E
every2001
Guest
Hallo,
bin leider auch seit gestern befallen.
Wer kann mir helfen?
anschließend mein highjackthis.log
Logfile of HijackThis v1.97.7
Scan saved at 15:33:42, on 21.06.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C
rogrammeGemeinsame DateienSymantec SharedccSetMgr.exe
CrogrammeGemeinsame DateienSymantec SharedccEvtMgr.exe
C:WINNTsystem32spoolsv.exe
CrogrammeWIDCOMMBluetooth Softwarebinbtwdins.exe
CrogrammeGemeinsame DateienSymantec SharedccProxy.exe
C:WINNTsystem32DRIVERSdcfssvc.exe
C:WINNTSystem32svchost.exe
C:WINNTsystem32hidserv.exe
CrogrammeNorton Internet SecurityNorton AntiVirusnavapsvc.exe
CrogrammeVeriSignNAVInaviagent.exe
C:WINNTsystem32nvsvc32.exe
CrogrammeKODAKKODAK BildübertragungssoftwarePTSsvc.exe
C:WINNTsystem32regsvc.exe
CrogrammeNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:WINNTsystem32MSTask.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32svchost.exe
C:WINNTExplorer.EXE
C:WINNTLogi_MwX.Exe
C:WINNTsystem32spoolDRIVERSW32X86hpoopm07.exe
CrogrammeGemeinsame DateienSymantec SharedccApp.exe
C:WINNTsystem32RUNDLL32.EXE
C:WINNTsystem32internat.exe
CrogrammeLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
CrogrammeSpybot - Search & DestroyTeaTimer.exe
CrogrammeWIDCOMMBluetooth SoftwareBTTray.exe
C:WINNTsystem32rundll32.exe
CrogrammeKodakKODAK Bildübertragungssoftwarepts.exe
CrogrammeLogitechSetPointKEM.exe
CROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXE
CROGRAMMELOGITECHSETPOINTKHALMNPR.EXE
C:WINNTSystem32svchost.exe
CrogrammeLogitechSetPointMediaPlayerMgr.exe
CrogrammeGenesys LogicUSB File Transfer 1.13AGeneLink.exe
CrogrammeAVPersonalAVWUPSRV.EXE
CrogrammeAVPersonalAVGUARD.EXE
CrogrammeAVPersonalAVGNT.EXE
Cokumente und EinstellungenAdministratorEigene DateienDownloadViren_Wuermer_TrojanerHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://COKUME~1ADMINI~1LOKALE~1Tempsp.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://COKUME~1ADMINI~1LOKALE~1Tempsp.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://COKUME~1ADMINI~1LOKALE~1Tempsp.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://COKUME~1ADMINI~1LOKALE~1Tempsp.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://COKUME~1ADMINI~1LOKALE~1Tempsp.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://COKUME~1ADMINI~1LOKALE~1Tempsp.html
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - CrogrammeVeriSigni-Navi-nav_4_1_4.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CrogrammeAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {7EAE8FC1-C524-4AEC-A75D-4450CABB9E6D} - C:WINNTsystem32goab.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CrogrammeGemeinsame DateienSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - CrogrammeNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - CrogrammeVeriSigni-Navi-nav_4_1_4.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - CrogrammeGemeinsame DateienSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - CrogrammeNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [HPAIO_PrintFolderMgr] C:WINNTsystem32spoolDRIVERSW32X86hpoopm07.exe
O4 - HKLM..Run: [ccApp] "CrogrammeGemeinsame DateienSymantec SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] CrogrammeNorton Internet SecurityUrlLstCk.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINNTsystem32NeroCheck.exe
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [Mobile Phone Suite] CrogrammeLogitechMobile Phone SuiteMobilePhoneSuite.exe -nogui
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINNTsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [AVGCtrl] CrogrammeAVPersonalAVGNT.EXE /min
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [LDM] CrogrammeLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] CrogrammeSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [Spyware Begone] c:freescanfreescan.exe -FastScan
O4 - Global Startup: BTTray.lnk = CrogrammeWIDCOMMBluetooth SoftwareBTTray.exe
O4 - Global Startup: KODAK Bildübertragungssoftware.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = CrogrammeLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = CrogrammeLogitechSetPointKEM.exe
O4 - Global Startup: Microsoft Office.lnk = CrogrammeMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: Senden an &Bluetooth - CrogrammeWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
O9 - Extra button: Hilfe zu i-Nav (HKLM)
O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav (HKLM)
O9 - Extra 'Tools' menuitem: Optionen für i-Nav (HKLM)
O12 - Plugin for .tif: CrogrammeInternet ExplorerPLUGINSnpqtplugin3.dll
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:nosuch.mht!
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLMSystemCCSServicesTcpip..{867097B4-DE2B-46B1-880C-11F699C83617}: NameServer = 192.168.120.252,192.168.120.253
Vielen Dank
Bis denne Every
bin leider auch seit gestern befallen.
