Logfile of HijackThis v1.99.1
Scan saved at 21:58:57, on 11.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\antivir\installieren\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\antivir\installieren\AntiVir PersonalEdition Classic\avguard.exe
D:\Programme\xampp\installieren\xampp\apache\bin\Apache.exe
D:\Programme\vpnclient\vpn\installieren\cvpnd.exe
D:\Programme\xampp\installieren\xampp\FileZillaFTP\FileZillaServer.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Programme\xampp\installieren\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\xampp\installieren\xampp\apache\bin\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\antivir\installieren\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\java\installieren\bin\jusched.exe
D:\Programme\icq\installieren\ICQLite\ICQLite.exe
D:\Programme\iTunes\installieren\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Multimedia\RemCtrl\ATIX10.exe
D:\Programme\ATI Multimedia\installieren\main\launchpd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\iPod\bin\iPodService.exe
D:\Programme\dyndnsupdater\installieren\DynDNS Updater\DynDNS.exe
C:\PROGRA~1\WNSXS~1\spoolsv.exe
C:\Dokumente und Einstellungen\michael\Eigene Dateien\??sembly\s?chost.exe
D:\PROGRA~1\FIREFOX\INSTAL~1\FIREFOX.EXE
D:\Programme\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\icq\installieren\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {293D2775-CC90-CE6D-EC29-EBABB334B3CC} - C:\WINDOWS\system32\yizbvkpm.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Programme\Canon\installieren\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\icq\installieren\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [codfxrun] D:\Programme\ATI Multimedia\installieren\codfx.exe
O4 - HKLM\..\Run: [avgnt] D:\Programme\antivir\installieren\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\java\installieren\bin\jusched.exe
O4 - HKLM\..\Run: [ICQ Lite] D:\Programme\icq\installieren\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Programme\iTunes\installieren\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Programme\unlocker\installieren\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [defender] C:\\defender1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIX10.exe
O4 - HKCU\..\Run: [ATI Launchpad] D:\Programme\ATI Multimedia\installieren\main\launchpd.exe
O4 - HKCU\..\Run: [DynDNS Updater] D:\Programme\dyndnsupdater\installieren\DynDNS Updater\DynDNS.exe
O4 - HKCU\..\Run: [Odsa] C:\PROGRA~1\WNSXS~1\spoolsv.exe -vt yazr
O4 - HKCU\..\Run: [Uikkr] C:\Dokumente und Einstellungen\michael\Eigene Dateien\??sembly\s?chost.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\acrobat\installieren\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\icq\installieren\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Drucken - res://D:\Programme\Canon\installieren\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://D:\Programme\Canon\installieren\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Vorschau - res://D:\Programme\Canon\installieren\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://D:\Programme\Canon\installieren\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\INSTAL~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\java\installieren\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\java\installieren\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Programme\ATI Multimedia\installieren\TV\EXPLBAR.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\INSTAL~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\icq\installieren\ICQLite\ICQLite.exe
O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\icq\installieren\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\n04s0ah7ed4.dll
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programme\antivir\installieren\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Programme\antivir\installieren\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Unknown owner - D:\Programme\xampp\installieren\xampp\apache\bin\Apache.exe -k runservice (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Programme\vpnclient\vpn\installieren\cvpnd.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Programme\xampp\installieren\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -sSQLEXPRESS (file missing)
O23 - Service: mysql - Unknown owner - D:\Programme\xampp\installieren\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: sasrfc Service (sasrfcService) - Unknown owner - D:\Programme\SAS\installieren\SAS Institute\SAS\V8\access\sasexe\sasrfc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
kann nicht wirklich was damit anfangen bzw. wie kan HijackThis viren löschen
habe es mittler weitel mit antivir, spybot und ad-aware probiert und das ganze im abgesicherten modus,
leider ohne erfolg