Warning! Your Computer might be infected with spyware or adware!

#0
27.10.2005, 22:56
...neu hier

Beiträge: 7
#1 hallo!

also ich weiss dass dieser "fehler" schon des öfteren aufgetreten ist, aber ich wusste ned sicher ob ich es nach dem gleichen schema beheben kann wie in den anderen threads beschrieben wurde...

1. falls ja: ...bitte einfach sagen dann les ich es da nach und ihr könnt euch die viele arbeit sparen.

2. falls nein: ...wäre ich sehr dankbar über jede art von hilfe!

hab schon mit virenscanner (mc affee) gesucht und anbei noch n hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:55:35, on 27.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Mc Afee\Avsynmgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
D:\Programme\Mc Afee\VsStat.exe
D:\Programme\Mc Afee\Vshwin32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
D:\Programme\Mc Afee\Avconsol.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe
D:\PROGRA~1\HP\AiO\Shared\Bin\hpoevm07.exe
D:\Programme\HP\AiO\Shared\bin\hpOSTS07.exe
D:\Programme\HP\AiO\Shared\bin\hpOFXM07.exe
C:\Programme\Gemeinsame Dateien\Network Associates\On Demand Scanner\Scan32\SCAN32.EXE
D:\Programme\ICQ\ICQLite.exe
D:\Programme\Winamp\Winamp.exe
D:\PROGRA~1\FIREFOX\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\-Felix-\LOKALE~1\Temp\Rar$EX00.625\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packetnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\System32\hp92D5.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Treiber\SoundBlaster\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ObjectDock] -
O4 - HKCU\..\Run: [WinRoll] -
O4 - HKCU\..\Run: [Yz Shadow] -
O4 - HKCU\..\Run: [AtiTrayTools] D:\Programme\Omega\ATI Tray Tools\atitray.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQ\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Office 2000\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\-Felix-\Startmenü\Programme\IMVU\Run IMVU.lnk
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com/multiplayer/odyssey_web8.cab
O18 - Protocol: bw+0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\Programme\Mc Afee\Avsynmgr.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - Unknown owner - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - D:\Programme\Speed Manager\tsmsvc.exe


Virenscanner gesucht und folgendes gelöscht:

27.10.2005 19:55 Scan Settings FELIX\-Felix- Scan targets
27.10.2005 19:55 Scan Settings FELIX\-Felix- C:\
27.10.2005 19:57 Trojan FELIX\-Felix- C:\WINDOWS\system32\1024\ld256B.tmp QDial-34 (Removable)
27.10.2005 19:57 Deleted FELIX\-Felix- C:\WINDOWS\system32\1024\ld256B.tmp
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\getaccess.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\getaccess.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\insecureclassloader.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\insecureclassloader.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\dummy.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\dummy.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\installer.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-6a0f8d6d-10f9a54e.zip\installer.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\blackbox.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\blackbox.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\vb.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\vb.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\dummy.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\dummy.class
27.10.2005 20:05 Trojan FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\beyond.class Exploit-ByteVerify (Removable)
27.10.2005 20:05 Deleted FELIX\-Felix- C:\Dokumente und Einstellungen\-Felix-\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-455277fe-315b4b1f.zip\beyond.class
27.10.2005 20:09 Scan Summary FELIX\-Felix- Scan Summary
27.10.2005 20:09 Scan Summary FELIX\-Felix- Memory scan : No Viruses Found
27.10.2005 20:09 Scan Summary FELIX\-Felix- Boot sectors scanned : 1
27.10.2005 20:09 Scan Summary FELIX\-Felix- Boot sectors infected : 0
27.10.2005 20:09 Scan Summary FELIX\-Felix- Boot sectors cleaned : 0
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files scanned : 52338
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files infected : 9
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files cleaned : 0
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files deleted : 9
27.10.2005 20:09 Scan Summary FELIX\-Felix- Files moved : 0


bin wie gesagt sehr dankbar für schnelle hilfe...
mfg
felix
Seitenanfang Seitenende
28.10.2005, 15:18
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@CamCo

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll
O4 - HKCU\..\Run: [ObjectDock] -
O4 - HKCU\..\Run: [WinRoll] -
O4 - HKCU\..\Run: [Yz Shadow] -

O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O18 - Protocol: bw+0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9E32AD56-3CB6-4536-9775-FA53D5F928D5} - D:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


PC neustarten

deinstallieren:
C:\Programme\Security Toolbar

kopiere bitte die 4 Logs hier (3 Monate vom Datum her genuegen
http://virus-protect.org/datfindbat.html
+

das Log vom Silentrunner
http://virus-protect.org/silentrunner.html

+
Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.10.2005, 17:44
...neu hier

Themenstarter

Beiträge: 7
#3

Zitat

deinstallieren:
C:\Programme\Security Toolbar
wie geht das? da is nur eine "security toolbar" und "uninstall.bat" drinnen... wie verwendet man die?


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A02A-1A7F

Verzeichnis von C:\WINDOWS\system32

28.10.2005 17:35 5.304 ncompat.tlb
28.10.2005 17:33 4.608 msvol.tlb
28.10.2005 17:33 16.384 hp7F19.tmp
28.10.2005 17:33 15.360 ld78FE.tmp
27.10.2005 19:49 4.286 ot.ico
27.10.2005 19:49 4.286 ts.ico
27.10.2005 19:49 12.432 nvctrl.exe
27.10.2005 19:47 10.316 mscornet.exe
23.10.2005 12:17 2.422 wpa.dbl
05.07.2005 23:28 1.212.416 NCTAudioInformation2.dll
05.07.2005 23:28 454.656 NCTAudioRecord2.dll
05.07.2005 23:28 1.986.560 NCTAudioFile2.dll
05.07.2005 23:28 458.752 NCTAudioPlayer2.dll
05.07.2005 23:28 602.112 NCTAudioTransform2.dll
05.07.2005 23:28 876.544 NCTAudioEditor2.dll


"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"LDM" = "D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]
"Steam" = (empty string)
"AtiTrayTools" = "D:\Programme\Omega\ATI Tray Tools\atitray.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "mscornet.exe" [null data]
"nvctrl.exe" = "nvctrl.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"Jet Detection" = "D:\Treiber\SoundBlaster\PROGRAM\ADGJDet.exe" [empty string]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Share-to-Web Namespace Daemon" = "C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"ATIPTA" = ""C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"WinampAgent" = "D:\Programme\Winamp\winampa.exe" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{3bf1f86f-b1a8-489b-8d8b-43781d51411f}\(Default) = "HomepageBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hp7F19.tmp" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\OFFICE~1\Office\OLKFSTUB.DLL" [MS]
"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]
"{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQShExt.dll" ["ICQ"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
"{F16F2A47-893D-4FFC-A83A-E66C9F5AC838}" = "Audiofan Wave to MP3 Converter 1.0 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\amese.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" [file not found]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\SmartFTP\smarthook.dll" ["SmartFTP"]
"{6EE51AA0-77A0-11D7-B4E1-000347126E46}" = "Window Washer Shell Shredding Utility"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\Real\rpshell.dll" ["RealNetworks, Inc."]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Ordner HP Share-to-Web"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQLiteShell.dll" [empty string]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\iColorFolder\CMExt.dll" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQLiteShell.dll" [empty string]
Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WS FTP\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Audiofan Wave to MP3 Converter\(Default) = "{F16F2A47-893D-4FFC-A83A-E66C9F5AC838}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\amese.dll" [null data]
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\iColorFolder\CMExt.dll" [file not found]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQLiteShell.dll" [empty string]
Washer\(Default) = "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\WEBROO~1\SHELLW~1.DLL" ["Webroot Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WS FTP\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"

Active Desktop web content:

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"FriendlyName" = "Warning homepage"
"Source" = "C:\WINDOWS\warnhp.html"
"SubscribedURL" = ""


Startup items in "-Felix-" & "All Users" startup folders:
---------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Microsoft Office" -> shortcut to: "D:\Programme\Office 2000\Office\OSA9.EXE -b -l" [MS]
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"HPAiODevice(hp officejet d series) - 1" -> shortcut to: "D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe -DeviceID 1107811900" ["Hewlett-Packard Co."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{6224F700-CBA3-4071-B251-47CB894244CD}\
"ButtonText" = "ICQ Pro"
"MenuText" = "ICQ"
"Exec" = "D:\PROGRA~1\ICQ\ICQ.exe" ["ICQ Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "D:\Programme\ICQ\ICQLite.exe" ["ICQ Ltd."]

