title image


Smiley Re: ld***.tmp Virus eingefangen???
sorry Markus, habs gesehen



Logfile of HijackThis v1.99.1

Scan saved at 22:11:00, on 03.03.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\avmclient\avmbtservice.exe

C:\Programme\avmclient\panapp.exe

C:\Programme\avmclient\AvmObexService.exe

C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

C:\Programme\Novell\ZENworks\nalntsrv.exe

D:\Programme\Norton\navapsvc.exe

D:\Programme\Norton\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe

C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programme\TOSHIBA\TME3\Tmesrv31.exe

C:\Programme\Novell\ZENworks\wm.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programme\TOSHIBA\E-KEY\CeEKey.exe

C:\Programme\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDuPHook.exe

C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE

C:\WINDOWS\system32\ZoomingHook.exe

C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe

C:\Programme\TOSHIBA\Bay Service\BaySrvis.exe

C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe

C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programme\FreePDF_XP\fpassist.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programme\avmclient\bluefritz.exe

C:\Programme\avmclient\AvmObex.exe

C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Programme\TOSHIBA\TME3\TMEEJME.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Programme\Toshiba\DualPointUtility\TEDTray.exe

C:\Programme\avmclient\AvmObex.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Programme\Apoint2K\Apntex.exe

C:\Programme\FRITZ!\IWatch.exe

C:\Programme\Internet Explorer\IEXPLORE.EXE

D:\Daten\Spotlight\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Avinci - The Know-How Company

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [DPED] TDuPHook.exe

O4 - HKLM\..\Run: [DpUtil] C:\Programme\TOSHIBA\DualPointUtility\TEDTray.exe

O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programme\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe

O4 - HKLM\..\Run: [Bay Service] "C:\Programme\TOSHIBA\Bay Service\BaySrvis.exe" Run

O4 - HKLM\..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe

O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient

O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Programme\Novell\ZENworks\AxNalServer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.msn.de

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = avinci.de

O17 - HKLM\Software\..\Telephony: DomainName = avinci.de

O17 - HKLM\System\CCS\Services\Tcpip\..\{2E232F52-A53A-4A4C-B782-954FF595F8E3}: NameServer = 195.71.150.36 193.189.244.205

O17 - HKLM\System\CCS\Services\Tcpip\..\{45E58EF9-330E-41E2-92B7-CC4EE37482AF}: NameServer = 192.168.120.252,192.168.120.253

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = avinci.de

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe

O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Programme\avmclient\panapp.exe

O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe

O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Programme\Novell\ZENworks\nalntsrv.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Programme\Norton\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe

O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - C:\Programme\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programme\TOSHIBA\TME3\Tmesrv31.exe

O23 - Service: Arbeitsstations-Manager (ZFDWM) - Novell, INC. - C:\Programme\Novell\ZENworks\wm.exe





geschrieben von

Login

E-Mail:
  

Passwort:
  

Beitrag anfügen

Symbol:
 
 
 
 
 
 
 
 
 
 
 
 
 

Überschrift: