brauche Hilfe, komm nicht weiter. Dieser Troj. nervt mich langsam.
Hier der HijackThis log:
Logfile of HijackThis v1.98.2
Scan saved at 19:06:12, on 05.11.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Özman\Eigene Dateien\auto dial\AutoDialUp.exe
C:\Dokumente und Einstellungen\Özman\Eigene Dateien\My eBooks\verschiedenes\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.ie.searchforge.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.ie.searchforge.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.de.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.internetcologne.de"); (C:\PROGRA~1\Netscape\Users\BERNAK~1\prefs.js)
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: WebHlprObj Class - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Dokumente und Einstellungen\Özman\Eigene Dateien\WH5_1796050@teleteam-a.dll (file missing)
O2 - BHO: (no name) - {456B60D5-BDBA-E218-7EDD-2BF90B48AE71} - C:\DOKUME~1\ZMAN~1\ANWEND~1\ABOUTM~1\Uploadobj.exe (file missing)
O2 - BHO: Advertiser Class - {53D3C442-8FEE-4784-9A21-6297D39613F0} - C:\WINDOWS\System32\Winad2.dll (file missing)
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Dokumente und Einstellungen\Özman\Anwendungsdaten\sysil\sysil32.dll (file missing)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Dokumente und Einstellungen\Özman\Anwendungsdaten\sysil\mssearch.dll (file missing)
O2 - BHO: SearchHookObject Class - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Dokumente und Einstellungen\Özman\Anwendungsdaten\sysil\msiesh.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [svshosts] svshosts.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [soundtask] soundtask.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-watch] "C:\Programme\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Fordstylecdromintra] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Store Great Ford Style\FlawFree.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [svshosts] svshosts.exe
O4 - HKLM\..\RunServices: [soundtask] soundtask.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKCU\..\RunOnce: [AutoDialRun] "C:\Dokumente und Einstellungen\Özman\Eigene Dateien\auto dial\AutoDialUp.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: >>> HENTAI MOVIES <<< - javascript:{document.location='http://www.archivehentai.com/ah/14/getpassword.html';}
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: concept/design's onlineTV - {4485C960-6B57-4913-8835-A748F14858B1} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/D ... TML_XP.cab
O16 - DPF: {486612EA-4266-4B0B-997B-E90EB7D2E2D0} (UltraCams Lite Client Panel Control) - http://ub-blue.ultracams.de/de/cams/Ult ... Lite11.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {52290B25-D07A-43B5-84D8-493116D50FA0} - http://webinstall.tscash.com/webinstall.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/de/wowbeta/Si.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplat ... curity.cab
O16 - DPF: {788A7678-38D7-4EEC-9D20-67A86D21A7FD} (Webupdate Control) - http://www.htttp.biz/de/webupdate.cab
O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} (WebInstall) - http://www.htttp.biz/de/webinstall.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/D ... ack_XP.cab
O16 - DPF: {A02780C3-7F77-4E28-855B-28890F3CF37A} - http://akamai.downloadv3.com/binaries/D ... ack_XP.cab
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {E44151C8-0C6C-4A7D-B677-4FCC9552E957} (snConnect Class) - http://www.bcnx.com/suninfoconnect-lo.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D877123C-14EC-4654-949C-7E943095570C}: NameServer = 213.168.112.60 194.8.194.60
Hoffe kanns mir helfen, Danke im Vorraus.
mit eScan und berichte.