Mein log. Hoffe jemand kann helfen
 

Logfile of HijackThis v1.98.0
Scan saved at 18:53:10, on 02.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Java\j2re1.5.0\bin\jusched.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\WINDOWS\mgcopo.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\Programme\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Games\Valve\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\Programme\Network Associates\VirusScan\Vshwin32.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\Programme\Network Associates\VirusScan\Webscanx.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Java\j2re1.5.0\bin\javaw.exe
C:\Programme\Opera7\Opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOKUME~1\Kevin\LOKALE~1\Temp\_tc\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.14/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8DD27DB3-0C48-1E32-BD4B-2542936D6EB5} - C:\WINDOWS\system32\sdkrq32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [OcdVpIJE] C:\WINDOWS\mgcopo.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [¢?¸u0?4C
}ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\mgcopo.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] E:\Games\Valve\Steam\Steam.exe -silent
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.static.topconverting.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD.../bridge-c7.cab
O16 - DPF: {4646ADAE-DB03-45A5-8508-A0E8C138F4D5} (Nexon Connection Control) - http://file.nx.com/ActiveX/Public/NxConn.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104591644633
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E3221EF-0AFC-4D33-902B-09C87E391A94}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A235992B-0331-4420-BF3E-CFC15253DB60}: NameServer = 192.168.0.1
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\MSERO.DLL

-------------------------------------------------------------------

Ich hoffe mir kann jemand helfen trojaner etc. zu beseitigen.

MFG

Phy

Sieht nicht sonderlich gut aus,lass diese Dateien

C:\WINDOWS\mgcopo.exe

C:\Programme\ISTsvc\istsvc.exe

bitte hier überprüfen,poste dann das Ergebnis http://virusscan.jotti.org/de

Poste dann bitte auch nochmal ein Log von der aktuellen Version http://filepony.de/download-hijackthis/

diese istsvc kann man nicht löschen; hab sie im taksmanager immer beendet aber der ruft die direkt neu auf.

hier is das neue logfile:

Logfile of HijackThis v1.99.0
Scan saved at 20:17:26, on 02.01.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Java\j2re1.5.0\bin\jusched.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\WINDOWS\mgcopo.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Games\Valve\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\Programme\Network Associates\VirusScan\Vshwin32.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\Programme\Network Associates\VirusScan\Webscanx.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Java\j2re1.5.0\bin\javaw.exe
C:\Programme\Opera7\Opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\bases\mwavscan.com
C:\bases\kavss.exe
C:\Programme\WinRAR\WinRAR.exe
C:\Programme\ISTsvc\istsvc.exe
C:\DOKUME~1\Kevin\LOKALE~1\Temp\_tc\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.225.176.14/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://195.225.176.14/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\cyjsr.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.225.176.14/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8DD27DB3-0C48-1E32-BD4B-2542936D6EB5} - C:\WINDOWS\system32\sdkrq32.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [OcdVpIJE] C:\WINDOWS\mgcopo.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [¢?¸u0?4C
}ïÁzî[8C:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\mgcopo.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] E:\Games\Valve\Steam\Steam.exe -silent
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CD.../bridge-c7.cab
O16 - DPF: {4646ADAE-DB03-45A5-8508-A0E8C138F4D5} (Nexon Connection Control) - http://file.nx.com/ActiveX/Public/NxConn.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1104591644633
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E3221EF-0AFC-4D33-902B-09C87E391A94}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A235992B-0331-4420-BF3E-CFC15253DB60}: NameServer = 192.168.0.1
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager - Unknown - C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Ich KANN mich nicht daran erinnern,geschrieben zu haben,dass du die Datei löschen sollst!

Du solltest das Ergebnis von dem Scan hier posten,mehr nicht!