TR\LEFEAT.DLL1 wie entfernen?

#76 Loesche mit der Killbox:

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\webdetb.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\web_logo.bmp
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\about.html
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\basis.xml
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\error.html
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\footerpopup.gif
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\header.gif
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\headerpopup.gif
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\icons.bmp
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\licence.html
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\options.html
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\p.gif
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\toolbar.crc
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\version.txt
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\webdetb.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\web_logo.bmp
__________
MfG Sabina

rund um die PC-Sicherheit

#77 Hi Sabina,
hab jetzt alles so gemacht, wie du's gesagt hast (Programme ausgeführt, Dateien mit KillBox gelöscht).


Oli

#78 hat es denn mit dem verstellten Schraegstrich geklappt ?
Ich denke , die Killbox akzeptiert das so nicht ?
__________
MfG Sabina

rund um die PC-Sicherheit

#79 Nein, hab die Einträge manuell aus der Registry gelöscht.
Von der WEB.DE Toolbar sind jetzt in dem Verzeichnis keine Dateien mehr vorhanden, die Reg.keys hab ich, wie gesagt, manuell gelöscht.

Danke nochmal!

LG
Oli

#80 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ <---alles geloescht ?????
__________
MfG Sabina

rund um die PC-Sicherheit

#81

Zitat

Sabina postete
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ <---alles geloescht ?????

Ja, der Ordner CONFLICT.1\ exisistiert nicht mehr.
Gut oder Schlecht?

LG
Oli

#82 ich danke mal sehr sehr gut.

Hast gute Arbeit geleistet.
Surfe nur noch mit dem Firefox

Gruss
__________
MfG Sabina

rund um die PC-Sicherheit

#83

Zitat

Sabina postete
Hast gute Arbeit geleistet.
Surfe nur noch mit dem Firefox

ICH hab gute Arbeit geleistet? *lach* Bescheidenheit ist wohl eine deiner Stärken? Das warst ja wohl du, die die Arbeit geleistet hat. Danke danke!

Dies war mein erster Virus, den ich bewusst auf dem Rechner hatte und der auch Auswirkungen auf das System hatte, daher hab ich mir da nie so große Sorgen und Gedanken gemacht.
Aber werde deinen Tipp zu Herzen nehmen und auf den Feuerfux umsteigen. Hab ich auch schon länger installiert.

LG
Oli

#84 Hi sabi ich darf dich doch so nene . also das sind die datein aus escan:

Thu Feb 17 21:37:42 2005 => Scanning File C:\!Submit\adddw32.exe
Thu Feb 17 21:37:49 2005 => File C:\!Submit\adddw32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:49 2005 => Scanning File C:\!Submit\addny32.exe
Thu Feb 17 21:37:49 2005 => File C:\!Submit\addny32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:49 2005 => Scanning File C:\!Submit\addot32.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\addot32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\addrv32.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\addrv32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\apiku.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\apiku.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\apiqk32.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\apiqk32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\apiuk32.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\apiuk32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\appbi.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\appbi.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\appjn32.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\appjn32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\appsz32.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\appsz32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\appwu32.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\appwu32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\atlne.exe
Thu Feb 17 21:37:50 2005 => File C:\!Submit\atlne.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:50 2005 => Scanning File C:\!Submit\atltq.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\atltq.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\crmj32.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\crmj32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\crvc32.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\crvc32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\d3hn32.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\d3hn32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\d3sf.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\d3sf.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\d3vf32.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\d3vf32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\d3yp32.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\d3yp32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\d3yq32.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\d3yq32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\iezk32.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\iezk32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\javaoc.exe
Thu Feb 17 21:37:51 2005 => File C:\!Submit\javaoc.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:51 2005 => Scanning File C:\!Submit\javaum32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\javaum32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\mfcuq32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\mfcuq32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\msaz32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\msaz32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\mszk32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\mszk32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\netbl.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\netbl.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\netbm32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\netbm32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\netcr32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\netcr32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\netda32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\netda32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\nethr.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\nethr.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\netoq32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\netoq32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\ntap.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\ntap.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\ntek32.exe
Thu Feb 17 21:37:52 2005 => File C:\!Submit\ntek32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:52 2005 => Scanning File C:\!Submit\ntwo32.exe
Thu Feb 17 21:37:53 2005 => File C:\!Submit\ntwo32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:53 2005 => Scanning File C:\!Submit\sdkwc32.exe
Thu Feb 17 21:37:53 2005 => File C:\!Submit\sdkwc32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:53 2005 => Scanning File C:\!Submit\winbl.exe
Thu Feb 17 21:37:53 2005 => File C:\!Submit\winbl.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:53 2005 => Scanning File C:\!Submit\winlj32.exe
Thu Feb 17 21:37:53 2005 => File C:\!Submit\winlj32.exe infected by "Backdoor.Win32.Small.dc" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:37:53 2005 => Scanning File C:\!Submit\winsys.bat
Thu Feb 17 21:37:53 2005 => File C:\!Submit\winsys.bat infected by "Backdoor.IRC.Zapchast" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:38:16 2005 => Scanning File C:\AVPersonal\INFECTED\plugin.VIR
Thu Feb 17 21:38:17 2005 => File C:\AVPersonal\INFECTED\plugin.VIR infected by "Trojan.Win32.Agent.p" Virus. Action Taken: No Action Taken.


Thu Feb 17 21:39:06 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\backups\backup-20050216-182056-939.dll infected by "Trojan-Downloader.Win32.Agent.bq" Virus. Action Taken: No Action Taken.


Thu Feb 17 21:41:39 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\Programme\Programme\stormwarningactive.exe infected by "not-a-virus:AdWare.Gator.1050" Virus. Action Taken: No Action Taken.


Thu Feb 17 21:41:40 2005 => File C:\Dokumente und Einstellungen\Administrator\Desktop\Programme\Programme\undertheseasactive.exe infected by "not-a-virus:AdWare.Gator.1050" Virus. Action Taken: No Action Taken.

Einstellungen\Administrator\Desktop\Programme\Sonstiges\sex2000.exe infected by "not-a-virusorn-Dialer.Win32.Generic" Virus. Action Taken: No Action Taken.


Thu Feb 17 21:48:37 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.


Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.


Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:48:38 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Thu Feb 17 21:48:38 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.



Thu Feb 17 21:48:38 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.

Thu Feb 17 22:12:57 2005 => File C:\Spiele\Zubehör\dupe.exe infected by "not-virus:Joke.Win32.Sojfuse" Virus. Action Taken: No Action Taken.

Thu Feb 17 22:15:21 2005 => File C:\Up Yours 3.0\mailcheck.exe infected by "Email-Flooder.Win32.Uy.30" Virus. Action Taken: No Action Taken.


thx ecLie

#85 Hallo@ecLie

KillBox
http://www.bleepingcomputer.com/files/killbox.php

<Delete File on Reboot--> anklicken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

-->"you want to reboot" auf "yes" gehen dann kommt die Meldung : "PendingFileRenameOperations Registry Data has been Removed by External Process".


