Log-Analyse und Auswertung: log

karel gott · 21.11.2005, 18:05

neues logfile. bitte mal checken. paar sachen sehe ich auf anhieb "websearch & konsorten"

tnx

Logfile of HijackThis v1.98.2
Scan saved at 17:58:05, on 21.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Sygate Personal Firewall Platinum\smc.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Autodesk\Autodesk Network License Manager\Lmgrd.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
E:\Autodesk\Autodesk Network License Manager\adskflex.exe
E:\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\Explorer.EXE
E:\Borland\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\htpatch.exe
E:\iTouch\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\CTHELPER.EXE
E:\T-DSLS~1\SpeedMgr.exe
E:\RedLine\Taskbar.exe
E:\Mouseware\MouseWare\system\em_exec.exe
E:\Winamp5\winampa.exe
E:\Adobe Acrobat 7\Distillr\Acrotray.exe
E:\redline\gameutil.exe
E:\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ***
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobe Acrobat 7\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\FlashFXP\IEFlash.dll
O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - E:\LANGEN~1.0\Engine\mte\StdAlone\T1IE.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SetCacheMode] Rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\iTouch\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] E:\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CloneCDTray] "E:\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Corel Graphics Suite 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=120305 serial=DR12CNC-8322248-NFT lang=DE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "E:\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [RedLine Taskbar] E:\RedLine\Taskbar.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp5\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [MOD] E:\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [SmcService] E:\SYGATE~1\smc.exe -startgui
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Kaspersky Anti-Virus 5 Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Adobe Acrobat 7\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [NBJ] "E:\Nero6\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [STYLEXP] E:\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: gameutil.lnk = ?
O4 - Global Startup: Quicken 2004 Zahlungserinnerung.lnk = E:\Quicken DELUXE 2004\billmind.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google-Suche - res://e:\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://e:\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Alles mit FlashGet laden - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://e:\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Mit FlashGet laden - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://E:\Adobe Acrobat 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verweisseiten - res://e:\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://e:\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - E:\SMARTW~1\swiehlp.exe
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - E:\SMARTW~1\swiehlp.exe
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - E:\SMARTW~1\swiehlp.exe
O12 - Plugin for .exe: E:\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .rar: E:\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for .zip: E:\Opera\PLUGINS\NPFgc1.dll
O12 - Plugin for ôå: E:\Opera\PLUGINS\NPFgc1.dll
O14 - IERESET.INF: SearchAssistant=
O14 - IERESET.INF: CustomizeSearch=
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120554241546
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33DBC4B7-6525-4952-BE67-006D97EB093C}: NameServer = 10.212.67.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{33DBC4B7-6525-4952-BE67-006D97EB093C}: NameServer = 10.212.67.1
O20 - AppInit_DLLs: PAVWAIT.DLL