{D9288080-1BAA-4BC4-9CF8-A92D743DB949}\
"ButtonText" = "Run IMVU"
"Exec" = "C:\Dokumente und Einstellungen\-Felix-\Startmenü\Programme\IMVU\Run IMVU.lnk" [null data]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVSync Manager, AvSynMgr, ""D:\Programme\Mc Afee\Avsynmgr.exe"" ["Network Associates, Inc."]
C-DillaSrv, C-DillaSrv, "C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"]
Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."]
GEARSecurity, GEARSecurity, "SYSTEM32\GEARSEC.EXE" ["GEAR Software"]
McShield, McShield, ""C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe"" ["Network Associates, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]
Canon BJ Language Monitor BJC-6000\Driver = "CNMLM1N.DLL" ["CANON INC."]
PRTmate\Driver = "PRTmate.dll" [null data]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 64 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 11 seconds.
---------- (total run time: 194 seconds)



10/28/05 17:43:13 [Info]: BlackLight Engine 1.0.24 initialized
10/28/05 17:43:13 [Info]: OS: 5.1 build 2600 (Service Pack 1)
10/28/05 17:43:14 [Note]: 4019 4
10/28/05 17:43:14 [Note]: 4005 0
10/28/05 17:43:20 [Note]: 4006 0
10/28/05 17:43:20 [Note]: 4011 840
10/28/05 17:43:20 [Note]: FSRAW library version 1.7.1013
10/28/05 17:44:05 [Note]: 4007 0



danke schonmal für deine hilfe!
Seitenanfang Seitenende
28.10.2005, 17:57
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo@

gehe in die registry

start-->ausfuehren-->regedit

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
loesche:
"FriendlyName" = "Warning homepage"
"Source" = "C:\WINDOWS\warnhp.html"
"SubscribedURL" = ""

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

loeschen:
"wininet.dll" = "mscornet.exe"
"nvctrl.exe" = "nvctrl.exe"



Killbox
http://virus-protect.org/killbox.html
Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\msvol.tlb
C:\WINDOWS\system32\hp7F19.tmp
C:\WINDOWS\system32\ld78FE.tmp
C:\WINDOWS\System32\hp92D5.tmp
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\ts.ico
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\warnhp.html
C:\WINDOWS\system32\mscornet.exe

PC neustarten

CCleaner (loesche alle temporaeren Dateien)
http://virus-protect.org/temp.html

Falls nötig, das ausführen (Geht auch über Systemsteuerung - Anzeige)
1 - Taskleiste Rechtsklick - dann Eigenschaften.
2 - Taskleiste automatisch ausblenden: Aktivieren.
3 - Man kann nun einen kleinen Teil des alten Desktop- hintergrundes sehen, da wo die Taskleiste früher war.
4 - Rechtsklick - Eigenschaften auf den kleinen alten Desktop ausschnitt.
5 - Desktop - dann auf: Desktop anpassen
6 - Web-Karteikarte auswählen
7 - Eintrag "Warning homepage" Löschen

smitRem TOOL (Entfernungstool)
http://noahdfear.geekstogo.com/
öffne smitRem folder,Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)
suche smitfiles.txt und poste die Textdatei in den Thread

dann poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.10.2005, 02:00
...neu hier

Themenstarter

Beiträge: 7
#5 smitRem © log file
version 2.7

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! ;)





Logfile of HijackThis v1.99.1
Scan saved at 02:02:30, on 29.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Mc Afee\Avsynmgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
D:\Programme\Mc Afee\VsStat.exe
D:\Programme\Mc Afee\Vshwin32.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
D:\Programme\Mc Afee\Avconsol.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
D:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe
D:\PROGRA~1\HP\AiO\Shared\Bin\hpoevm07.exe
D:\Programme\HP\AiO\Shared\bin\hpOSTS07.exe
D:\Programme\HP\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\explorer.exe
D:\PROGRA~1\FIREFOX\FIREFOX.EXE
C:\Dokumente und Einstellungen\-Felix-\Eigene Dateien\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packetnews.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Treiber\SoundBlaster\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AtiTrayTools] D:\Programme\Omega\ATI Tray Tools\atitray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Office 2000\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\-Felix-\Startmenü\Programme\IMVU\Run IMVU.lnk
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\Programme\Mc Afee\Avsynmgr.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - Unknown owner - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - D:\Programme\Speed Manager\tsmsvc.exe
Seitenanfang Seitenende
29.10.2005, 15:19
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo@CamCo

das sieht ja schon sehr gut aus ;)
nun wirst du mit richtigen Virenscannern arbeiten...um zu sehen, was ich nicht gefunden habe ;)

http://virus-protect.org/counterspy.html
loesche nach Anweisung auf meiner Seite die Malware und poste den Scanreport
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.10.2005, 19:08
...neu hier

Themenstarter

Beiträge: 7
#7 Spyware Scan Details
Start Date: 29.10.2005 18:53:32
End Date: 29.10.2005 19:20:10
Total Time: 26 mins 38 secs

Detected spyware

WhenU.ClockSync Adware Bundler more information...
Details: ClockSync: a program that sits in the desktop tray and periodically synchronizes the local PC system clock with standard atomic clock time available online.
Status: Deleted