C:\!Submit\adddw32.exe
C:\!Submit\addny32.exe
C:\!Submit\addot32.exe
C:\!Submit\addrv32.exe
C:\!Submit\apiku.exe
C:\!Submit\apiqk32.exe
C:\!Submit\apiuk32.exe
C:\!Submit\appbi.exe
C:\!Submit\appjn32.exe
C:\!Submit\appsz32.exe
C:\!Submit\appwu32.exe
C:\!Submit\atlne.exe
C:\!Submit\atltq.exe
C:\!Submit\crmj32.exe
C:\!Submit\crvc32.exe
C:\!Submit\d3hn32.ex
C:\!Submit\d3sf.exe
C:\!Submit\d3vf32.exe
C:\!Submit\d3yp32.exe
C:\!Submit\d3yq32.exe
C:\!Submit\iezk32.exe
C:\!Submit\javaoc.exe
C:\!Submit\javaum32.exe
C:\!Submit\mfcuq32.exe
C:\!Submit\msaz32.exe
C:\!Submit\mszk32.exe
C:\!Submit\netbl.exe
C:\!Submit\netbm32.exe
C:\!Submit\netcr32.exe
C:\!Submit\netda32.exe
C:\!Submit\nethr.exe
C:\!Submit\netoq32.exe
C:\!Submit\ntap.exe
C:\!Submit\ntek32.exe
C:\!Submit\ntwo32.exe
C:\!Submit\sdkwc32.exe
C:\!Submit\winbl.exe
C:\!Submit\winlj32.exe
C:\!Submit\winsys.bat
C:\AVPersonal\INFECTED\plugin.VIR

C:\Dokumente und Einstellungen\Administrator\Desktop\backups\backup-20050216-182056-939.dll

C:\Dokumente und Einstellungen\Administrator\Desktop\Programme\Programme\stormwarningactive.exe

C:\Dokumente und Einstellungen\Administrator\Desktop\Programme\Programme\undertheseasactive.exe

Einstellungen\Administrator\Desktop\Programme\Sonstiges\sex2000.exe

C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
C:\Spiele\Zubehör\dupe.exe
C:\Up Yours 3.0\mailcheck.exe

PC neustarten

dann poste das neue Log vom HijackThis

__________________________________________________________________________________________________________________________________________
__________
MfG Sabina

rund um die PC-Sicherheit

#86 Logfile of HijackThis v1.99.1
Scan saved at 13:53:03, on 19.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Stardock\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\D-Tools\daemon.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Logitech\iTouch\iTouch.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Ahead\InCD\InCD.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\ICQLite\ICQLite.exe
C:\Programme\QuickTime\qttask.exe
C:\iTunes\iTunesHelper.exe
C:\AVPersonal\AVGNT.EXE
C:\POP-UP~1\PSFree.exe
C:\Programme\Messenger\msmsgs.exe
C:\steam\steam.exe
C:\WINDOWS\System32\ctfmon.exe
C:\a2\a2guard.exe
C:\AVPersonal\AVGUARD.EXE
C:\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Teamspeak2_RC2\TeamSpeak.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.de/Herzlich_Willkommen/b1/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1 & 1 Internet AG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMax] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ICQ Lite] C:\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [a-squared] "C:\a2\a2guard.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {CB636849-B5BF-4BCF-B636-BA1DD53CBEEA} - C:\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {CB636849-B5BF-4BCF-B636-BA1DD53CBEEA} - C:\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.de/Herzlich_Willkommen/b1/
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Florian
O17 - HKLM\Software\..\Telephony: DomainName = Florian
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Florian
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Florian
O20 - Winlogon Notify: WB - C:\Stardock\WINDOW~1\fastload.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

#87 Hallo@ecLie

es ist alles sauber

Fixe noch mit dem HijackThis:
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\POP-UP~1\PSFree.exe"
neustarten

dann lade den Firefox und surfe nur noch mit ihm (da brauchst du das PSFree nicht mehr)

#Alternativbrowser zum IE
Firefox
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html

#Windows-Dienste abschalten"!
http://www.dingens.org/

#Windows Worms Doors Cleaner erlaubt Ihnen die Dienste auf die die Würmer angewiesen sind, zu schließen
http://www.firewallleaktester.com/wwdc.htm
__________
MfG Sabina

rund um die PC-Sicherheit

#88 hi leute,
ich hab auch probleme mit dem lefeat und ich bin mir nicht sicher ob ich ihn
los bin oder ob ich sogar noch andere sachen drauf hab.
da ihr das ja anscheinend aus diesen hijack logs rauslesen könnt wollt ich mal fragen ob da noch was verdächtiges bei mir ist.


