- #1
P
PC-Laie
Mitglied
Themenersteller
- Dabei seit
- 19.01.2004
- Beiträge
- 5
- Reaktionspunkte
- 0
Hilfe
Ich möchte gerne den Virus entfernen, weiss aber nicht welche Zeilen ich löschen darf oder muss. Kann mir jemand helfen? Ich wäre wirklich sehr dankbar.
Das Logfile habe ich in das Mail reinkopiert.
Gruss
PC-Laie
Logfile of HijackThis v1.97.7
Scan saved at 10:53:50, on 19.01.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
c:\_integra\bin\shstart.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe
D:\Programs\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Gemplus\CertReg\certreg.exe
D:\Programs\OfficeXP\Office10\OUTLOOK.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
c:\winxp\system32\proquota.exe
C:\WINXP\System32\ctfmon.exe
C:\WINXP\system32\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allneedsearch.com/spm.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allneedsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intra.axpo.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://teen-biz.com/
F2 - REG:system.ini: UserInit=c:\winxp\system32\userinit.exe,c:\_integra\bin\shstart.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CCM User Profile Manager] c:\_integra\upm\bin\CCM_User.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PC-Duo System Snapshot] d:\programs\PCD32\CLBOOT32.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINXP\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINXP\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINXP\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Wcontrol_Check] c:\winxp\wc_proof.cmd
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [HPPresentationReady] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] D:\Programs\Network Associates\VirusScan\SHSTAT.EXE /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O4 - HKLM\..\Run: [SfWinStartInfo] D:\Programs\SFIRM32\sfWinStartupInfo.exe
O4 - HKLM\..\Run: [CertReg] C:\Program Files\Common Files\Gemplus\CertReg\certreg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\OfficeXP\Office10\OSA.EXE
O4 - Global Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: winlogon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\OfficeXP\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://intra.axpo.ch
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prod.axponet.ch
O17 - HKLM\Software\..\Telephony: DomainName = prod.axponet.ch
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prod.axponet.ch
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prod.axponet.ch
Ich möchte gerne den Virus entfernen, weiss aber nicht welche Zeilen ich löschen darf oder muss. Kann mir jemand helfen? Ich wäre wirklich sehr dankbar.
Das Logfile habe ich in das Mail reinkopiert.
Gruss
PC-Laie
Logfile of HijackThis v1.97.7
Scan saved at 10:53:50, on 19.01.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
c:\_integra\bin\shstart.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe
D:\Programs\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Gemplus\CertReg\certreg.exe
D:\Programs\OfficeXP\Office10\OUTLOOK.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
c:\winxp\system32\proquota.exe
C:\WINXP\System32\ctfmon.exe
C:\WINXP\system32\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allneedsearch.com/spm.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allneedsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intra.axpo.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allneedsearch.com/spm.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://teen-biz.com/
F2 - REG:system.ini: UserInit=c:\winxp\system32\userinit.exe,c:\_integra\bin\shstart.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CCM User Profile Manager] c:\_integra\upm\bin\CCM_User.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PC-Duo System Snapshot] d:\programs\PCD32\CLBOOT32.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINXP\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINXP\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINXP\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Wcontrol_Check] c:\winxp\wc_proof.cmd
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [HPPresentationReady] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] D:\Programs\Network Associates\VirusScan\SHSTAT.EXE /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O4 - HKLM\..\Run: [SfWinStartInfo] D:\Programs\SFIRM32\sfWinStartupInfo.exe
O4 - HKLM\..\Run: [CertReg] C:\Program Files\Common Files\Gemplus\CertReg\certreg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\OfficeXP\Office10\OSA.EXE
O4 - Global Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: winlogon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\OfficeXP\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra->Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://intra.axpo.ch
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prod.axponet.ch
O17 - HKLM\Software\..\Telephony: DomainName = prod.axponet.ch
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prod.axponet.ch
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prod.axponet.ch