab
O16 - DPF: Yahoo! Bingo - https://download.games.yahoo.com/games/c ... /xt0_x.cab
O16 - DPF: Yahoo! Chess - https://download.games.yahoo.com/games/c ... /ct1_x.cab
O16 - DPF: Yahoo! Poker - https://download.games.yahoo.com/games/c ... /pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - https://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: Yahoo! Towers 2.0 - https://download.games.yahoo.com/games/c ... ywt0_x.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - https://01.sharedsource.org/html/UDConn.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} - https://www.chicasmodelos.com/ruboskizo2.cab
O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0} (WebPlugin Class) - https://webinstall.tscash.com/webinstall.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - https://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - https://www.fotobuscador.com/descarga/DialerData.cab
O16 - DPF: {5DF6FB84-749D-4AAE-AE37-708DE09B0588} - https://213.229.160.219/dialers/dial.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://v5.windowsupdate.microsoft.com/v ... 4367218859
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - https://us.games2.yimg.com/download.game ... _0_0_1.ocx
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - https://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} - https://www.sponsoradulto.com/SysWebTelecom.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - https://us.dl1.yimg.com/download.compani ... _1_6_0.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - https://xtraz.icq.com/xtraz/activex/MISBH.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - https://http.gamezone.tukati.com/tukati/ ... tukati.cab
O19 - User stylesheet: c:\windows\system.css (file missing)
O20 - Winlogon Notify: mnsvcsp - mnsvcsp.dll (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programme\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
mfg
Daniel
Zitieren