- #1
B
Beat_Baller
Neues Mitglied
Themenersteller
- Dabei seit
- 03.04.2005
- Beiträge
- 1
- Reaktionspunkte
- 0
Ich hab schon einige beiträge zu hotoffers gelesen, es aber leider noch nicht runtergekriegt. Kann mir irgendjemand helfen??? Ich häng die logfile von hijackthis 1.99 ran...
Logfile of HijackThis v1.99.1
Scan saved at 16:04:59, on 03.04.2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\D3UD.EXE
C:\WINDOWS\SYSTEM\IPCW32.EXE
C:\WINDOWS\SYSTEM\ATLJV32.EXE
C:\WINDOWS\MFCRZ.EXE
C:\WINDOWS\SYSTEM\JAVAYE32.EXE
C:\WINDOWS\SYSTEM\MSLB32.EXE
C:\WINDOWS\APPVN.EXE
C:\WINDOWS\NTVA32.EXE
C:\WINDOWS\MFCJI.EXE
C:\WINDOWS\SYSTEM\WINKX.EXE
C:\WINDOWS\NTYE.EXE
C:\WINDOWS\SYSTEM\SYSUZ.EXE
C:\WINDOWS\IPJR.EXE
C:\WINDOWS\SYSTEM\APIAC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\WINDOWS\SYSTEM\DBSERVER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAMME\UMSD TOOLS2.35\UMSD.EXE
C:\PROGRAMME\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\WINDOWS\SYSTEM\NLOATOW.EXE
C:\PROGRAMME\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\WINDOWS\ANWENDUNGSDATEN\OTCE.EXE
C:\WINDOWS\SYSTEM\SQS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\TEMP\RAR$EX00.692\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/271/
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\msoffice.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {35B9CD02-3A45-5C14-BE35-2D79309FA460} - C:\WINDOWS\SYSTEM\SYSOB32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
O4 - HKLM\..\Run: [Gravis AppAware Loader] C:\WINDOWS\SYSTEM\DBServer.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CXMon] C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PLoader] c:\programme\umsd tools2.35\umsd.exe sys_auto_run C:\PROGRAMME\UMSD TOOLS2.35
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [WebRun] C:\WINDOWS\SYSTEM\WEB.EXE
O4 - HKLM\..\Run: [nloatow] c:\windows\system\nloatow.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [JAVAYE32.EXE] C:\WINDOWS\SYSTEM\JAVAYE32.EXE
O4 - HKLM\..\RunServices: [D3UD.EXE] C:\WINDOWS\D3UD.EXE
O4 - HKLM\..\RunServices: [MSLB32.EXE] C:\WINDOWS\SYSTEM\MSLB32.EXE
O4 - HKLM\..\RunServices: [MFCRZ.EXE] C:\WINDOWS\MFCRZ.EXE
O4 - HKLM\..\RunServices: [ATLJV32.EXE] C:\WINDOWS\SYSTEM\ATLJV32.EXE
O4 - HKLM\..\RunServices: [IPCW32.EXE] C:\WINDOWS\SYSTEM\IPCW32.EXE
O4 - HKLM\..\RunServices: [APPVN.EXE] C:\WINDOWS\APPVN.EXE
O4 - HKLM\..\RunServices: [NTVA32.EXE] C:\WINDOWS\NTVA32.EXE
O4 - HKLM\..\RunServices: [IPJR.EXE] C:\WINDOWS\IPJR.EXE
O4 - HKLM\..\RunServices: [WINKX.EXE] C:\WINDOWS\SYSTEM\WINKX.EXE
O4 - HKLM\..\RunServices: [APIAC.EXE] C:\WINDOWS\SYSTEM\APIAC.EXE
O4 - HKLM\..\RunServices: [NTYE.EXE] C:\WINDOWS\NTYE.EXE
O4 - HKLM\..\RunServices: [MFCJI.EXE] C:\WINDOWS\MFCJI.EXE
O4 - HKLM\..\RunServices: [SYSUZ.EXE] C:\WINDOWS\SYSTEM\SYSUZ.EXE
O4 - HKCU\..\Run: [IntelProcNumUtility] C:\Programme\Intel\Intel PSNCU\CPUNumber.exe /nosplash
O4 - HKCU\..\Run: [Ubeo] C:\WINDOWS\Anwendungsdaten\otce.exe
O4 - HKCU\..\Run: [Hfycc] C:\WINDOWS\SYSTEM\sqs.exe
O4 - HKCU\..\Run: [WebRun] C:\WINDOWS\SYSTEM\WEB.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\SYSTEM\CRT32_V2.DLL
O9 - Extra button: Microsoft® JavaScript® Console - {11C602E0-A1E2-11D8-83FF-444553540000} - C:\WINDOWS\SYSTEM\COMDLG32.OCX
O9 - Extra->Tools' menuitem: JavaScript Console - {11C602E0-A1E2-11D8-83FF-444553540000} - C:\WINDOWS\SYSTEM\COMDLG32.OCX
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\SYSTEM\CRT32_V2.DLL (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {11C602E0-A1E2-11D8-83FF-444553540000} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra->Tools' menuitem: JavaScript Console - {11C602E0-A1E2-11D8-83FF-444553540000} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults:->http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults:->http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C: oo.mht!http://www.hotoffers.info//v271//dropper.chm::/dropper.exe
Für Hilfe wäre ich dankbar...
