hijack sagt:
Logfile of HijackThis v1.99.1
Scan saved at 01:49:28, on 01.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
E:\DOWNLOADS\internet download manager 4.07\Internet Download Manager v4.07\IDMan.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WINRaR\WinRAR.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.703\Hi jackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://192.168.2.1/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\DOWNLOADS\internet download manager 4.07\Internet Download Manager v4.07\IDMIECC.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCpl******] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [IDMan] E:\DOWNLOADS\internet download manager 4.07\Internet Download Manager v4.07\IDMan.exe /onboot
O4 - Startup: iTouch.exe.lnk = C:\Programme\Logitech\iTouch\iTouch.exe
O8 - Extra context menu item: Download All Links with IDM - E:\DOWNLOADS\internet download manager 4.07\Internet Download Manager v4.07\IEGetAll.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Programme\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Download with IDM - E:\DOWNLOADS\internet download manager 4.07\Internet Download Manager v4.07\IEExt.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) -
http://eu-housecall.trendmicro-europ...vex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3939B82-239B-42D3-90EE-954C9AF30278}: NameServer = 130.149.4.20,130.149.2.12
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
----ende
ich habe nochwas entdeckt: wenn dieses Fenster mit "Persönliche Einstellungen" beim Windowsstart erscheint, dann steht da drin: "Persönliche einstellungen für c:\windows\system32\startup.exe" ist diese startup.exe der übeltäter, gehört das überhaupt in diesen ordner?
ad-aware hat 3 sachen gefunden, das wintool hat nix gefunden und spybot meldete was mit 12658 bedrohlichen Produkten oder sowas.