möglicher Trojaner oder Viren oder Wurmbefall

#1 Bekomme von Antivir seit heute ständig Meldungen über Malware und Heur/crypted.


Wie finde ich heraus, ob ich wirklich einen Wurm oder ähnliches auf dem Rechner hab? Virenscanner an sich findet nix.

Hab scho mal hijackthis logfile...

Danke für die Hilfe:

Logfile of HijackThis v1.99.1
Scan saved at 15:33:08, on 23.06.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\cssrss.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system\msnrav.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Trillian\trillian.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Winamp\winamp.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177178254703
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD7DA6E-89C9-40C0-8A97-7E43E99DE6AC}: NameServer = 212.18.3.5 212.18.0.5
O18 - Protocol: bw+0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

#2 Download ComboFix zum Desktop
Doppelklick combofix.exe
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt).
Kopiere den Inhalt des Berichts C:/Combofix/combofix.txt in dein folgender Bericht
__________
MfG Argus

#3 ComboFix 07-06-18.2 - C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
"Administrator" - 2007-06-23 16:23:29 - Service Pack 1 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cssrss.exe
C:\WINDOWS\system32\nso12k.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DRIVER
-------\Driver


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-23 16:23 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 15:52 <DIR> d-------- C:\Programme\Mozilla Thunderbird
2007-06-23 15:10 <DIR> d-------- C:\Programme\CCleaner
2007-06-23 14:18 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-23 13:58 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Thunderbird
2007-06-23 13:58 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Talkback
2007-06-23 13:50 39,936 --ah----- C:\WINDOWS\system32\jqfvavul.exe
2007-06-23 13:50 12,224 --ah----- C:\WINDOWS\system32\rjrpy.exe
2007-06-23 13:48 10,192 --a------ C:\fphwm.exe
2007-06-23 13:47 207,872 -r-hs---- C:\WINDOWS\system\msnrav.exe
2007-06-23 13:39 353,792 --ah----- C:\WINDOWS\system32\lxow.exe
2007-06-23 13:38 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-06-23 13:29 7,200 --ah----- C:\WINDOWS\system32\mprsr.exe
2007-06-23 13:29 18,432 --ah----- C:\WINDOWS\system32\nfmz.exe
2007-06-22 17:16 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-22 11:53 <DIR> d-------- C:\Programme\ICQ6


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-23 14:24:00 -------- d-----w C:\Programme\Trillian
2007-06-23 13:02:40 -------- d-----w C:\Programme\ICQToolbar
2007-04-24 05:17:16 -------- d-----w C:\Programme\eMule
2007-04-23 17:46:57 -------- d-----w C:\DOKUME~1\ADMINI~1\ANWEND~1\Skype
2007-04-23 14:11:52 -------- d-----w C:\DOKUME~1\ADMINI~1\ANWEND~1\vlc
2007-04-23 14:08:10 -------- d-----w C:\Programme\VideoLAN
2007-04-23 12:08:49 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-04-22 00:40:29 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-04-21 23:22:24 48,156 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-04-21 23:22:24 316,594 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-04-21 20:21:33 1,572 ----a-w C:\WINDOWS\mozver.dat
2007-04-21 17:28:33 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-21 12:17:39 0 --sha-r C:\MSDOS.SYS
2007-04-21 12:17:39 0 --sha-r C:\IO.SYS
2007-04-21 12:17:39 0 ----a-w C:\CONFIG.SYS
2007-04-21 12:17:39 0 ----a-w C:\AUTOEXEC.BAT
2007-04-21 12:15:15 21,740 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-02-24 16:35]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 C:\WINDOWS\Alcmtr.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMDM PMSP Service]
C:\WINDOWS\system32\cssrss.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 16:25:00
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-23 16:25:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-23 16:25

--- E O F ---

#4 Start>Ausführen> tippe da/kopiere: sc stop MSN RAV
Klicke OK
Nochmal,aber gebe bitte dann ein/kopiere: sc delete MSN RAV
Rechner Neu starten

1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als ComboFix-Do.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

File::
C:\WINDOWS\system32\jqfvavul.exe
C:\WINDOWS\system32\rjrpy.exe
C:\fphwm.exe
C:\WINDOWS\system\msnrav.exe
C:\WINDOWS\system32\lxow.exe
C:\WINDOWS\system32\mprsr.exe
C:\WINDOWS\system32\nfmz.exe

2.
Sleppe diese Datei zum ComboFix.exe(sehe Bild)
ComboFix wird jetzt starten und die Daten ausfuehren
Nach neustart des Rechners,poste das log von ComboFix und ein log
von Hijack This


__________
MfG Argus

#5 ComboFix 07-06-18.2 - C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
"Administrator" - 2007-06-23 16:53:17 - Service Pack 1 NTFS
Command switches used :: C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\fphwm.exe
C:\WINDOWS\system\msnrav.exe
C:\WINDOWS\system32\cssrss.exe
C:\WINDOWS\system32\jqfvavul.exe
C:\WINDOWS\system32\lxow.exe
C:\WINDOWS\system32\mprsr.exe
C:\WINDOWS\system32\nfmz.exe
C:\WINDOWS\system32\nso12k.sys
C:\WINDOWS\system32\rjrpy.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DRIVER
-------\Driver


((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))


2007-06-23 16:23 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 15:52 <DIR> d-------- C:\Programme\Mozilla Thunderbird
2007-06-23 15:10 <DIR> d-------- C:\Programme\CCleaner
2007-06-23 14:18 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-23 13:58 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Thunderbird
2007-06-23 13:58 <DIR> d-------- C:\DOKUME~1\ADMINI~1\ANWEND~1\Talkback
2007-06-23 13:38 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Spybot - Search & Destroy
2007-06-22 17:16 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-22 11:53 <DIR> d-------- C:\Programme\ICQ6


