Gast
2004-10-02, 13:09:14
hi,
hab hier eine logfile die ich gerne einmal geprüft haben möchte! Weiss einer welche Dateien ich löschen muss? Glaub mein Windows ist zugemüllt:
Logfile of HijackThis v1.98.2
Scan saved at 16:41:56, on 01.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\cvchost.exe
C:\DOKUME~1\Dinu\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis1982.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {390AF897-2585-48EE-9700-3C4CAE9E6646} - (no file)
O2 - BHO: (no name) - {852C05B8-02B7-443F-9E10-BA05C8EB1050} - C:\WINDOWS\m.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\System32\dxdllreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\Dinu\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [cyeaumx] C:\WINDOWS\System32\wxptcj.exe
O4 - HKLM\..\Run: [mix road] C:\PROGRA~1\ANTEON~1\Rdrsoftsetup.exe
O4 - HKLM\..\Run: [itsf] C:\WINDOWS\itsf.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [QuickTime Task] "e:\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - HKCU\..\Run: [SpyKiller] E:\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [SpySweeper] "E:\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\MSOffice2002\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - http://www.dynageo.de/download/dynageoviewer.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23395375d9ca3da1a316/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site .cab?1094899670973
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {7887544C-946D-4ABD-911C-3995989DFD9F} - http://www.codemasters.com/colinmcrae3/german/3d/kaonaxweb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20French.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2 .1/Installer.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{941A6F63-353C-4AC9-8E80-B15627D7C04D}: NameServer = 172.22.1.2
O18 - Filter: text/html - {4190A2A4-1B1F-4EFC-8004-75CF3D47BD3A} - C:\WINDOWS\m.dll
O18 - Filter: text/plain - {4190A2A4-1B1F-4EFC-8004-75CF3D47BD3A} - C:\WINDOWS\m.dll
hab hier eine logfile die ich gerne einmal geprüft haben möchte! Weiss einer welche Dateien ich löschen muss? Glaub mein Windows ist zugemüllt:
Logfile of HijackThis v1.98.2
Scan saved at 16:41:56, on 01.10.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\CPUCooL\CooLSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\cvchost.exe
C:\DOKUME~1\Dinu\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis1982.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {390AF897-2585-48EE-9700-3C4CAE9E6646} - (no file)
O2 - BHO: (no name) - {852C05B8-02B7-443F-9E10-BA05C8EB1050} - C:\WINDOWS\m.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\System32\dxdllreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mwavscan] "C:\DOKUME~1\Dinu\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [cyeaumx] C:\WINDOWS\System32\wxptcj.exe
O4 - HKLM\..\Run: [mix road] C:\PROGRA~1\ANTEON~1\Rdrsoftsetup.exe
O4 - HKLM\..\Run: [itsf] C:\WINDOWS\itsf.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [QuickTime Task] "e:\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - HKCU\..\Run: [SpyKiller] E:\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [SpySweeper] "E:\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\MSOffice2002\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} (DynaGeoX Element) - http://www.dynageo.de/download/dynageoviewer.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/23395375d9ca3da1a316/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site .cab?1094899670973
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {7887544C-946D-4ABD-911C-3995989DFD9F} - http://www.codemasters.com/colinmcrae3/german/3d/kaonaxweb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20French.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2 .1/Installer.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{941A6F63-353C-4AC9-8E80-B15627D7C04D}: NameServer = 172.22.1.2
O18 - Filter: text/html - {4190A2A4-1B1F-4EFC-8004-75CF3D47BD3A} - C:\WINDOWS\m.dll
O18 - Filter: text/plain - {4190A2A4-1B1F-4EFC-8004-75CF3D47BD3A} - C:\WINDOWS\m.dll