My Way Speedbar Browser Plug-in more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted

Infected files detected
c:\programme\myway\mybar\history\search
c:\programme\myway\mybar\settings\prevcfg.htm

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pid DI
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 33D541AD-0AAA-43D8-AE9B-1A21C5F4661C
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://barcfg.myway.com/cfg/speedbar/mySpeedbarCfg2.jsp?p=DI&s=s43
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2004060816
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 1


DelFin.Media Viewer Adware more information...
Details: DelFin Media Viewer, also called PromulGate, is an adware-based media player.
Status: Deleted

Infected files detected
c:\keys.ini
C:\WINDOWS\system32\wsxsvc\License.txt


Paltalk Low Risk Adware more information...
Details: Paltalk is an advertising-supported instant messaging client.
Status: Deleted

Infected files detected
C:\WINDOWS\iun6002.exe


BookedSpace Browser Plug-in more information...
Details: BookedSpace is an Internet Explorer Browser Helper Object used to show popup advertising.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pcsvc\delfinTG.ebd
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wsxs\delfinTG.ebd
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wsxs\delfinST.ebd


Neoturk RAT more information...
Status: Deleted

Infected files detected
E:\Half Life\cstrike\sound\misc\hastalavista.wav


NavExcel Search Toolbar Browser Hijacker more information...
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\appid\nhelper.dll
HKEY_CLASSES_ROOT\appid\nhelper.dll AppID {710BCB5B-8C6C-483E-A4F5-FAF083B13184}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\NHelper.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\NHelper.DLL AppID {710BCB5B-8C6C-483E-A4F5-FAF083B13184}
HKEY_CURRENT_USER\Software\NavExcel Ltd


TurboDownload Adware more information...
Details: IEDriver also known as TurboDownloadand PopUp Killer, downloads and displays advertisements.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MaxSpeed
HKEY_LOCAL_MACHINE\SOFTWARE\MaxSpeed ConnectionType 1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac} DisplayName MaxSpeed
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac} UninstallString C:\WINDOWS\System32\ms.exe /c


WildTangent Low Risk Adware more information...
Details: WildTangent is an online gaming plugin bundle from Wildtangent.com similar to Macromedia’s flash. WildTangent uses a built in required feature that is used to provide adware based advertising to the user.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls wtControlPanel


KeenValue PerfectNav Browser Hijacker more information...
Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} installDate 2004/05/28 13:46
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} VersionNumber 1.0.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} TrackGuid 8FBDC737-0010-41E3-BBCF-731884CB2FD9
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr Install_Dir C:\Programme\Common files\updmgr
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr EXEName updmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr VersionNumber 1.5.1
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr cid BD164DF6-65AF-467A-97C2-89B724051FB6
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr installDate 2004/05/28 13:46
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr puid 7818cd7c-e142-4e27-8dad-5064e18a27b2
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr LastUpdateAttempt 1086208506
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC}
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} installDate 2004/05/28 13:46
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} VersionNumber 1.0.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} TrackGuid 8FBDC737-0010-41E3-BBCF-731884CB2FD9


My Search Bar Potentially Unwanted Software more information...
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}


Grokster P2P more information...
Details: Free version installs adware and spyware including GAIN, CyDoor, My Search, WebRebates, and Relivant Knowledge.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\Magnet
HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire\Type urn:sha1 0
HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire LimeWire Peer to Peer
HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire Description LimeWire is the best P2P client.
HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire DefaultIcon "D:\Programme\LimeWire\LimeWire.ico",-128
HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire ShellExecute "D:\Programme\LimeWire\LimeWire.exe" "%URL"
HKEY_LOCAL_MACHINE\Software\Magnet\Handlers\LimeWire kt 0
HKEY_CLASSES_ROOT\magnet
HKEY_CLASSES_ROOT\magnet\DefaultIcon "D:\Programme\LimeWire\LimeWire.ico",-128
HKEY_CLASSES_ROOT\magnet\shell\open\command "D:\Programme\LimeWire\LimeWire.exe" "%L"
HKEY_CLASSES_ROOT\magnet URL Protocol
HKEY_CLASSES_ROOT\magnet URL:MagNet Protocol


Radar Spy 1.0 Cookie more information...
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\-felix-\cookies\-felix-@tradedoubler[1].txt
Seitenanfang Seitenende
30.10.2005, 21:41
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 http://virus-protect.org/reinigungstoolsregistry.html
TuneUp 2006 (30 Tage free) Shareware
wende an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner

dann muesste alles wieder in Ordnung sein ;)

poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.10.2005, 12:22
...neu hier

