Log
Hallo,
erstmal danke für die Antowrt und den Tipp.
Hier ist das Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:10:19, on 07.04.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE
C:\PROGRAMME\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAMME\DATE MANAGER\DATEMANAGER.EXE
C:\WINDOWS\SYSTEM\EVENTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAMME\DELFIN\PROMULGATE\PGMONITR.EXE
C:\PROGRAMME\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\ACONTI.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\PROGRAMME\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMME\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMME\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAMME\ULEAD SYSTEMS\ULEAD PHOTO ASSISTANT\UATRAY.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\PROGRAMME\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.doebelnerallgemeine.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = URL:
http://www.tu-chemnitz.de/misc/proxy.proxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.tu-chemnitz.de:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
www.tu-chemnitz.de
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAMME\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAMME\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAMME\SIDEFIND\SFBHO.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing)
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAMME\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ELSAChipGuard] C:\WINDOWS\ELSAUTIL\elsavect.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date Manager\DateManager.exe"
O4 - HKLM\..\Run: [eventmgr.exe] C:\WINDOWS\SYSTEM\eventmgr.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PromulGate] "C:\Programme\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
O4 - HKLM\..\Run: [aconti] C:\WINDOWS\ACONTI.EXE -auto
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [pigyjvzob] C:\WINDOWS\SYSTEM\egealr.exe
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [¢‰¸ï0+¿ÔÇè]mú*àaîžiC:\Programme\ISTsvc\istsvc.exe] C:\PPXRAYIK.EXE
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programme\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [ScreensaverGold] C:\Programme\ScreensaverGold Software\Bin\SsgSync.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRAMME\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\RunServices: [ScreensaverGold] C:\Programme\ScreensaverGold Software\Bin\SsgSync.exe
O4 - HKCU\..\RunServices: [Weather] C:\PROGRAMME\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Ulead Acquire Fast.lnk = C:\Programme\Ulead Systems\Ulead Photo Assistant\UATRAY.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: Mit Easy-Fill ausfüllen ... - file://C:\PROGRAMME\EASYFILL20\fillit.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {0FC817C2-3B45-11D4-8340-0050DA825907} -
http://www.deltaclick.com/DeltaClick.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
http://www.spywarenuker.com/product/camp/SpywareNuker_com/SpywareNukerInstaller.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) -
http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) -
http://www.opinionbar.com/download/resources/OBInstallCabinet.CAB
O16 - DPF: {5A66E13A-311D-488B-828D-DDDF52EFB636} (strprint.trprints) -
https://partnering.one.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
http://www.netvenda.com/sites/games-intl/de/games4.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = csn.tu-chemnitz.de
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = tu-chemnitz.de,csn.tu-chemnitz.de
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 134.130.88.254,134.109.88.254
O18 - Protocol: burst - {2F2BA850-6714-11D4-8D0D-00B0D02A5D4E} - C:\WINDOWS\SYSTEM\BURSTSOURCEFILTER.AX
O18 - Filter: text/html - {A952AB20-DB55-11D8-B144-0048546A7D3B} - C:\WINDOWS\ANWENDUNGSDATEN\MICROSOFT\INTERNET EXPLORER\V0.26.DAT