| Andreas-18 | 24.09.2005 15:26 |
W32.Sinnaka.A@mm
habe probleme mit W32.Sinnaka.A@mm
bitte um schnelle hilfe ....
mein hijackthis.log ist:
Logfile of HijackThis v1.99.1
Scan saved at 15:50:17, on 24.09.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mssearchnet.exe
C:\WINNT\system32\nvctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\program files\180search assistant\saap.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\r?ndll32.exe
C:\Programme\tbpa\bhol.exe
C:\WINNT\system32\wuauclt.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\WINNT\uninstIU.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Dokumente und Einstellungen\Bednarek\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.searchmaid.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://searchmaid.com/bar/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.searchmaid.com/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.fireball.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.searchmaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.searchmaid.com/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://searchmaid.com/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.searchmaid.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.searchmaid.com/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://www.searchmaid.com/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://www.searchmaid.com/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = h**p://www.searchmaid.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = h**p://www.searchmaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1&1 Internet AG
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINNT\system32\hp3DB5.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Update] explore.exe
O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
O4 - HKLM\..\Run: [desktop] C:\WINNT\system32\desktop.exe
O4 - HKLM\..\Run: [Software] C:\WINNT\system32\Software\software.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINNT\logon.exe
O4 - HKLM\..\Run: [ThZaMUNDs] C:\WINNT\xqiqc.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [¢ª¸ï0/4»��}¥ “x‡�5�_C:\Programme\ISTsvc\istsvc.exe] C:\WINNT\xqiqc.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [clfmon] C:\WINNT\clfmon.exe
O4 - HKLM\..\Run: [MSN Messenger] C:\WINNT\system32\msmsgs.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Programme\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe
O4 - HKLM\..\Run: [ebypohcr] C:\WINNT\ebypohcr.exe
O4 - HKLM\..\Run: [PSGuard] C:\Programme\PSGuard\PSGuard.exe
O4 - HKLM\..\RunServices: [Microsoft Update] explore.exe
O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Microsoft Update] explore.exe
O4 - HKCU\..\Run: [Microsoft Office] lserv.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SysTime] C:\WINNT\system32\systime.exe
O4 - HKCU\..\Run: [Vck] C:\WINNT\system32\r?ndll32.exe
O4 - HKCU\..\Run: [Uaww] C:\Programme\tbpa\bhol.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {BEBD3C02-474A-4289-8909-FF997A097E9C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BEBD3C02-474A-4289-8909-FF997A097E9C} - (no file) (HKCU)
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.finefind.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 69.50.161.82 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - h**p://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - h**p://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - h**p://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - h**p://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - h**p://www.netvenda.com/sites/games-intl/de/games4.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - h**p://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - h**p://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - h**p://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - h**p://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - h**p://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Filter: text/html - {08942F12-F7AE-46B9-BA2B-7444B4A7FEAD} - C:\Dokumente und Einstellungen\Bednarek\Lokale Einstellungen\Anwendungsdaten\microsoft\internet explorer\V0.34.dat
O18 - Filter: text/plain - {20928C2E-DDBD-43D2-AB4C-56D14575C5E4} - C:\WINNT\system32\acg.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
[edit]
links entfernt
[/edit] | 