Bitte wer kann helfen.
Habe problem bei einem Rechner welches ich nicht lösen kann - bitte um hilfe - hier mein log.
Danke im voraus
Logfile of
HijackThis v1.98.2
Scan saved at 13:49:17, on 08.11.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Compaq\LCRMS\LCRMS.EXE
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\Programme\Network Associates\VirusScan\Vshwin32.exe
C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CAP3RSK.EXE
C:\WINNT\System32\CAPRPCSK.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPPSWK.EXE
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
C:\msoffice\Office\1031\msoffice.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOKUME~1\ginmic\LOKALE~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://solongas.com/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://homepage.com�%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about
:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about
:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gemdatnoe.at
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://homepage.com�%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about
:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about
:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about
:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about
:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
http://homepage.com�%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about
:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://homepage.com�%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://homepage.com�%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://homepage.com�%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://homepage.com�%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://approvedlinks.com/hp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about
:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Gemdat NÖ
O1 - Hosts: 66.40.16.131
www.livesexlist.com
O1 - Hosts: 66.40.16.131
www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131
www.thumbnailpost.com
O1 - Hosts: 66.40.16.131
www.adult-series.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {72861361-3B14-4DB7-AABE-5370D6F81D7E} - C:\WINNT\System32\len.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CAP3ON] C:\WINNT\System32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINNT\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMsgSvc] C:\WINNT\System\MSMSGSVC.exe
O4 - Global Startup: Canon LBP-810-Statusfenster.LNK = C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPPSWK.EXE
O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPPSWK.EXE
O4 - Global Startup: Image Transfer.lnk = C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: K.I.M. Updateroutine.lnk = C:\kim\kimupd\Kimupd32.exe
O4 - Global Startup: kim.bat.lnk = C:\kim.bat
O4 - Global Startup: Microsoft Office.lnk = C:\msoffice\Office\OSA9.EXE
O4 - Global Startup: Statusfenster für Canon LASER SHOT LBP-1120.LNK = C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3LAK.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.gemdatnoe.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = strasshof.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE44426-D809-4809-ABC3-A356F314E16E}: NameServer = 10.254.239.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = strasshof.local
O18 - Filter: text/html - {43820C22-DCEC-495A-8F15-96AA8615D613} - C:\WINNT\System32\len.dll
O18 - Filter: text/plain - {43820C22-DCEC-495A-8F15-96AA8615D613} - C:\WINNT\System32\len.dll
Baum-Darstellung