Hijacker on Board ?

Hallo , kenne mich mit son Zeug wie Firen Malware und nicht aus . Leider gehen gehen bei mir in letzter Zeit ab und zu einfach IE Fenster auf mit sinnlosen Seiten . Hab jetzt Kaspersky Demo drauf und der block die Seiten ab . Gibt aber Meldung . Wie kann ich den Mist finden und löschen ? Hab mal mit hijackthis ( gibts das auch als deutsche Version ? ) das hier rausgesucht . Ist das was faul ? Kennt sich wer aus ? Bin leider Laie und verstehe auch keine Computersprache . Also bitte nicht mit Fachausdrücken rumwerfen . Danke im Voraus . Ich möchte gern das – format c – verhindern .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:13, on 18.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Multimedia Card Reader\shwicon2k.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Mobile Phone Manager\bin\Mobile Phone Manager.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\MOBILE~1\bin\SCfgSrv.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\PROGRA~1\MOBILE~1\bin\DESPROXY.exe
C:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE
C:\PROGRA~1\MOBILE~1\bin\SCONTA~1.EXE
C:\PROGRA~1\MOBILE~1\bin\MESSAG~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOBILE~1\SMARTS~1\xtndpc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://my.ebay.de/ws/eBayISAPI.dll?MyeBay&MyeBay=[/URL]
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [URL]http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=[/URL]
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [URL]http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com[/URL]
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 – URLSearchHook: DefaultSearchHook Class – {C94E154B-1459-4A47-966B-4B843BEFC7DB} – C:\Programme\AskSearch\bin\DefaultSearch.dll
O1 – Hosts: 74.125.45.100 4-open-davinci.com
O1 – Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 – Hosts: 74.125.45.100 privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 secure-plus-payments.com
O1 – Hosts: 74.125.45.100 [URL]www.getantivirusplusnow.com[/URL]
O1 – Hosts: 74.125.45.100 [URL]www.secure-plus-payments.com[/URL]
O1 – Hosts: 74.125.45.100 [URL]www.getavplusnow.com[/URL]
O1 – Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 – Hosts: 74.125.45.100 urs.microsoft.com
O1 – Hosts: 74.125.45.100 [URL]www.securesoftwarebill.com[/URL]
O1 – Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 – Hosts: 74.125.45.100 paysoftbillsolution.com
O1 – Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 – Hosts: 67.215.245.21 [URL]www.google-analytics.com[/URL]
O1 – Hosts: 89.248.168.186 google.ae
O1 – Hosts: 89.248.168.186 google.as
O1 – Hosts: 89.248.168.186 google.at
O1 – Hosts: 89.248.168.186 google.az
O1 – Hosts: 89.248.168.186 google.ba
O1 – Hosts: 89.248.168.186 google.be
O1 – Hosts: 89.248.168.186 google.bg
O1 – Hosts: 89.248.168.186 google.bs
O1 – Hosts: 89.248.168.186 google.ca
O1 – Hosts: 89.248.168.186 google.cd
O1 – Hosts: 89.248.168.186 google.com.gh
O1 – Hosts: 89.248.168.186 google.com.hk
O1 – Hosts: 89.248.168.186 google.com.jm
O1 – Hosts: 89.248.168.186 google.com.mx
O1 – Hosts: 89.248.168.186 google.com.my
O1 – Hosts: 89.248.168.186 google.com.na
O1 – Hosts: 89.248.168.186 google.com.nf
O1 – Hosts: 89.248.168.186 google.com.ng
O1 – Hosts: 89.248.168.186 google.ch
O1 – Hosts: 89.248.168.186 google.com.np
O1 – Hosts: 89.248.168.186 google.com.pr
O1 – Hosts: 89.248.168.186 google.com.qa
O1 – Hosts: 89.248.168.186 google.com.sg
O1 – Hosts: 89.248.168.186 google.com.tj
O1 – Hosts: 89.248.168.186 google.com.tw
O1 – Hosts: 89.248.168.186 google.dj
O1 – Hosts: 89.248.168.186 google.de
O1 – Hosts: 89.248.168.186 google.dk
O1 – Hosts: 89.248.168.186 google.dm
O1 – Hosts: 89.248.168.186 google.ee
O1 – Hosts: 89.248.168.186 google.fi
O1 – Hosts: 89.248.168.186 google.fm
O1 – Hosts: 89.248.168.186 google.fr
O1 – Hosts: 89.248.168.186 google.ge
O1 – Hosts: 89.248.168.186 google.gg
O1 – Hosts: 89.248.168.186 google.gm
O1 – Hosts: 89.248.168.186 google.gr
O1 – Hosts: 89.248.168.186 google.ht
O1 – Hosts: 89.248.168.186 google.ie
O1 – Hosts: 89.248.168.186 google.im
O1 – Hosts: 89.248.168.186 google.in
O1 – Hosts: 89.248.168.186 google.it
O1 – Hosts: 89.248.168.186 google.ki
O1 – Hosts: 89.248.168.186 google.la
O1 – Hosts: 89.248.168.186 google.li
O1 – Hosts: 89.248.168.186 google.lv
O1 – Hosts: 89.248.168.186 google.ma
O1 – Hosts: 89.248.168.186 google.ms
O1 – Hosts: 89.248.168.186 google.mu
O1 – Hosts: 89.248.168.186 google.mw
O1 – Hosts: 89.248.168.186 google.nl
O1 – Hosts: 89.248.168.186 google.no
O1 – Hosts: 89.248.168.186 google.nr
O1 – Hosts: 89.248.168.186 google.nu
O1 – Hosts: 89.248.168.186 google.pl
