Log-File bitte auswerten
 

Ist mein PC noch zu retten? :confused:

Danke im voraus :D

Logfile of HijackThis v1.99.1
Scan saved at 09:57:45, on 03.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\VGhvbWFzIE38bGxlcgAA\command.exe
C:\Program Files\ESTOS\MetaDirectory\metasrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$EUROPA3000\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\phugrvc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\windows\sp2update00.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Programme\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe
O4 - HKLM\..\Run: [ETapiSt] "C:\Program Files\ESTOS\ProCall\etapist.exe" -autostart
O4 - HKLM\..\Run: [j4c77cmR] C:\WINDOWS\dwjpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HcIc7] C:\WINDOWS\spbuh.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Á³#*L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\spbuh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Qa1DM] C:\WINDOWS\phugrvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [NI.UWFX5U_0001_LP] "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5U_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FeedOwl] C:\Program Files\FeedOwl\FeedOwl.exe
O4 - HKCU\..\Run: [iqof] C:\PROGRA~1\COMMON~1\iqof\iqofm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google-Suche - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.opti-mischte.ch
O16 - DPF: {0A0FD216-C784-11D3-8B73-0050DA3B3FE5} (ActiveFormX Element) - h**p://www.freeoffice.de/views/import/CASUpload.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - h**p://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - h**p://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - h**p://www.midasplayer.com/midasa.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - h**p://promo.dollarrevenue.com/webmasterexe/drsmartload44a.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - h**p://software-dl.real.com/1075e4d12e1e71b9fd05/netzip/RdxIE601_de.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - h**p://212.254.202.87/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - h**p://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - h**p://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - h**p://62.2.196.110/activex/AxisCamControl.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - h**p://www.180searchassistant.com/180saax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - h**p://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - h**p://advnt01.com/dialer/int_ver30.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - h**p://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - h**p://advnt01.com/dialer/internazionale_ver15.CAB
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - h**p://advnt01.com/dialer/internazionale_ver11.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - h**p://www.creative.com/su/ocx/15009/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B32E1777-1DA4-46C5-A902-5949D8AFA3AE}: NameServer = 213.189.128.1,213.189.129.10
O18 - Filter: text/html - {A48BAF61-DB36-4ACC-ABB8-AFB2A2D98832} - C:\Documents and Settings\****\Local Settings\Application Data\microsoft\internet explorer\V0.34.dat
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\n88o0il3e8q.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGhvbWFzIE38bGxlcgAA\command.exe
O23 - Service: DvISE Discussion Server (DavidDiscussionServer) - Tobit Software - C:\David\APPS\DSERVER\CODE\DSERVER.EXE
O23 - Service: DvISE Grabbing Server (DavidGrabbingServer) - Tobit Software - C:\David\APPS\DVGRAB\CODE\DVGRAB.EXE
O23 - Service: DvISE Host (DavidHost) - Tobit Software - C:\David\APPS\DVHOST\CODE\DVHOST.EXE
O23 - Service: DvISE Mail Access Server (DavidMailAccessServer) - Tobit Software - C:\David\APPS\MASERVER\CODE\MASERVER.EXE
O23 - Service: DvISE PCL Conversion Server (DavidPCL) - Tobit Software - C:\David\APPS\FAXWARE\CONVERT\PCL\PCL.EXE
O23 - Service: DvISE PostMan (DavidPostMan) - Tobit Software - C:\David\APPS\POSTMAN\CODE\POSTMAN.EXE
O23 - Service: DvISE Replica (DavidReplica) - Tobit Software - C:\David\APPS\REPLICA\CODE\REPLICA.EXE
O23 - Service: DvISE Service Layer (DavidServiceLayer) - Tobit Software - C:\David\CODE\SL.EXE
O23 - Service: DvISE TLD 001 (DavidTLD001) - Tobit Software - C:\David\TLD\CODE\CAPI\TLD.EXE
O23 - Service: DvISE WebBox (DavidWebBox) - Tobit Software - C:\David\APPS\WEBBOX\CODE\WEBBOX.EXE
O23 - Service: ESTOS MetaDirectory (emetasrv) - Unknown owner - C:\Program Files\ESTOS\MetaDirectory\metasrv.exe" -s (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Servus, daska!
Das sicher - aber das "Wie" bleibt vorerst offen! Du hast eine ziemliche Sammlung von ad/spyware und dialer an board.
Lass´ mal folgende Dateien bei http://virusscan.jotti.org/de prüfen und poste das Ergebnis anschließend hier. Falls Du eine Fehlermeldung (0 bytes ...) bekommst, beende den zur Datei gehörenden Prozess und/oder dekativiere temporär Dein PFW.
Sollte beides nichts bringen, kopiere die Dateien in ein anderes Verzeichnis, benenne sie um und versuche es damit. Zum Auffinden versteckter Dateien nutze den link in meiner Signatur
bis dann, stupormundi

Ok danke, werde ich mal machen.
Vielleicht ist es einfacher die Kiste neu aufzusetzen.

Das ist bei der Sammlung keine grundfalsche Überlegung. Halte Dich dabei an diese Anleitung von Cidre http://www.trojaner-board.de/showthread.php?t=12154
Die Ergebnisse von Jotti wären aber trotzdem interessant
Und wegen der dialer - falls Du nicht ausschließlich mit dsl ins I.Net einsteigst, achte auf Deine Online-Abrechnungen!
stupormundi

Mit Jotti Ergebnisse posten wird nichts. PC stürzt immer ab.
Werde es neu aufsetzen. Danke trotzdem.
Habe wenigstens noch mein Laptop das funktioniert :D