|
Log-Analyse und Auswertung: Remove all Spyware from your PC!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.04.2005, 09:21 | #1 |
| Remove all Spyware from your PC! Bitte Hilfe!!! Logfile of HijackThis v1.99.1 Scan saved at 10:21:39, on 13.04.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe D:\Programme\0190 Warner\w0svc.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\CTHELPER.EXE C:\WINNT\Twain_32\FlatBed\HotKey.exe C:\WINNT\svchost.exe C:\Programme\QuickTime\qttask.exe C:\Programme\EnergyPlugIn\EnergyPlugin.exe D:\PROGRA~1\0190WA~1\WARN0190.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINNT\system32\internat.exe C:\WINNT\system32\shellexp.exe C:\Programme\Steganos Internet Anonym 7\SIA7.exe C:\Programme\MSI\PC Alert 4\PCAlert4.exe D:\Programme\PocketCam\ICON.EXE C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Programme\WinZip\WZQKPICK.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\privat\Lokale Einstellungen\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.50.191.52/3100/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.50.191.52/3100/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/3100/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=44768 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=44768 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.191.52/3100/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_p...ount_id=152324 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1528/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.50.191.52/3100/sp.php R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://nkvd.us/1528/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/legal.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.orf.at/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/legal.php R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://127.0.0.1:8080/proxyconf R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file) F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\programme\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINNT\EliteToolBar\EliteToolBar version 53.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINNT\EliteToolBar\EliteToolBar version 53.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-2fe89c996183} - c:\programme\steganos internet anonym 7\sia7iep.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [HotKey] C:\WINNT\Twain_32\FlatBed\HotKey.exe O4 - HKLM\..\Run: [svchost] C:\WINNT\svchost.exe O4 - HKLM\..\Run: [smfbrkhfv] C:\WINNT\system32\mcsgqs.exe O4 - HKLM\..\Run: [msbb] c:\programme\180solutions\msbb.exe O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [Sys29] C:\winnt\system32\winnrk32.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programme\EnergyPlugIn\EnergyPlugin.exe O4 - HKLM\..\Run: [0190 Warner] D:\PROGRA~1\0190WA~1\WARN0190.EXE O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Explorer] C:\WINNT\system32\shellexp.exe en O4 - HKCU\..\Run: [SIA7] "C:\Programme\Steganos Internet Anonym 7\SIA7.exe" -boot O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: PC Alert 4.lnk = C:\Programme\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: PocketCam 3Mega Monitor.lnk = D:\Programme\PocketCam\ICON.EXE O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll (file missing) O9 - Extra button: Microsoft AntiSpyware helper - {77F2CEB8-5617-445E-A222-4765602F0983} - C:\WINNT\system32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {77F2CEB8-5617-445E-A222-4765602F0983} - C:\WINNT\system32\wldr.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: Microsoft AntiSpyware helper - {77F2CEB8-5617-445E-A222-4765602F0983} - C:\WINNT\system32\wldr.dll (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {77F2CEB8-5617-445E-A222-4765602F0983} - C:\WINNT\system32\wldr.dll (file missing) (HKCU) O13 - Mosaic Prefix: http://www.nkvd.us/1528/ O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted IP range: 64.127.104.144 (HKLM) O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} - http://63.219.181.7/cax.cab O16 - DPF: {0DEE9AF9-8895-68C1-12AC-674125FFE409} - http://64.237.41.215/1/gdnAT409.exe O16 - DPF: {217D0A62-B614-62FE-B2DA-16A94B995DFD} - http://64.237.41.215/1/gdnAT409.exe O16 - DPF: {3B1E967F-3931-0F0A-04C4-7E1D68D4DD55} - http://213.159.117.150/1/gdnAT13.exe O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial/058361as.exe O16 - DPF: {4787D5CB-D135-5AA2-9C6C-16DA01CB3CED} - http://213.159.117.150/1/gdnAT13.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D8425A0B-AB7C-4090-90F3-C8C6091B9A73}: NameServer = 195.3.96.68 213.33.98.136 O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Mirko Böer - D:\Programme\0190 Warner\w0svc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe |
13.04.2005, 09:43 | #2 | |
| Remove all Spyware from your PC! @Daffy
__________________Deine Kiste ist voll von Malware, dazwischen: Zitat:
Bitte nach Anleitung in meiner Signatur vorgehen. |
13.04.2005, 10:00 | #3 |
| Remove all Spyware from your PC! Was soll ich jetzt machen??
__________________Bitte um genaue anweisungen, da ich eigentlich kein Fachmann bin! Danke |
13.04.2005, 10:03 | #4 | |
| Remove all Spyware from your PC!Zitat:
|
13.04.2005, 14:20 | #5 |
| Remove all Spyware from your PC! So schlimm???? |
Themen zu Remove all Spyware from your PC! |
alert, antispyware, antivir, antivir update, bho, boot, button, einstellungen, explorer, file missing, hijack, hijackthis, hilfe!!, internet, internet explorer, microsoft, nvidia, obfuscated, programme, rundll, rundll32.exe, software, spyware, system, system32, temp, urlsearchhook, userinit, windows |