TR/Buddy.F/TR/Click.Age.DB.Dll/TR/Dldr.Spybi.1/TR/Stervice.C

KRS96 · 18.06.2005, 21:31

OK dann eben einen neuen thread...
HI leute ich habe auch diese 3 trojaner AV guard meldet sie mir ich lösche...und nach ca. 1 min kommen die meldungen wieder (ich will dafür kienen neuen thread aufmachen) kann mir irgendwer helfen?? (bzw. genau sagen was ich machen muss?!

Logfile of HijackThis v1.99.1
Scan saved at 22:28:21, on 18.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
E:\AVPersonal\AVGUARD.EXE
E:\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\kvmisvc.exe
C:\WINDOWS\Explorer.exe
c:\windows\system32\cvhcbb.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
E:\ICQLite\ICQLite.exe
C:\WINDOWS\System32\spoo
l\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
E:\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
E:\AVPersonal\AVGNT.EXE
C:\WINDOWS\SOUNDMAN.EXE
E:\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\nxonenc.EXE
C:\Programme\AceGain\LiveUpdate\LiveUpdate.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
E:\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\AceGain\LiveUpdate\aceagent.exe
F:\Steam\Steam.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSI\Core Center\CoreCenter.exe
E:\Logitech\SetPoint\SetPoint.exe
C:\Programme\MSI\SecureDoc\Logon.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\7zS304.tmp\firefox.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\ICQToolbar\toolbaru.dll
O3 - Toolbar: ogame Toolbar - {AB030D41-BFEB-11d3-BA8E-E756DF6F2B61} - E:\OGAMET~1\OGAME_~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
O4 - HKLM\..\Run: [ICQ Lite] E:\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SmcService] E:\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "E:\Medion Home CinemaXL\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVGCtrl] "E:\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "E:\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nxonenc] C:\WINDOWS\nxonenc.EXE
O4 - HKLM\..\Run: [wiiadll] C:\WINDOWS\wiiadll.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programme\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [gglwdll] C:\WINDOWS\gglwdll.exe
O4 - HKLM\..\Run: [ziqidll] C:\WINDOWS\ziqidll.exe
O4 - HKLM\..\Run: [ncwnwi] c:\windows\system32\cvhcbb.exe r
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Steam] F:\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = E:\Xfire\Xfire.exe
O4 - Global Startup: CoreCenter.lnk = C:\Programme\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SecureDoc.lnk = C:\Programme\MSI\SecureDoc\Logon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://E:\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1117120550640
O18 - Protocol: bw+0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0348CE65-DA1C-45C2-BE55-402253E5BD38} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\AVPersonal\AVWUPSRV.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\kvmisvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

wie geasagt ich versteh nix davon....

cronos · 18.06.2005, 22:47

Untersuche dein System zunächst, wie beschrieben mit Escan .
Teile uns die Ergebnisse mit.

KRS96 · 18.06.2005, 23:28

ok mach ich Log editiere ich dann hier rein...

ist es absicht das der link zum HJT tutorial geht??

cronos · 18.06.2005, 23:55

Zitat:

Zitat von KRS96

ok mach ich Log editiere ich dann hier rein...

nicht editieren, sondern antworten.Ansonsten geht das unter.

Zitat:

ist es absicht das der link zum HJT tutorial geht??

???

KRS96 · 19.06.2005, 00:04

verdammt habe ich viele viren:

File C:\WINDOWS\kvmisvc.exe infected by "Trojan-Dropper.Win32.Agent.mu" Virus! Action Taken: No Action Taken.
File c:\windows\system32\cvhcbb.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\nxonenc.EXE infected by "Trojan-Downloader.Win32.VB.hj" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\nxonenc.EXE infected by "Trojan-Downloader.Win32.VB.hj" Virus! Action Taken: No Action Taken.
File c:\windows\system32\cvhcbb.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Desktop\backups\backup-20050613-225205-964.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\WINDOWS\kvmisvc.exe infected by "Trojan-Dropper.Win32.Agent.mu" Virus! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IstBAR Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IstBAR Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ISearchTech.ISTdownloader Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\YSBactivex.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.EU.11" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.EU.11" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService.1" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
File C:\WINDOWS\visfxun.exe infected by "Trojan-Downloader.Win32.VB.kd" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\InstallerV3.exe tagged as "not-a-virus:AdWare.SafeSurfing.j". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsn198.dll tagged as "not-a-virus:AdWare.Beginto.c". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsv64.dll tagged as "not-a-virus:AdWare.Beginto.c". Action Taken: No Action Taken.
File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\1.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\thin_installerv3.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\DOKUME~1\ADMINI~1\LOKALE~1\TEMPOR~1\Content.IE5\C7JFU45D\thin_installerv3[1].exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\DOKUME~1\ADMINI~1\LOKALE~1\TEMPOR~1\Content.IE5\KPQB4X63\Poller[1].exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\DOKUME~1\ADMINI~1\LOKALE~1\TEMPOR~1\Content.IE5\OPY74DE3\btnetw2[1].exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\DOKUME~1\ADMINI~1\LOKALE~1\TEMPOR~1\Content.IE5\OPY74DE3\Nail[1].exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Desktop\backups\backup-20050613-225205-964.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\1.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\thin_installerv3.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\C7JFU45D\thin_installerv3[1].exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KPQB4X63\Poller[1].exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OPY74DE3\btnetw2[1].exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OPY74DE3\Nail[1].exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.

ich meinte damit das man zum hJT tutorial kommt und net zum Escan...

wenn es irgendwie möglich ist will ich nihct neu aufsetzten

cronos · 19.06.2005, 02:07

Zitat:

Zitat von KRS96

ich meinte damit das man zum hJT tutorial kommt und net zum Escan...

Hast völlig recht, habe das abgeändert.Mein Fehler

Evtl. hast du deswegen den Escan nicht richtig ausgeführt.
Lies dir den oben geänderten Link zu Escan nochmal durch.
Wichtig ist, u.a. das folgende Einstellungen gesetzt werden:

Lies dir nochmal die gesamte Anleitung durch, lösche die mwav.log Datei, scanne erneut und poste uns die Ergebnisse in dieser Form:

Zitat:

Rechtsklick auf diesen Link -> Ziel speichern unter… z.B. 'C:\Find.rar' -> 'Find.rar' entpacken z.B. 'C:\Find.bat' -> 'Find.bat' doppelklicken und den Scan abwarten -> den Inhalt [6] der automatisch erstellten 'C:\eScan_neu.txt' posten.

TR/Buddy.F/TR/Click.Age.DB.Dll/TR/Dldr.Spybi.1/TR/Stervice.C

Plagegeister aller Art und deren Bekämpfung: TR/Buddy.F/TR/Click.Age.DB.Dll/TR/Dldr.Spybi.1/TR/Stervice.C