Bin ich sauber???

Pulpito · 24.05.2005, 11:07

Habe vor 2 Tagen irgendwie

diesen "Internet-Optimizer" im Laptop bekommen ... nun habe ich es nach der Anleitung

(http://www.pctipp.ch/helpdesk/kummer...rnet/26450.asp) manuell entfernt.
Aber irgendwie habe ich das Gefühl, dass doch alles nicht raus ist?

Hier mein Log (habe unpersonalisiert & links verändert, war`s richtig?

):

---
Logfile of HijackThis v1.99.1
Scan saved at 11:25:31, on 24.05.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Access Manager\Client\AMBroker.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\avmclient\avmbtservice.exe
C:\Program Files\avmclient\panapp.exe
C:\Program Files\avmclient\AvmObexService.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
D:\mm\groupware\http\mmHTTP3s.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Access Manager\PMAC\sp_SWIns.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
C:\Program Files\avmclient\bluefritz.exe
C:\Program Files\avmclient\AvmObex.exe
C:\Program Files\Access Manager\Client\AccessMgr.exe
C:\program files\180solutions\sais.exe
C:\WINDOWS\switpa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\avmclient\AvmObex.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\TOOLS\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://upwebapp01/getBack/Framework/Login.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by update software AG
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVMBlueClient] C:\Program Files\avmclient\bluefritz.exe
O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Program Files\avmclient\AvmObex.exe -pushclient -ftpclient
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\Access Manager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [ydgv] C:\WINDOWS\ydgv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to Arbeitszeit.xls.lnk = D:\PROJECTS\Arbeitszeit.xls
O8 - Extra context menu item: &Full Source - C:\WINDOWS\web\FullSource.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Verweisseiten - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - D:\Program Files\IrfanView\Ebay\Ebay.htm
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.update.com
O15 - Trusted Zone: h**p://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.update.com (HKLM)
O16 - DPF: Yahoo! Reversi - h**p://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - h**p://scpwca.ops.placeware.com/etc/place/CHARLIE/CHApws-a2/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - h**p://webcam1.cotas.com.bo/activex/AxisCamControl.ocx
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - h**p://support.update.com/SCRmagictsd/Reports/activeXViewer/activexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = update.com
O17 - HKLM\Software\..\Telephony: DomainName = update.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6C6B69-89EC-48AD-BBF4-A2E6D41C2C78}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = update.com
O18 - Protocol: update - (no CLSID) - (no file)
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - Unknown owner - C:\Program Files\Access Manager\Client\AMBroker.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Program Files\avmclient\avmbtservice.exe
O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Program Files\avmclient\panapp.exe
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Program Files\avmclient\AvmObexService.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - WorldCom - C:\Program Files\Access Manager\Client\DAPlugin.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\WorldCom IP VPN Remote Access\Extranet_serv.exe
O23 - Service: update.http (mmHTTP3) - update software AG - D:\mm\groupware\http\mmHTTP3s.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\Access Manager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\Access Manager\SMOC\spi_da.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

Ok, ich wart` mal auf eine Antwort!

Gruss,
Carlos

Rene-gad · 24.05.2005, 11:23

@Pulpito

Zitat:

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

SP2 fehlt.
Diese Dateien im abgesicherten Modus löschen.

Zitat:

C:\program files\180solutions\sais.exe
C:\WINDOWS\switpa.exe
C:\WINDOWS\ydgv.exe
C:\WINDOWS\web\related.htm

Diese Einträge bitte fixen.

Zitat:

O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [ydgv] C:\WINDOWS\ydgv.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Die folgenden Einträge kenne ich nicht. Du musst selbst herausfinden, was du nicht kennst und diese fixen.

Zitat:

O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - h**p://scpwca.ops.placeware.com/etc/place/CHARLIE/CHApws-a2/5.1.8.511/lib/quicksilver.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - h**p://webcam1.cotas.com.bo/activex/AxisCamControl.ocx
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - h**p://support.update.com/SCRmagictsd/Reports/activeXViewer/activexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = update.com
O17 - HKLM\Software\..\Telephony: DomainName = update.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE6C6B69-89EC-48AD-BBF4-A2E6D41C2C78}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = update.com
O18 - Protocol: update - (no CLSID) - (no file)
O23 - Service: update.http (mmHTTP3) - update software AG - D:\mm\groupware\http\mmHTTP3s.exe

BTW: Ich habe keine Spuren von einem Antivirus-Programm gefunden. Das würde ich akzeptieren nur, wenn du mir beweisen kannst, dass du gerade gestern von einer 10-jährigen Reise zum Mars zurückgekehrt bist.

Pulpito · 24.05.2005, 11:41

Hi Rene-gad,

vielen Dank

... also war meine Befürchtung doch wahr!

Dieses ist leider nicht mein eigenes Rechner und obwohl ich ständig online, achte ich was ich downloade. Nur diese WE war meine Freundin auf Musik suche...

Normalerweise nutze ich zu Hause Norton AV, aber ich dachte die Freaks im Büro hätten schon alles eingerichtet.
Erstaunlich das nicht schlimmes passiert ist... dabei bin ich seit mehr als 4 Monate dabei.

Gruß,
Carlos

Bin ich sauber???

Log-Analyse und Auswertung: Bin ich sauber???

Bin ich sauber???

Bin ich sauber???

Bin ich sauber???

Ähnliche Themen: Bin ich sauber???