- #1
U
uteiris
Neues Mitglied
Themenersteller
- Dabei seit
- 15.01.2005
- Beiträge
- 2
- Reaktionspunkte
- 0
hallo zusammen,
habe schon viele Versuche gestartet diesen Hijacker los zu werden.
Leider ohne Erfolg.
Logfile of HijackThis v1.99.0
Scan saved at 23:08:07, on 15.01.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\PROGRAMME\AVGCTRL.EXE
D:\PROGRAMME\AVSCHED32.EXE
C:\PROGRAMME\D4\D4.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMME\DSC_FOLDER\DL10.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\TMPF03.EXE
C:\WINDOWS\SYSTEM\TMPF04.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DRWATSON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
E:\THEBAT!\THEBAT.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\PROGRAMME\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.034\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/005/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/005/index.html
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAMME\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAMME\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVSCHED32] D:\PROGRAMME\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Dimension4] C:\PROGRAMME\D4\D4.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KPF4] D:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAMME\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [FreeMem Pro] D:\PROGRAMME\FREEMEM PROFESSIONAL\FMEMPRO.EXE autostart
O4 - HKCU\..\Run: [Skype] D:\PROGRAMME\SKYPE\PHONE\SKYPE.EXE /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [TClockEx] C:\PROGRAMME\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\RunServices: [FreeMem Pro] D:\PROGRAMME\FREEMEM PROFESSIONAL\FMEMPRO.EXE autostart
O4 - HKCU\..\RunServices: [Skype] D:\PROGRAMME\SKYPE\PHONE\SKYPE.EXE /nosplash /minimized
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - Startup: DL-10.lnk = C:\Programme\DSC_Folder\DL10.exe
O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Webshots.lnk = C:\Programme\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAMME\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAMME\FLASHGET\jc_all.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMME\FLASHGET\FLASHGET.EXE
O9 - Extra->Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMME\FLASHGET\FLASHGET.EXE
O13 - DefaultPrefix: http://nowfind.net/rand/gallery.php?url=
O13 - WWW Prefix: http://nowfind.net/rand/gallery.php?url=
O13 - Home Prefix: http://nowfind.net/rand/gallery.php?url=
O13 - Mosaic Prefix: http://nowfind.net/rand/gallery.php?url=
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
O21 - SSODL: DDE Module - {DABB03E9-AC0D-3740-E3E5-4B37C80837E5} - C:\WINDOWS\SYSTEM\mtwirl.dll
O21 - SSODL: eplrr - {BF58AB4B-3506-4D9D-B322-03766AD1109C} - C:\WINDOWS\SYSTEM\eplrr3.dll (file missing)
Ich hoffe, dass ihr mir helfen könnt.
Vielen Dank
Thomas
habe schon viele Versuche gestartet diesen Hijacker los zu werden.
Leider ohne Erfolg.
Logfile of HijackThis v1.99.0
Scan saved at 23:08:07, on 15.01.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\PROGRAMME\AVGCTRL.EXE
D:\PROGRAMME\AVSCHED32.EXE
C:\PROGRAMME\D4\D4.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMME\DSC_FOLDER\DL10.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\WINDOWS\SYSTEM\TMPF03.EXE
C:\WINDOWS\SYSTEM\TMPF04.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPCTR.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DRWATSON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
E:\THEBAT!\THEBAT.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\PROGRAMME\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.034\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/005/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nowfind.net/005/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/005/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nowfind.net/005/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.nowfind.net/005/index.html
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAMME\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAMME\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVSCHED32] D:\PROGRAMME\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [Dimension4] C:\PROGRAMME\D4\D4.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KPF4] D:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [TClockEx] C:\PROGRAMME\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\Run: [FreeMem Pro] D:\PROGRAMME\FREEMEM PROFESSIONAL\FMEMPRO.EXE autostart
O4 - HKCU\..\Run: [Skype] D:\PROGRAMME\SKYPE\PHONE\SKYPE.EXE /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [TClockEx] C:\PROGRAMME\TCLOCKEX\TCLOCKEX.EXE
O4 - HKCU\..\RunServices: [FreeMem Pro] D:\PROGRAMME\FREEMEM PROFESSIONAL\FMEMPRO.EXE autostart
O4 - HKCU\..\RunServices: [Skype] D:\PROGRAMME\SKYPE\PHONE\SKYPE.EXE /nosplash /minimized
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - Startup: DL-10.lnk = C:\Programme\DSC_Folder\DL10.exe
O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Webshots.lnk = C:\Programme\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAMME\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAMME\FLASHGET\jc_all.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\PROGRAMME\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMME\FLASHGET\FLASHGET.EXE
O9 - Extra->Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMME\FLASHGET\FLASHGET.EXE
O13 - DefaultPrefix: http://nowfind.net/rand/gallery.php?url=
O13 - WWW Prefix: http://nowfind.net/rand/gallery.php?url=
O13 - Home Prefix: http://nowfind.net/rand/gallery.php?url=
O13 - Mosaic Prefix: http://nowfind.net/rand/gallery.php?url=
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.1
O21 - SSODL: DDE Module - {DABB03E9-AC0D-3740-E3E5-4B37C80837E5} - C:\WINDOWS\SYSTEM\mtwirl.dll
O21 - SSODL: eplrr - {BF58AB4B-3506-4D9D-B322-03766AD1109C} - C:\WINDOWS\SYSTEM\eplrr3.dll (file missing)
Ich hoffe, dass ihr mir helfen könnt.
Vielen Dank
Thomas