Logfile of HijackThis v1.99.1
Scan saved at 16:04:59, on 03.04.2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\D3UD.EXE
C:\WINDOWS\SYSTEM\IPCW32.EXE
C:\WINDOWS\SYSTEM\ATLJV32.EXE
C:\WINDOWS\MFCRZ.EXE
C:\WINDOWS\SYSTEM\JAVAYE32.EXE
C:\WINDOWS\SYSTEM\MSLB32.EXE
C:\WINDOWS\APPVN.EXE
C:\WINDOWS\NTVA32.EXE
C:\WINDOWS\MFCJI.EXE
C:\WINDOWS\SYSTEM\WINKX.EXE
C:\WINDOWS\NTYE.EXE
C:\WINDOWS\SYSTEM\SYSUZ.EXE
C:\WINDOWS\IPJR.EXE
C:\WINDOWS\SYSTEM\APIAC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE
C:\WINDOWS\SYSTEM\DBSERVER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAMME\UMSD TOOLS2.35\UMSD.EXE
C:\PROGRAMME\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\MSHTA.EXE
C:\WINDOWS\SYSTEM\NLOATOW.EXE
C:\PROGRAMME\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\WINDOWS\ANWENDUNGSDATEN\OTCE.EXE
C:\WINDOWS\SYSTEM\SQS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\TEMP\RAR$EX00.692\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/271/
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\SYSTEM\msoffice.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {35B9CD02-3A45-5C14-BE35-2D79309FA460} - C:\WINDOWS\SYSTEM\SYSOB32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
O4 - HKLM\..\Run: [Gravis AppAware Loader] C:\WINDOWS\SYSTEM\DBServer.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CXMon] C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PLoader] c:\programme\umsd tools2.35\umsd.exe sys_auto_run C:\PROGRAMME\UMSD TOOLS2.35
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [WebRun] C:\WINDOWS\SYSTEM\WEB.EXE
O4 - HKLM\..\Run: [nloatow] c:\windows\system\nloatow.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [JAVAYE32.EXE] C:\WINDOWS\SYSTEM\JAVAYE32.EXE
O4 - HKLM\..\RunServices: [D3UD.EXE] C:\WINDOWS\D3UD.EXE
O4 - HKLM\..\RunServices: [MSLB32.EXE] C:\WINDOWS\SYSTEM\MSLB32.EXE
O4 - HKLM\..\RunServices: [MFCRZ.EXE] C:\WINDOWS\MFCRZ.EXE
O4 - HKLM\..\RunServices: [ATLJV32.EXE] C:\WINDOWS\SYSTEM\ATLJV32.EXE
O4 - HKLM\..\RunServices: [IPCW32.EXE] C:\WINDOWS\SYSTEM\IPCW32.EXE
O4 - HKLM\..\RunServices: [APPVN.EXE] C:\WINDOWS\APPVN.EXE
O4 - HKLM\..\RunServices: [NTVA32.EXE] C:\WINDOWS\NTVA32.EXE
O4 - HKLM\..\RunServices: [IPJR.EXE] C:\WINDOWS\IPJR.EXE
O4 - HKLM\..\RunServices: [WINKX.EXE] C:\WINDOWS\SYSTEM\WINKX.EXE
O4 - HKLM\..\RunServices: [APIAC.EXE] C:\WINDOWS\SYSTEM\APIAC.EXE
O4 - HKLM\..\RunServices: [NTYE.EXE] C:\WINDOWS\NTYE.EXE
O4 - HKLM\..\RunServices: [MFCJI.EXE] C:\WINDOWS\MFCJI.EXE
O4 - HKLM\..\RunServices: [SYSUZ.EXE] C:\WINDOWS\SYSTEM\SYSUZ.EXE
O4 - HKCU\..\Run: [IntelProcNumUtility] C:\Programme\Intel\Intel PSNCU\CPUNumber.exe /nosplash
O4 - HKCU\..\Run: [Ubeo] C:\WINDOWS\Anwendungsdaten\otce.exe
O4 - HKCU\..\Run: [Hfycc] C:\WINDOWS\SYSTEM\sqs.exe
O4 - HKCU\..\Run: [WebRun] C:\WINDOWS\SYSTEM\WEB.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\SYSTEM\CRT32_V2.DLL
O9 - Extra button: Microsoft® JavaScript® Console - {11C602E0-A1E2-11D8-83FF-444553540000} - C:\WINDOWS\SYSTEM\COMDLG32.OCX
O9 - Extra->Tools' menuitem: JavaScript Console - {11C602E0-A1E2-11D8-83FF-444553540000} - C:\WINDOWS\SYSTEM\COMDLG32.OCX
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - C:\WINDOWS\SYSTEM\CRT32_V2.DLL (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {11C602E0-A1E2-11D8-83FF-444553540000} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra->Tools' menuitem: JavaScript Console - {11C602E0-A1E2-11D8-83FF-444553540000} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults:->http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults:->http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C: oo.mht!http://www.hotoffers.info//v271//dropper.chm::/dropper.exe
Für Hilfe wäre ich dankbar...