Themenstarter

Beiträge: 7
#9 Logfile of HijackThis v1.99.1
Scan saved at 12:23:40, on 31.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\CounterSpy\Thread.exe
D:\Programme\Mc Afee\Avsynmgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
D:\Programme\CounterSpy\SunProtectionServer.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\Mc Afee\VsStat.exe
D:\Programme\Winamp\winampa.exe
D:\Programme\CounterSpy\sunserver.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Programme\Mc Afee\Vshwin32.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe
D:\Programme\Mc Afee\Avconsol.exe
D:\PROGRA~1\HP\AiO\Shared\Bin\hpoevm07.exe
D:\Programme\HP\AiO\Shared\bin\hpOSTS07.exe
D:\Programme\HP\AiO\Shared\bin\hpOFXM07.exe
D:\Programme\ICQ\ICQLite.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\msiexec.exe
D:\Programme\CounterSpy\Thread.exe
D:\Programme\CounterSpy\SunProtectionServer.exe
C:\Dokumente und Einstellungen\-Felix-\Eigene Dateien\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Treiber\SoundBlaster\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunServer] D:\Programme\CounterSpy\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Office 2000\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = D:\Programme\HP\AiO\hp officejet d series\Bin\hpoojd07.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\-Felix-\Startmenü\Programme\IMVU\Run IMVU.lnk
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\Programme\Mc Afee\Avsynmgr.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McShield - Unknown owner - C:\Programme\Gemeinsame Dateien\Network Associates\McShield\Mcshield.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - D:\Programme\Speed Manager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp\WinStylerThemeSvc.exe
Seitenanfang Seitenende
31.10.2005, 12:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 deinstalliere den Counterspy wieder

Fixe mit dem HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.sharempeg.com/find/

neustarten

scanne mit ewido
und poste den scanreport
http://virus-protect.org/ewido.html

neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

dann poste das Hijackthis-Log noch mal
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.11.2005, 15:00
Member

Beiträge: 13
#11 Hi, ich habe genau das selbe Problem. Hab schon in vielen anderen Foren nachgelesen, dass ihr jeweils den HijackThis-Log ausgewertet habt. Ich konnte einiges damit anfangen und hab bereits einige dieser Daten gelöscht. Aber bei vielen anderen Dateien in meinem Log weiß ich nicht, ob ich die auch löschen muss. Außerdem kann ich die folgende Datei nicht löschen:

O2 - BHO: (no name) - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp71A5.tmp

Wäre nett, wenn sich jemand damit befassen könnte... ich hab da nämlich 0 Ahnung von. Hier mein HijackThis-Log:

Logfile of HijackThis v1.99.1
Scan saved at 14:58:55, on 04.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\WINDOWS\asuskbservice.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Java\jre1.5.0_04\bin\jusched.exe
D:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
E:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
D:\Programme\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Andreas Fischer\Desktop\HijackThis.exe

O2 - BHO: (no name) - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp71A5.tmp
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Programme\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\system32\dflnl.exe
O4 - HKLM\..\Run: [THGuard] "D:\Programme\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Seitenanfang Seitenende
04.11.2005, 15:09
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Pesco

CCleaner
http://www.ccleaner.com/ccdownload.asp
lösche alle temp-Dateien



kopiere bitte die 4 Logs hier (3 Monate vom Datum her genuegen
http://virus-protect.org/datfindbat.html
+

das Log vom Silentrunner
http://virus-protect.org/silentrunner.html

+
Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.11.2005, 18:13
Member

Beiträge: 13
#13 Datfind

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 483C-3C44

Verzeichnis von C:\WINDOWS\system32

04.11.2005 18:07 5.420 ncompat.tlb
04.11.2005 17:40 5.120 msvol.tlb
04.11.2005 17:40 16.384 hp49E0.tmp
04.11.2005 17:40 12.584 nvctrl.exe
04.11.2005 17:38 890 vsconfig.xml
04.11.2005 17:38 15.360 ld7493.tmp
02.11.2005 17:03 16.384 hp787B.tmp
02.11.2005 15:26 16.384 hp7F80.tmp
01.11.2005 19:44 16.384 hp7E86.tmp
01.11.2005 19:41 16.384 hp92.tmp
01.11.2005 17:08 16.384 hp7AAE.tmp

