You Must Read This Before Posting A Hijackthis Log, Required steps before posting your log.
and now i dont know more.. here is my log:
Logfile of HijackThis v1.99.0
Scan saved at 10:14:23, on 29.01.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\scardsvr.exe
C:\WINNT\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cJPCSC.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
C:\Programme\KEN!\KENCLI.EXE
C:\Programme\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\VeriSign\NAVI\naviagent.exe
C:\WINNT\System32\NMSSvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\CardReader2.0\OTiReader.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\system32\Smtray.exe
C:\Programme\KEN!\kentbcli.exe
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Browser Mouse\mouse32a.exe
C:\Programme\CardReader2.0\CRBroadCasting.exe
C:\WINNT\system32\xpsp2fw.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\GMX\GMXSMS~1\SMSMngr.exe
C:\WINNT\system32\?ttrib.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ritw.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Palm\HOTSYNC.EXE
C:\Programme\Microsoft Office\Office\1031\msoffice.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Yahoo!\Messenger\YPager.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.109.111:3128;http=192.168.109.111:3128;https=192.168.109.111:3128;socks=192.168.109.111:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; yahoo
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll
O2 - BHO: (no name) - {AF591D66-85F0-DB2F-D346-F91DF06540B7} - C:\WINNT\system32\rvdzkmdi.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [KEN Taskbar Client] "C:\Programme\KEN!\kentbcli.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [system] C:\WINNT\System32\driver.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programme\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [CRBroadCasting] C:\Programme\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [F19931E6] C:\WINNT\system32\dfrgseadu.exe
O4 - HKLM\..\Run: [4629534E] C:\WINNT\system32\misvccm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [system] C:\WINNT\System32\driver.exe
O4 - HKCU\..\Run: [SMS-Manager] C:\PROGRA~1\GMX\GMXSMS~1\SMSMngr.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINNT\system32\wuclient.exe
O4 - HKCU\..\Run: [F19931E6] C:\WINNT\system32\dfrgseadu.exe
O4 - HKCU\..\Run: [4629534E] C:\WINNT\system32\misvccm.exe
O4 - HKCU\..\Run: [Phkil] C:\WINNT\system32\?ttrib.exe
O4 - HKCU\..\Run: [Wsas] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ritw.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Watch.lnk = BearPaw 2400TA Plus\Driver\WATCH.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O4 - Global Startup: ISDNWatch.lnk = FRITZ!\IWatch.exe
O4 - Global Startup: Service Manager.lnk = Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LEO Dictionary - C:\WINNT\Web\DE_EN.htm
O8 - Extra context menu item: PaybackShoppingGuide Schnellsuche - file://C:\Programme\PAYBACKShoppingGuideInternetExplorer\script.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-...pport/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Hilfe zu i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-...pport/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra 'Tools' menuitem: Optionen für i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programme\VeriSign\i-Nav\i-nav_4_2_0.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot2_x.cab
O16 - DPF: {1D168290-F3DF-4842-94C3-2862596771FB} (Yahoo! Fotos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_1de.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...RdxIE601_de.cab
O16 - DPF: {6D15BD40-CCA6-11D2-A6A0-0060089A0EFF} (RWSO_IHB) - https://banking.rwso...B/srwso2001.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B562BC94-9A3A-4760-AE48-0D52FD01B1B5} (VeriSign Software Update Service) - http://download.veri...-navinstall.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O18 - Filter: text/html - {2EC1F21B-3269-4D37-8538-B269E224413C} - C:\WINNT\System32\hfmjf.dll
O18 - Filter: text/plain - {2EC1F21B-3269-4D37-8538-B269E224413C} - C:\WINNT\System32\hfmjf.dll
O20 - AppInit_DLLs: C:\WINNT\System32\comaljm.dll
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: cyberJack PC/SC Service - REINER SCT - C:\WINNT\System32\cJPCSC.exe
O23 - Service: dcfssvc - Eastman Kodak Company - C:\WINNT\System32\DRIVERS\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InterBaseGuardian - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
O23 - Service: InterBaseServer - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: AVM KEN Klient - AVM Berlin - C:\Programme\KEN!\KENCLI.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: VeriSign Updater - VeriSign, Inc. - C:\Programme\VeriSign\NAVI\naviagent.exe
O23 - Service: NMS Service - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: OTi Card Reader Service - Unknown - C:\Programme\CardReader2.0\OTiReader.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
What kannn i do now? i have not a good thinking i have all done...
Yours Viktor