O1 – Hosts: 89.248.168.186 google.pn
O1 – Hosts: 89.248.168.186 google.pt
O1 – Hosts: 89.248.168.186 google.ro
O1 – Hosts: 89.248.168.186 google.ru
O1 – Hosts: 89.248.168.186 google.rw
O1 – Hosts: 89.248.168.186 google.sc
O1 – Hosts: 89.248.168.186 google.se
O1 – Hosts: 89.248.168.186 google.sh
O1 – Hosts: 89.248.168.186 google.si
O1 – Hosts: 89.248.168.186 google.sm
O1 – Hosts: 89.248.168.186 google.sn
O1 – Hosts: 89.248.168.186 google.st
O1 – Hosts: 89.248.168.186 google.tl
O1 – Hosts: 89.248.168.186 google.tm
O1 – Hosts: 89.248.168.186 google.tt
O1 – Hosts: 89.248.168.186 google.us
O1 – Hosts: 89.248.168.186 google.vu
O1 – Hosts: 89.248.168.186 google.ws
O1 – Hosts: 89.248.168.186 google.co.ck
O1 – Hosts: 89.248.168.186 google.co.id
O1 – Hosts: 89.248.168.186 google.co.il
O1 – Hosts: 89.248.168.186 google.co.in
O1 – Hosts: 89.248.168.186 google.co.jp
O1 – Hosts: 89.248.168.186 google.co.kr
O1 – Hosts: 89.248.168.186 google.co.ls
O1 – Hosts: 89.248.168.186 google.co.ma
O1 – Hosts: 89.248.168.186 google.co.nz
O1 – Hosts: 89.248.168.186 google.co.tz
O1 – Hosts: 89.248.168.186 google.co.ug
O1 – Hosts: 89.248.168.186 google.co.uk
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 – HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 – HKLM\..\Run: [Sunkist2k] C:\Programme\Multimedia Card Reader\shwicon2k.exe
O4 – HKLM\..\Run: [SSBkgdUpdate] “C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 – HKLM\..\Run: [PPort11reminder] “C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe” -r “C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 – HKLM\..\Run: [AVP] “C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe”
O4 – HKLM\..\Run: [IndexSearch] “C:\Programme\ScanSoft\PaperPort\IndexSearch.exe”
O4 – HKLM\..\Run: [PaperPort PTD] “C:\Programme\ScanSoft\PaperPort\pptd40nt.exe”
O4 – HKLM\..\Run: [SmartSync – ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 – HKLM\..\Run: [QuickTime Task] “C:\Programme\QuickTime\qttask.exe” -atboottime
O4 – HKCU\..\Run: [TomTomHOME.exe] “C:\Dokumente und Einstellungen\Torsten\Desktop\TomTom HOME 2\TomTomHOMERunner.exe”
O4 – HKCU\..\Run: [H/PC Connection Agent] “C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE”
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOKALER DIENST’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETZWERKDIENST’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 – Startup: Mobile Phone Manager.lnk = C:\Programme\Mobile Phone Manager\bin\Mobile Phone Manager.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 – Extra button: Mobilen Favoriten erstellen – {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} – C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 – Extra button: (no name) – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 – Extra ‘Tools’ menuitem: Mobilen Favoriten erstellen… – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 – Extra button: &Virtuelle Tastatur – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 – Extra button: Li&nks untersuchen – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL]
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} – [URL]http://go.divx.com/plugin/DivXBrowserPlugin.cab[/URL]
O20 – AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 – Service: Kaspersky Anti-Virus (AVP) – Kaspersky Lab – C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 – Service: Bonjour-Dienst (Bonjour Service) – Apple Inc. – C:\Programme\Bonjour\mDNSResponder.exe
O23 – Service: Capture Device Service – InterVideo Inc. – C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 – Service: Lavasoft Ad-Aware Service – Lavasoft – C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 – Service: Sandra Service (SandraTheSrv) – Unknown owner – C:\Dokumente und Einstellungen\Torsten\Eigene Dateien\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe (file missing)
O23 – Service: TomTomHOMEService – Unknown owner – C:\Dokumente und Einstellungen\Torsten\Desktop\TomTom HOME 2\TomTomHOMEService.exe (file missing)
O23 – Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) – TuneUp Software – C:\WINDOWS\System32\TuneUpDefragService.exe
O23 – Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) – TuneUp Software – C:\WINDOWS\System32\TUProgSt.exe
O24 – Desktop Component 0: (no name) – [URL]http://tbn0.google.com/images?q=tbn:ij2knubt22YSKM:http://i19.photobucket.com/albums/b182/macwithfries/Man-eatingEmu.jpg[/URL]
O24 – Desktop Component 1: (no name) – [URL]http://www3.wigeogis.at/sparkassen/lay12/images/blind.gif[/URL]


End of file – 12337 bytes

Leave a Reply

Your email address will not be published. Required fields are marked *