title image


Smiley Re: winlogon.exe ändert den Speicher
Hallo Arne aka cosinus (D 11),



vielen Dank für deine Hilfe. Hier das Ergebniss von HijackThis:



Logfile of HijackThis v1.99.1

Scan saved at 18:44:14, on 15.03.2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Avast4\aswUpdSv.exe

D:\Avast4\ashServ.exe

C:\WINDOWS\system32\crypserv.exe

D:\Outpost Firewall\outpost.exe

C:\WINDOWS\System32\svchost.exe

c:\wamp\mysql\bin\mysqld-nt.exe

D:\Avast4\ashMaiSv.exe

D:\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

D:\Acrobat 7.0\Distillr\Acrotray.exe

D:\Roxio\Drag to Disc\DrgToDsc.exe

D:\Java\bin\jusched.exe

D:\Avast4\ashDisp.exe

D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

D:\Logitech\SetPoint\SetPoint.exe

C:\wamp\wampserver.exe

C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE

D:\MICROS~1\Office10\Office10\OUTLOOK.EXE

D:\NETSCA~1\NETSCP.EXE

C:\PROGRA~1\Winzip\winzip32.exe

C:\DOKUME~1\FPLATE~1.000\LOKALE~1\Temp\HijackThis.exe



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\WS_FTP Pro\wsbho2k0.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Outpost Firewall] D:\OUTPOS~1\outpost.exe /waitservice

O4 - HKLM\..\Run: [OutpostFeedBack] D:\Outpost Firewall\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [QuickTime Task] "C:\programme\quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Roxio\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Java\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] D:\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\System32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [Mozilla Quick Launch] "D:\NETSCA~1\NETSCP.EXE" -turbo

O4 - Startup: WinMySQLadmin.lnk = C:\xampp\mysql\bin\winmysqladmin.exe

O4 - Startup: WampServer.lnk = C:\wamp\wampserver.exe

O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\bin\npjpi150_05.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adwork.local

O17 - HKLM\Software\..\Telephony: DomainName = adwork.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{5D08B44C-C262-4B5F-8629-B7C3BC8D1435}: NameServer = 213.148.129.10,213.148.130.10

O20 - AppInit_DLLs: D:\OUTPOS~1\wl_hook.dll

O20 - Winlogon Notify: windnb32 - C:\WINDOWS\SYSTEM32\windnb32.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Outpost Firewall\outpost.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe



Gruß fotoman

geschrieben von

Login

E-Mail:
  

Passwort:
  

Beitrag anfügen

Symbol:
 
 
 
 
 
 
 
 
 
 
 
 
 

Überschrift: