- #1
U
ulrich-alexander
Guest
wäre toll wenn einer mir das logfile auswertet . Viele Dank im Voraus
Logfile of HijackThis v1.99.1
Scan saved at 14:02:26, on 14.09.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AntiVirenKit professional\AVKService.exe
C:\Programme\AntiVirenKit professional\AVKWCtl.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
e:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Logitech\ImageStudio\LogiTray.exe
C:\WINNT\Mixer.exe
C:\winnt\msbb.exe
E:\Programme\Winamp\winampa.exe
C:\Programme\QuickTime\qttask.exe
E:\Programme\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\NCLAUNCH.EXe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\iPod\bin\iPodService.exe
E:\PROGRA~1\MESSEN~1\ypager.exe
C:\WINNT\system32\wuauclt.exe
C:\Programme\Citrix\GoToMeeting\124\g2mstart.exe
E:\Programme\Skype\Phone\Skype.exe
C:\Programme\Citrix\GoToMeeting\124\g2mcomm.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\Citrix\GoToMeeting\124\g2mlauncher.exe
C:\Programme\UltimateZip 2.7\uzqkst.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Programme\Microsoft\MicrosoftOffice\Office\WINWORD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Ulrich Schapöhler\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Programme\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\Programme\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [System Initialization] C:\WINNT\system32\msmonk32.exe
O4 - HKLM\..\Run: [mssyslanhelper] C:\WINNT\system32\msmsgri32.exe
O4 - HKLM\..\Run: [Microsoft Network Daemon for Win32] netd32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [msbb] c:\winnt\msbb.exe
O4 - HKLM\..\Run: [jcn] C:\WINNT\jcn.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunServices: [Microsoft Network Daemon for Win32] netd32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] E:\PROGRA~1\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [GoToMeeting] C:\Programme\Citrix\GoToMeeting\124\g2mstart.exe
O4 - HKCU\..\Run: [Skype] E:\Programme\Skype\Phone\Skype.exe /nosplash /minimized
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft\MicrosoftOffice\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Programme\Common/ycsrch.htm
O8 - Extra context menu item: Edit with &XML Spy - C:\Programme\Altova\XMLSPY2004\spy.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Programme\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Programme\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Programme\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra->Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Programme\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSPY2004\spy.htm (HKCU)
O9 - Extra->Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSPY2004\spy.htm (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {358DF899-C98C-4A31-AABA-E110A0E6BF1D} - https://stream.web.de/v/comwin/activex/acw_3005.cab
O16 - DPF: {6705D28C-7BC9-4F26-92CB-77E3CE8B305B} (AcwIM Control) - https://stream.web.de/v/comwin/activex/AcwIM_1030.cab
O16 - DPF: {AA5E9ECE-2A7D-4BDC-8BF3-3B945DB526D1} (DSUpload Control) - https://stream.web.de/v/dataservices/v2_4/activex/ds_upload_1028.cab
O16 - DPF: {B738BD2D-5AC0-4C62-B02C-A3FE8A5D39D7} (AXReader Class) - http://www.ihk-online-akademie.de/c...tern/software/office/tw2000/plugin/ad32ax.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - https://stream.web.de/v/comwin/tray_3_0/setup.exe
O16 - DPF: {EF3946CE-9DFB-4006-962A-731F1595D76C} (VNCControl Control) - https://stream.web.de/v/comwin/activex/AcwVncSvr_2205.cab
Logfile of HijackThis v1.99.1
Scan saved at 14:02:26, on 14.09.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AntiVirenKit professional\AVKService.exe
C:\Programme\AntiVirenKit professional\AVKWCtl.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
e:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Logitech\ImageStudio\LogiTray.exe
C:\WINNT\Mixer.exe
C:\winnt\msbb.exe
E:\Programme\Winamp\winampa.exe
C:\Programme\QuickTime\qttask.exe
E:\Programme\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\NCLAUNCH.EXe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\iPod\bin\iPodService.exe
E:\PROGRA~1\MESSEN~1\ypager.exe
C:\WINNT\system32\wuauclt.exe
C:\Programme\Citrix\GoToMeeting\124\g2mstart.exe
E:\Programme\Skype\Phone\Skype.exe
C:\Programme\Citrix\GoToMeeting\124\g2mcomm.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\Citrix\GoToMeeting\124\g2mlauncher.exe
C:\Programme\UltimateZip 2.7\uzqkst.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Programme\Microsoft\MicrosoftOffice\Office\WINWORD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Ulrich Schapöhler\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Programme\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - E:\Programme\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [System Initialization] C:\WINNT\system32\msmonk32.exe
O4 - HKLM\..\Run: [mssyslanhelper] C:\WINNT\system32\msmsgri32.exe
O4 - HKLM\..\Run: [Microsoft Network Daemon for Win32] netd32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [msbb] c:\winnt\msbb.exe
O4 - HKLM\..\Run: [jcn] C:\WINNT\jcn.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunServices: [Microsoft Network Daemon for Win32] netd32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINNT\NCLAUNCH.EXe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] E:\PROGRA~1\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [GoToMeeting] C:\Programme\Citrix\GoToMeeting\124\g2mstart.exe
O4 - HKCU\..\Run: [Skype] E:\Programme\Skype\Phone\Skype.exe /nosplash /minimized
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programme\Microsoft\MicrosoftOffice\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Programme\Common/ycsrch.htm
O8 - Extra context menu item: Edit with &XML Spy - C:\Programme\Altova\XMLSPY2004\spy.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Programme\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Programme\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Programme\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra->Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Programme\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSPY2004\spy.htm (HKCU)
O9 - Extra->Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\XMLSPY2004\spy.htm (HKCU)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {358DF899-C98C-4A31-AABA-E110A0E6BF1D} - https://stream.web.de/v/comwin/activex/acw_3005.cab
O16 - DPF: {6705D28C-7BC9-4F26-92CB-77E3CE8B305B} (AcwIM Control) - https://stream.web.de/v/comwin/activex/AcwIM_1030.cab
O16 - DPF: {AA5E9ECE-2A7D-4BDC-8BF3-3B945DB526D1} (DSUpload Control) - https://stream.web.de/v/dataservices/v2_4/activex/ds_upload_1028.cab
O16 - DPF: {B738BD2D-5AC0-4C62-B02C-A3FE8A5D39D7} (AXReader Class) - http://www.ihk-online-akademie.de/c...tern/software/office/tw2000/plugin/ad32ax.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - https://stream.web.de/v/comwin/tray_3_0/setup.exe
O16 - DPF: {EF3946CE-9DFB-4006-962A-731F1595D76C} (VNCControl Control) - https://stream.web.de/v/comwin/activex/AcwVncSvr_2205.cab