Wer kann mir helfen?
anschließend mein highjackthis.log
Logfile of HijackThis v1.97.7
Scan saved at 15:33:42, on 21.06.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C
rogrammeGemeinsame DateienSymantec SharedccSetMgr.exeC
rogrammeGemeinsame DateienSymantec SharedccEvtMgr.exeC:WINNTsystem32spoolsv.exe
C
rogrammeWIDCOMMBluetooth Softwarebinbtwdins.exeC
rogrammeGemeinsame DateienSymantec SharedccProxy.exeC:WINNTsystem32DRIVERSdcfssvc.exe
C:WINNTSystem32svchost.exe
C:WINNTsystem32hidserv.exe
C
rogrammeNorton Internet SecurityNorton AntiVirusnavapsvc.exeC
rogrammeVeriSignNAVInaviagent.exeC:WINNTsystem32nvsvc32.exe
C
rogrammeKODAKKODAK BildübertragungssoftwarePTSsvc.exeC:WINNTsystem32regsvc.exe
C
rogrammeNorton Internet SecurityNorton AntiVirusSAVScan.exeC:WINNTsystem32MSTask.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32svchost.exe
C:WINNTExplorer.EXE
C:WINNTLogi_MwX.Exe
C:WINNTsystem32spoolDRIVERSW32X86hpoopm07.exe
C
rogrammeGemeinsame DateienSymantec SharedccApp.exeC:WINNTsystem32RUNDLL32.EXE
C:WINNTsystem32internat.exe
C
rogrammeLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exeC
rogrammeSpybot - Search & DestroyTeaTimer.exeC
rogrammeWIDCOMMBluetooth SoftwareBTTray.exeC:WINNTsystem32rundll32.exe
C
rogrammeKodakKODAK Bildübertragungssoftwarepts.exeC
rogrammeLogitechSetPointKEM.exeC
ROGRA~1WIDCOMMBLUETO~1BTSTAC~1.EXEC
ROGRAMMELOGITECHSETPOINTKHALMNPR.EXEC:WINNTSystem32svchost.exe
C
rogrammeLogitechSetPointMediaPlayerMgr.exeC
rogrammeGenesys LogicUSB File Transfer 1.13AGeneLink.exeC
rogrammeAVPersonalAVWUPSRV.EXEC
rogrammeAVPersonalAVGUARD.EXEC
rogrammeAVPersonalAVGNT.EXEC
okumente und EinstellungenAdministratorEigene DateienDownloadViren_Wuermer_TrojanerHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C
OKUME~1ADMINI~1LOKALE~1Tempsp.htmlR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C
OKUME~1ADMINI~1LOKALE~1Tempsp.htmlR1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C
OKUME~1ADMINI~1LOKALE~1Tempsp.htmlR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C
OKUME~1ADMINI~1LOKALE~1Tempsp.htmlR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C
OKUME~1ADMINI~1LOKALE~1Tempsp.htmlR0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C
OKUME~1ADMINI~1LOKALE~1Tempsp.htmlR1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C
rogrammeVeriSigni-Navi-nav_4_1_4.dllO2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C
rogrammeAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocxO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C
ROGRA~1SPYBOT~1SDHelper.dllO2 - BHO: (no name) - {7EAE8FC1-C524-4AEC-A75D-4450CABB9E6D} - C:WINNTsystem32goab.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C
rogrammeGemeinsame DateienSymantec SharedAdBlockingNISShExt.dllO2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C
rogrammeNorton Internet SecurityNorton AntiVirusNavShExt.dllO2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C
rogrammeVeriSigni-Navi-nav_4_1_4.dllO3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C
rogrammeGemeinsame DateienSymantec SharedAdBlockingNISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C
rogrammeNorton Internet SecurityNorton AntiVirusNavShExt.dllO4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [HPAIO_PrintFolderMgr] C:WINNTsystem32spoolDRIVERSW32X86hpoopm07.exe
O4 - HKLM..Run: [ccApp] "C
rogrammeGemeinsame DateienSymantec SharedccApp.exe"O4 - HKLM..Run: [URLLSTCK.exe] C
rogrammeNorton Internet SecurityUrlLstCk.exeO4 - HKLM..Run: [NeroFilterCheck] C:WINNTsystem32NeroCheck.exe
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [Mobile Phone Suite] C
rogrammeLogitechMobile Phone SuiteMobilePhoneSuite.exe -noguiO4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINNTsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [AVGCtrl] C
rogrammeAVPersonalAVGNT.EXE /minO4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [LDM] C
rogrammeLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exeO4 - HKCU..Run: [SpybotSD TeaTimer] C
rogrammeSpybot - Search & DestroyTeaTimer.exeO4 - HKCU..Run: [Spyware Begone] c:freescanfreescan.exe -FastScan
O4 - Global Startup: BTTray.lnk = C
rogrammeWIDCOMMBluetooth SoftwareBTTray.exeO4 - Global Startup: KODAK Bildübertragungssoftware.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C
rogrammeLogitechDesktop Messenger8876480ProgramLDMConf.exeO4 - Global Startup: Logitech SetPoint.lnk = C
rogrammeLogitechSetPointKEM.exeO4 - Global Startup: Microsoft Office.lnk = C
rogrammeMicrosoft OfficeOfficeOSA9.EXEO8 - Extra context menu item: Senden an &Bluetooth - C
rogrammeWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htmO9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
O9 - Extra button: Hilfe zu i-Nav (HKLM)
O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav (HKLM)
O9 - Extra 'Tools' menuitem: Optionen für i-Nav (HKLM)
O12 - Plugin for .tif: C
rogrammeInternet ExplorerPLUGINSnpqtplugin3.dllO16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:nosuch.mht!
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
Please,
Anmelden
or
Registrieren
to view URLs content!
O17 - HKLMSystemCCSServicesTcpip..{867097B4-DE2B-46B1-880C-11F699C83617}: NameServer = 192.168.120.252,192.168.120.253
Vielen Dank
Bis denne Every
