Hi!
Eben von einem Bürorechner folgendes Log gezogen. Wer alle Schädlinge findet, bekommt 'nen Lolli 
Logfile of HijackThis v1.99.1
Scan saved at 18:17:36, on 14.12.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Automatic Update\AutoUpdate.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\START\bin\Startup.exe
D:\START\stp\stp_server.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\locator.exe
C:\Programme\Amadeus\Pro Printer\Mainsrv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Programme\Amadeus\Pro Printer\AmaPrt.exe
C:\Programme\Amadeus\Pro Printer\AmaPrt.exe
C:\Programme\Amadeus\Pro Printer\ComAdapt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Samsung\SmarThru\PORTCTRL.EXE
C:\Programme\Amadeus\Pro Printer\Panel.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\internat.exe
D:\START\SCB\SCBTRACE.EXE
D:\Winrexx\REXX.EXE
D:\START\LAN\USERTCP.EXE
D:\Winrexx\REXX.EXE
C:\WINNT\system32\cmd.exe
D:\START\LAN\Mole.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\RBT\Anwendungsdaten\Amadeus\Viewer\Showcase.exe
C:\PROGRA~1\Amadeus\AMADEU~2\START\COMMUN~1.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Works\MSWorks.exe
C:\WINNT\system32\cmd.exe
G:\SIDES_ANALYZE\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tourcontact.net/
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,sautolo.exe
O1 - Hosts: 127.0.0.21 ofep21.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.33 ofep33.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.6 ofep06.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.25 ofep25.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.32 ofep32.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.20 ofep20.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.5 ofep05.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.29 ofep29.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.24 ofep24.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.2 lb2.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.9 ofep09.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.31 ofep31.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.4 ofep04.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.28 ofep28.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.35 ofep35.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.23 ofep23.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.30 ofep30.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.8 ofep08.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.3 ofep03.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.27 ofep27.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.22 ofep22.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.34 ofep34.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.7 ofep07.dcs.amrcorp.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.26 ofep26.dcs.amrcorp.com # Nortel SSL-VPN
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ESLink] D:\START\bin\eslink.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [GW Port Controller] C:\Programme\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [expolrer] C:\WINNT\system32\runhost.exe
O4 - HKLM\..\Run: [disc32] C:\WINNT\system32\dirwinsmss32.exe
O4 - HKLM\..\Run: [JavaVM] C:\WINNT\java.exe
O4 - HKLM\..\Run: [Services] C:\DOKUME~1\RBT\LOKALE~1\Temp\services.exe
O4 - HKLM\..\Run: [winpsd] C:\WINNT\system32\winpsd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [gigabit.exe] C:\WINNT\system32\gigabit.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\WINNT\system32\irun4.exe
O4 - HKCU\..\Run: [sys32hostdisc] C:\WINNT\system32\dir32logsmss32.exe
O4 - HKCU\..\Run: [hostdiag] C:\WINNT\system32\runhost.exe
O4 - HKCU\..\Run: [drvddll.exe] C:\WINNT\system32\drvddll.exe
O4 - HKCU\..\Run: [smss32disc] C:\WINNT\system32\dirwinsmss32.exe
O4 - Global Startup: AmadeusPrinter.lnk = C:\Programme\Amadeus\Pro Printer\autosrv.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: atmIE.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Vista IE User.lnk = C:\Install\Vista\Daten\Skript1\setregistry.bat
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O15 - Trusted Zone: http://*.amadeusvista.de
O15 - Trusted Zone: http://www.portevo.de
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://C:\Install\Vista\AUInstall\AutoUpdateATL.CAB
O16 - DPF: {13F842A9-C652-4342-B640-5CA444A6E6EF} (LLInstall Class) - http://learnlinc.sabre.com/learnlinc/download/LL6InstAX.dll
O16 - DPF: {2D36AF92-04D3-11D8-B719-0000865F231B} (TMinReq Class) - https://my.sabre.com/jars/TMinReqX.dll
O16 - DPF: {74344641-0CD3-4DFB-8154-F2C08D481964} (VistaEasyInstall Class) - https://www.portevo.de/plugins/vistainst/VistaEasyInstall.cab
O16 - DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} (Certificates_Info Class) - http://certificates.amadeusvista.com/certificateinfo/CCCert_Info.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{08F8EDC6-E989-459D-B077-FDA7661B0018}: NameServer = 192.168.97.1,194.25.2.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{08F8EDC6-E989-459D-B077-FDA7661B0018}: NameServer = 192.168.97.1,194.25.2.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{08F8EDC6-E989-459D-B077-FDA7661B0018}: NameServer = 192.168.97.1,194.25.2.129
O20 - Winlogon Notify: AUWinLogon - C:\WINNT\SYSTEM32\AUWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Amadeus Automatic Update - Amadeus - C:\Programme\Automatic Update\AutoUpdate.exe
O23 - Service: AmadeusProPrinter - Amadeus - C:\Programme\Amadeus\Pro Printer\Mainsrv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: STARTstartup - START Informatik GmbH - D:\START\bin\Startup.exe
O23 - Service: START Transfer Protocol - Server (stp_server) - START AMADEUS - D:\START\stp\stp_server.exe
BigDaddy Gast |