01.11.2005 16:37 380.486 perfh009.dat
01.11.2005 16:37 391.330 perfh007.dat
01.11.2005 16:37 52.900 perfc009.dat
01.11.2005 16:37 63.778 perfc007.dat
01.11.2005 16:37 897.954 PerfStringBackup.INI
01.11.2005 16:36 231.184 FNTCACHE.DAT
01.11.2005 14:55 4.286 ts.ico
01.11.2005 14:55 4.286 ot.ico
01.11.2005 14:54 8.844 mssearchnet.exe
01.11.2005 14:44 13.002 wpa.dbl
01.11.2005 14:37 253 spupdwxp.log
28.10.2005 21:40 10.480 mscornet.exe

17.10.2005 19:58 65.536 QuickTimeVR.qtx
17.10.2005 19:57 49.152 QuickTime.qts
15.10.2005 10:48 10.800 SpoonUninstall-Janitor Dan the Spaceman.dat
15.10.2005 10:48 164.352 SpoonUninstall.exe
15.10.2005 10:48 82.994 SpoonUninstall-Janitor Dan the Spaceman.bmp
05.10.2005 08:36 2.301.792 MRT.exe
04.10.2005 17:26 3.013.120 mshtml.dll
23.09.2005 04:06 8.491.520 shell32.dll
20.09.2005 11:17 12.980 wpa.bak
20.09.2005 11:15 3.799 jupdate-1.5.0_04-b05.log
19.09.2005 18:02 4.212 zllictbl.dat
19.09.2005 17:34 0 h323log.txt
19.09.2005 17:33 16.832 amcompat.tlb
19.09.2005 17:33 23.392 nscompat.tlb
19.09.2005 17:31 56 D565C814A7.sys
19.09.2005 16:47 25.065 wmpscheme.xml
19.09.2005 16:43 261 $winnt$.inf
19.09.2005 16:41 2.951 CONFIG.NT
19.09.2005 16:40 488 WindowsLogon.manifest
19.09.2005 16:40 488 logonui.exe.manifest
19.09.2005 16:40 749 sapi.cpl.manifest
19.09.2005 16:40 749 cdplayer.exe.manifest
19.09.2005 16:40 749 wuaucpl.cpl.manifest
19.09.2005 16:40 749 ncpa.cpl.manifest
19.09.2005 16:40 749 nwc.cpl.manifest
19.09.2005 16:39 21.740 emptyregdb.dat
10.09.2005 02:54 2.067.968 cdosys.dll
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 1.484.288 shdocvw.dll
03.09.2005 00:53 474.112 shlwapi.dll
03.09.2005 00:53 205.312 dxtrans.dll
03.09.2005 00:53 39.424 pngfilt.dll
03.09.2005 00:53 146.432 msrating.dll
03.09.2005 00:53 530.432 mstime.dll
03.09.2005 00:53 55.808 extmgr.dll
03.09.2005 00:53 605.696 urlmon.dll
03.09.2005 00:53 251.392 iepeers.dll
03.09.2005 00:53 448.512 mshtmled.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 1.019.904 browseui.dll
03.09.2005 00:53 152.064 cdfview.dll
03.09.2005 00:53 1.055.744 danim.dll
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
30.08.2005 04:55 1.292.800 quartz.dll
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll

---------------------------------------------------------------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 483C-3C44

Verzeichnis von C:\DOKUME~1\ANDREA~1\LOKALE~1\Temp

04.11.2005 17:39 16.384 ~DF861.tmp
04.11.2005 17:39 16.384 ~DFD533.tmp
04.11.2005 17:39 512 ~DFAF1D.tmp
04.11.2005 17:39 16.384 ~DFAF07.tmp
04.11.2005 15:15 353.292 hpodvd09.log
5 Datei(en) 402.956 Bytes
0 Verzeichnis(se), 11.362.922.496 Bytes frei

----------------------------------------------------------------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 483C-3C44