-------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:02:58, on 20.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Salami\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15007/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105901148650
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15008/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B59B94BF-B297-4E09-86B4-B3EC81FE147E}: NameServer = 212.95.97.66 212.95.108.3
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Remote Procedure Call (RPC) Helper (�%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\apici.exe (file missing)
----------------------------------------------------------------------


liebe grüße
justin

#89 Hallo@DaNiro

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: Remote Procedure Call (RPC) Helper (�%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\apici.exe (file missing)

PC neustarten

Download Registry Search Tool :
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
Doppelklick:regsrch.vbs

kopiere rein:

�%AF夶À¨

Press 'OK'
warten, bis die Suche beendet ist.

kopiere rein:

Remote Procedure Call (RPC) Helper

Press 'OK'
warten, bis die Suche beendet ist.


1. Öffne den Editor (Start -> Programme -> Zubehör) und kopiere den Inhalt des folgenden Zitats in das Editorfenster. Speichere die Datei anschließend unter dem Namen DelDomains.inf mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
2. Schließe den InternetExplorer.
3. Klicke die Datei DelDomains.inf mit der rechten Maustaste an und dann auf 'Installieren'.
---------------------------------------------------------------------------------------------------------


[version]
signature="$CHICAGO$"

[DefaultInstall]
DelReg=DelTemps
AddReg=AddTemps

[DelTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

; Recreate the keys to avoid a restart

[AddTemps]
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"


-----------------------------------------------------------------------------------------


öffne das HijackThis
Open the Misc Tools section-->delete a file of reboot
dann reinkopieren

C:\WINDOWS\system32\apici.exe

4.) wenn dann die Frage kommt, ob neugestartet werden soll (will be deleted by Windows when the system restarts....Do you want to restart your computer now?" )-->>klicke "yes"

PC neustarten

eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->

dann alles infected loeschen !!!
__________
MfG Sabina

rund um die PC-Sicherheit

#90 Hallo Sabine,

nachdem ich mir auch diesen lefeat virus eingefangen habe bin ich auf diese Seite gestoßen und habe gesehen, dass du ja enorm viel Ahnung hast. Ich hoffe du kannst auch mir helfen.

Seitdem ich mir gestern das SP2 runtergeladen und installiert habe kann ich allerdings nicht mehr auf meine Systemsteuerung und auf den Arbeitsplatz zugreifen. Im abgesicherten Modus geht es jedoch.

Hier ist mal mein HijackThis.log:

Logfile of HijackThis v1.99.1
Scan saved at 12:42:49, on 27.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Sage KHK Shared\MAILSPOOL.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\nttu.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Dokumente und Einstellungen\thoRsten\Anwendungsdaten\estr.exe
C:\WINDOWS\System32\l?ass.exe
C:\WINDOWS\DitExp.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\ntpa32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\thoRsten\LOKALE~1\Temp\Rar$EX00.937\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yycgp.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yycgp.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yycgp.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yycgp.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yycgp.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yycgp.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yycgp.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - C:\WINDOWS\msil32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MAILSPOOL] C:\Programme\Gemeinsame Dateien\Sage KHK Shared\MAILSPOOL.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Programme\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [nttu.exe] C:\WINDOWS\system32\nttu.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunOnce: [ntpa32.exe] C:\WINDOWS\ntpa32.exe
O4 - HKLM\..\RunOnce: [crqc32.exe] C:\WINDOWS\crqc32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Rlos] C:\Dokumente und Einstellungen\thoRsten\Anwendungsdaten\estr.exe
O4 - HKCU\..\Run: [Aevip] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {36AF14E3-8E6A-413E-A01F-360900AD6802} - http://www.medionshop.de (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.de
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/4d6f0a98/enter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Network Security Service (NSS) (� 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\system32\sdkew32.exe (file missing)

Gruss

Thorsten