Hilfe!!! Dropper DR/180solutions - hijack logfile

Gabi83 · 18.01.2005, 17:11

Hilfe!Hab seit einigen Tagen den DR/180solutions aufm Rechner. Antivir erkennt ihn, kann den Dropper aber leider nicht löschen. Bei jedem Neustart ist wieder ne andere exe.tmp. infiziert...

Könnte sich meiner Logfile bitte bitte jemand annehmen? Kenn mich überhaupts nicht aus... Grüßle vom verregneten Konstanz

Logfile of HijackThis v1.99.0
Scan saved at 16:45:49, on 18.01.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK\PDESK.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMME\ANTIVIR\AVGCTRL.EXE
C:\PROGRAMME\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAMME\NETPUMPER\NETPUMPERIEPROXY.EXE
C:\WINDOWS\TEMP\41D0.TMP.EXE
C:\PROGRAM FILES\WINDOWS SERVEAD\WINSERVAD.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WINDOWS SERVEAD\WINSERVSUIT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\EIGENE DATEIEN\SONSTIGES\HIJACKTHIS199\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://awebfind.biz/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B230DD21-C518-A168-41BF-B1EC0875933F} - C:\WINDOWS\SYSTEM\NETTO.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAMME\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [eDonkey2000] C:\PROGRAMME\EDONKEY2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CoolWallpaperSoftware] C:\PROGRAMME\COOLWALLPAPER\cwm_tray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\ANTIVIR\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [41D0.TMP] C:\WINDOWS\TEMP\41D0.TMP.exe 0 28129
O4 - HKLM\..\Run: [Windows ServeAd] C:\PROGRAM FILES\WINDOWS SERVEAD\WINSERVAD.EXE
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [8dffCWA] C:\KRTMQG.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\programme\180solutions\sais.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAMME\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [41D0.TMP.EXE] C:\WINDOWS\TEMP\41D0.TMP.EXE 0 28129
O4 - HKLM\..\Run: [¢‰¸ï04Ã4}¤Áœ5]C:\Programme\ISTsvc\istsvc.exe] C:\KRTMQG.EXE
O4 - HKLM\..\Run: [yvgfqvgr] C:\WINDOWS\yvgfqvgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ADDDJ.EXE] C:\WINDOWS\ADDDJ.EXE
O4 - HKCU\..\Run: [ClockSync] "C:\Programme\ClockSync\Sync.exe" /q
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAMME\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAMME\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL (file missing)
O12 - Plugin for .pl: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {17A1363B-D2B1-4152-BFD2-8BD98FF6D6CA} (WebDeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/ducd/bin/activex.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2781db66fc1c155...dxIE601_de.cab
O16 - DPF: {6ABC861A-31E7-4D91-B43B-D3C98F22A5C0} - http://secure.aconti.net/(ju4nu555pgzgqlvi4pxb1q55)/secureweb/secureweb.cab
O16 - DPF: {DCF96DA0-ED33-40FF-B83E-AB7011C2BA7E} (Dialer Class) - http://66.230.134.150/tsed/glo1numbk7l10/acab.cab
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://www.power-url.de/install/StarInstall.ocx
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxyz.mht!http://bitreactor.ath.cx/board/image...bridge-c18.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...0006_adult.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = Cimbria
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1

Hilfe!!! Dropper DR/180solutions - hijack logfile

Log-Analyse und Auswertung: Hilfe!!! Dropper DR/180solutions - hijack logfile

Hilfe!!! Dropper DR/180solutions - hijack logfile

Ähnliche Themen: Hilfe!!! Dropper DR/180solutions - hijack logfile