Verzeichnis von C:\WINDOWS

04.11.2005 17:38 0 0.log
04.11.2005 17:38 840.170 WindowsUpdate.log
04.11.2005 17:38 159 wiadebug.log
04.11.2005 17:38 50 wiaservc.log
04.11.2005 17:38 2.048 bootstat.dat
04.11.2005 15:15 32.556 SchedLgU.Txt
04.11.2005 14:26 177.229 setupact.log
03.11.2005 19:13 59.392 streamhlp.dll
01.11.2005 19:26 766 win.ini
01.11.2005 16:34 1.374 imsins.log
01.11.2005 16:34 115.317 comsetup.log
01.11.2005 16:34 125.310 tsoc.log
01.11.2005 16:34 48.437 iis6.log
01.11.2005 16:34 16.074 ocmsn.log
01.11.2005 16:34 69.385 ntdtcsetup.log
01.11.2005 16:34 31.725 KB899587.log
01.11.2005 16:34 157.712 ocgen.log
01.11.2005 16:34 16.190 msgsocm.log
01.11.2005 16:34 313.154 FaxSetup.log
01.11.2005 16:34 20.939 setupapi.log
01.11.2005 16:34 13.230 updspapi.log
01.11.2005 16:34 1.374 imsins.BAK
01.11.2005 16:34 30.847 KB896422.log
01.11.2005 16:34 30.584 KB885835.log
01.11.2005 16:34 29.588 KB885836.log
01.11.2005 16:34 30.408 KB885250.log
01.11.2005 16:34 30.534 KB901017.log
01.11.2005 16:34 30.852 KB899591.log
01.11.2005 16:34 30.659 KB893756.log
01.11.2005 16:34 27.967 KB896423.log
01.11.2005 16:34 29.164 KB873339.log
01.11.2005 16:34 29.232 KB888113.log
01.11.2005 16:33 29.555 KB887742.log
01.11.2005 16:33 28.960 KB887472.log
01.11.2005 16:33 29.318 KB896358.log
01.11.2005 16:33 28.290 KB891781.log
01.11.2005 16:33 1.024.746 setupapi.log.0.old
01.11.2005 16:33 33.631 KB902400.log
01.11.2005 16:33 25.514 KB890046.log
01.11.2005 16:33 22.238 KB896688.log

01.11.2005 15:22 5.941 KB893803v2.log
01.11.2005 15:21 6.873 KB898461.log
01.11.2005 14:55 1.668 warnhp.html
01.11.2005 14:45 1.165 OEWABLog.txt
01.11.2005 14:39 29.290 spupdsvc.log
01.11.2005 14:39 360 DtcInstall.log
01.11.2005 14:39 44.735 wmsetup.log
01.11.2005 14:39 316.640 WMSysPr9.prx
01.11.2005 14:34 140 winamp.ini
01.11.2005 14:07 426.271 svcpack.log
01.11.2005 14:03 200 cmsetacl.log
01.11.2005 14:03 739.516 setuplog.txt
01.11.2005 14:03 1.330 sessmgr.setup.log
28.10.2005 21:14 54.156 QTFont.qfn
27.10.2005 20:03 28.712 xpsp1hfm.log
27.10.2005 20:03 34.304 KB828741.log
27.10.2005 20:02 28.668 KB835732.log
27.10.2005 20:02 20.862 Q329834.log
27.10.2005 20:02 31.754 KB823559.log
27.10.2005 20:01 20.519 Q329048.log
27.10.2005 20:01 19.319 KB834707-IE6-20040929.115007.log
27.10.2005 20:01 23.602 Q810577.log
27.10.2005 20:00 20.439 Q810833.log
27.10.2005 19:59 17.332 Q811630.log
27.10.2005 19:59 16.289 Q329441.log
27.10.2005 19:58 16.030 Q817606.log
27.10.2005 19:57 12.915 Q329170.log
27.10.2005 19:56 1.587 Q329115.log
27.10.2005 19:56 1.227 Q329390.log
27.10.2005 19:56 961 Q323255.log
27.10.2005 19:45 7.195 KB842773.log
27.10.2005 16:38 1.409 QTFont.for
27.10.2005 16:37 649 GEARInstall.log
05.10.2005 17:15 403 nsw.log
26.09.2005 15:13 104.275 hpoins04.dat ??????????
26.09.2005 15:12 59.976 dasetup.log
26.09.2005 15:12 4.161 ODBCINST.INI
26.09.2005 15:11 1.442 COM+.log
26.09.2005 15:09 480 ODBC.INI
26.09.2005 14:52 15.378 Windows Update.log
19.09.2005 19:04 59 vbaddin.ini
19.09.2005 17:44 161.745 DirectX.log
19.09.2005 17:33 234 wmsetup10.log
19.09.2005 17:32 0 Sti_Trace.log
19.09.2005 17:30 1.348 regopt.log
19.09.2005 17:30 231 system.ini
19.09.2005 17:30 0 setuperr.log
19.09.2005 17:13 299.552 WMSysPrx.prx
19.09.2005 16:44 8.192 REGLOCS.OLD
19.09.2005 16:41 0 control.ini
19.09.2005 16:40 749 WindowsShell.Manifest
19.09.2005 16:39 36 vb.ini
24.06.2005 13:22 428.032 WRServices.dll
27.05.2005 00:22 10.752 hh.exe
04.08.2004 08:58 288.768 winhlp32.exe
04.08.2004 08:58 32.866 slrundll.exe
04.08.2004 08:58 153.600 regedit.exe
04.08.2004 08:58 70.144 notepad.exe
04.08.2004 08:57 1.035.264 explorer.exe
04.08.2004 08:57 50.688 twain_32.dll

