- #1
C
crazy5170
Guest
Mopao schrieb:@pershing50
Ich möchte gern dein HijackThis log sehen
Gruss
Mopao
Mopao, kannst du mir mit meinem log auch weiterhelfen? Ich habe ebenfalls doppelte Einträge
Logfile of HijackThis v1.99.1
Scan saved at 12:42:34, on 09.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\0190WA~1\w0svc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programme\CDBurnerXP\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\sokscmnt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\0190WA~1\WARN0190.EXE
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\Programme\Free Download Manager\fdm.exe
C:\Programme\Steganos Password Manager 6\spm.exe
C:\Programme\Steganos Safe 8\SAFE8.exe
C:\Programme\EssentialPIM\EssentialPIM.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\DOKUME~1\HANJOS~1\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] C:\Programme\Microsoft IntelliType Pro\type32.exe
O4 - HKLM\..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\point32.exe
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SPM6_SPM] C:\Programme\Steganos Password Manager 6\spm.exe /booting
O4 - HKCU\..\Run: [SAFE8] C:\Programme\Steganos Safe 8\SAFE8.exe -boot
O4 - HKCU\..\Run: [EssentialPIM] C:\Programme\EssentialPIM\EssentialPIM.exe /autorun
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Webseiten mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137131798234
O17 - HKLM\System\CCS\Services\Tcpip\..\{1221F3BA-D6CC-4E76-B7BB-BE278C37D9C5}: NameServer = 195.50.140.114 195.50.140.252
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O23 - Service: 0190/0900 Warner Überwachungsdienst (0190_0900_Warner_MonitorService) - Mirko Böer - C:\PROGRA~1\0190WA~1\w0svc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccess.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: CHIPDRIVE Smartcard Office Kernel (SCM_Smart_Card_Office_Kernel) - SCM Microsystems - C:\WINDOWS\system32\sokscmnt.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
[blue]abgetrennt von http://www.wintotal-forum.de/index.php/topic,111302.msg573673.html#msg573673
verschoben von Windows XP[/blue]