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-23 14:43:29 -------- d-----w C:\Programme\ICQToolbar
2007-06-23 14:24:00 -------- d-----w C:\Programme\Trillian
2007-04-24 05:17:16 -------- d-----w C:\Programme\eMule
2007-04-23 17:46:57 -------- d-----w C:\DOKUME~1\ADMINI~1\ANWEND~1\Skype
2007-04-23 14:11:52 -------- d-----w C:\DOKUME~1\ADMINI~1\ANWEND~1\vlc
2007-04-23 14:08:10 -------- d-----w C:\Programme\VideoLAN
2007-04-23 12:08:49 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-04-22 00:40:29 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-04-21 23:22:24 48,156 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-04-21 23:22:24 316,594 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-04-21 20:21:33 1,572 ----a-w C:\WINDOWS\mozver.dat
2007-04-21 17:28:33 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-21 12:17:39 0 --sha-r C:\MSDOS.SYS
2007-04-21 12:17:39 0 --sha-r C:\IO.SYS
2007-04-21 12:17:39 0 ----a-w C:\CONFIG.SYS
2007-04-21 12:17:39 0 ----a-w C:\AUTOEXEC.BAT
2007-04-21 12:15:15 21,740 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-02-24 16:35]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 12:43 C:\WINDOWS\Alcmtr.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMDM PMSP Service]
C:\WINDOWS\system32\cssrss.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, h**p://www.gmer.net
Rootkit scan 2007-06-23 16:54:53
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-23 16:55:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-23 16:55
C:\ComboFix2.txt ... 2007-06-23 16:25

--- E O F ---

---------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 16:58:20, on 23.06.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://start.icq.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177178254703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBD7DA6E-89C9-40C0-8A97-7E43E99DE6AC}: NameServer = 212.18.3.5 212.18.0.5
O18 - Protocol: bw+0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

#6 Entferne auf C:\qoobox\ Papierkorb leeren

Schliesse alle Fenster und starte Hijack This
Klicke:Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe (file missing)

klicke:Fix checked

Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Download SDFix zum Desktop

Starte im abgesicherten Modus:
http://www.bsi.bund.de/av/texte/wiederher.htm

SDFix.zip entpacken
unter C:\ findet man nun den SDFix-Ordner

Doppelklick RunThis.bat
Schreibe: Y folge allen Anweisungen
Dann wird der Rechner neustarten
SDFix entfernt jetzt die gefundene Objekte
Kopiere den Inhalt des Berichts “SophosReport.txt” der jetzt auf dein Desktop steht in diesen Thread
Und ein log von Hijack This
__________
MfG Argus

#7 SDFix: Version 1.88

Run by Administrator on 23.06.2007 at 17:24

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOKUME~1\ADMINI~1\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
MSN RAV

ImagePath:
"C:\WINDOWS\system\msnrav.exe"

MSN RAV - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\i - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\DOKUME~1\ADMINI~1\Desktop\SDFix\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\WINDOWS\LastGood.Tmp\INF\codecs10.inf
C:\WINDOWS\LastGood.Tmp\INF\codecs10.PNF
C:\WINDOWS\LastGood.Tmp\INF\DRM10.inf
C:\WINDOWS\LastGood.Tmp\INF\DRM10.PNF
C:\WINDOWS\LastGood.Tmp\INF\MPPRE10.inf
C:\WINDOWS\LastGood.Tmp\INF\MPPRE10.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem2.inf
C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem6.inf
C:\WINDOWS\LastGood.Tmp\INF\oem6.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem7.inf
C:\WINDOWS\LastGood.Tmp\INF\oem7.PNF
C:\WINDOWS\LastGood.Tmp\INF\WMDM10.inf
C:\WINDOWS\LastGood.Tmp\INF\WMDM10.PNF
C:\WINDOWS\LastGood.Tmp\INF\WMFSDK10.inf
C:\WINDOWS\LastGood.Tmp\INF\WMFSDK10.PNF
C:\WINDOWS\LastGood.Tmp\INF\WPD10.inf
C:\WINDOWS\LastGood.Tmp\INF\WPD10.PNF
C:\WINDOWS\LastGood.Tmp\INF\wpdmtp.inf
C:\WINDOWS\LastGood.Tmp\INF\wpdmtp.PNF
C:\WINDOWS\SoftwareDistribution\Download\69d0191489fd8c9a22de241a372bffb2\BIT1.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Listing User Accounts:


Administrator Gast Hilfeassistent
SUPPORT_388945a0
Der Befehl wurde mit einem oder mehreren Fehlern ausgef�hrt.


Finished
---------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:29:02, on 23.06.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177178254703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: bw+0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {9C4B9ED2-6ACB-4D8F-B3E8-4F71880F7E5C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

#8 Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
Neu Starten
Dann wieder aktivieren

Antivir http://board.protecus.de/t23979.htm

Tip: http://board.protecus.de/t29853.htm

Download
CleanUp
Anleitung: http://www.virus-protect.org/cleanup.html
Wenn man CleanUp weiter benutzen will das haeckchen bei “Delete Prefetch files”entfernen!

Die Benutzten Tools können wieder entfernt werden
__________
MfG Argus

#9 super

Vielen Danke für die schnell Hilfe.. ich hoff es bleibt nu so

#10 Gern geschehen
Gruss aus Holland
__________
MfG Argus