--------------------------------------------------------------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 483C-3C44

Verzeichnis von C:\

04.11.2005 18:10 0 sys.txt
04.11.2005 18:10 8.272 system.txt
04.11.2005 18:10 491 systemtemp.txt
04.11.2005 18:09 103.664 system32.txt
04.11.2005 17:38 805.306.368 pagefile.sys
04.11.2005 14:25 1.348 smitfiles.txt
01.11.2005 14:03 211 boot.ini
01.11.2005 13:50 47.564 NTDETECT.COM
01.11.2005 13:50 251.184 ntldr
26.09.2005 15:14 1.159 _Sid.txt
19.09.2005 16:41 0 IO.SYS
19.09.2005 16:41 0 CONFIG.SYS
19.09.2005 16:41 0 AUTOEXEC.BAT
19.09.2005 16:41 0 MSDOS.SYS
18.08.2001 13:00 4.952 bootfont.bin
15 Datei(en) 805.725.213 Bytes
0 Verzeichnis(se), 11.362.889.728 Bytes frei

----------------------------------------------------------------------

Silentrunner

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "mscornet.exe" [null data]
"nvctrl.exe" = "nvctrl.exe" [null data]
"kernel32.dll" = "C:\WINDOWS\system32\mssearchnet.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"anvshell" = "anvshell.exe" ["AsusTeK Computer Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"AVGCtrl" = "C:\Programme\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"Zone Labs Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs Inc."]
"LWBMOUSE" = "C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = "D:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"HP Software Update" = ""D:\Programme\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Company"]
"HP Component Manager" = ""C:\Programme\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"iTunesHelper" = ""E:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"dflnl.exe" = "C:\WINDOWS\system32\dflnl.exe" [file not found]
"THGuard" = ""D:\Programme\TrojanHunter 3.9\THGuard.exe"" ["Mischel Internet Security"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd}\(Default) = "HomepageBHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hp49E0.tmp" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.9\contmenu.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.9\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.9\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1.9\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Andreas Fischer" & "All Users" startup folders:
-----------------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"HP Digital Imaging Monitor" -> shortcut to: "D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"HP Image Zone Schnellstart" -> shortcut to: "D:\Programme\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]
"Microsoft Office" -> shortcut to: "D:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
ASUSKeyboardService, ASUSKeyboardService, "C:\WINDOWS\asuskbservice.exe" ["ASUSTeK COMPUTER INC."]
iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 37 seconds, including 15 seconds for message boxes)

---------------------------------------------------------------------

Blacklight

11/04/05 18:05:08 [Info]: BlackLight Engine 1.0.25 initialized
11/04/05 18:05:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/04/05 18:05:09 [Note]: 4019 4
11/04/05 18:05:09 [Note]: 4005 0
11/04/05 18:05:19 [Note]: 4006 0
11/04/05 18:05:19 [Note]: 4011 1640
11/04/05 18:05:20 [Note]: FSRAW library version 1.7.1013
11/04/05 18:06:27 [Note]: 4007 0

----------------------------------------------------------------------

Das müsste alles gewesen sein. Danke übrigens, dass du mir hilfst ;)
Seitenanfang Seitenende
04.11.2005, 18:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 Ich arbeite das heute abend ab...jetzt geht es nicht...

aber inzwischen kannst du schon mit kaspersky scannen und den Scanreport posten
http://virus-protect.org/onlinescan.html


das muss gleoscht werden:
Verzeichnis von C:\WINDOWS\system32\

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\ncompat.tlb
C:\WINDOWS\system32\msvol.tlb
C:\WINDOWS\system32\hp49E0.tmp
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\vsconfig.xml
C:\WINDOWS\system32\d7493.tmp
C:\WINDOWS\system32\hp787B.tmp
C:\WINDOWS\system32\hp7F80.tmp
C:\WINDOWS\system32\hp7E86.tmp
C:\WINDOWS\system32\hp92.tmp
C:\WINDOWS\system32\hp7AAE.tmp
C:\WINDOWS\system32\ts.ico
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\wpa.dbl
C:\WINDOWS\system32\pupdwxp.log
C:\WINDOWS\system32\mscornet.exe
C:\WINDOWS\warnhp.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.11.2005, 18:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 DER REST...REGISTRY USW...HEUTE ABEND ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende