psguard, was jetzt?

Chris14

fixe mit HijackThis diese einträge:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-se...k=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-se...k=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-se...look=stmpl1&fw=
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAMME\SIDEFIND\SFBHO.DLL (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
O2 - BHO: WebBho Class - {00041A26-7033-432C-94C7-6371DE343822} - C:\PROGRAMME\SE\V11\SE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAMME\ISTBAR\ISTBARCM.DLL (file missing)
O4 - HKLM\..\Run: [SaveNow] C:\Programme\SaveNow\SaveNow.exe
O4 - HKLM\..\Run: [DownloadWare] "C:\Programme\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAMME\SE\V11\SE.EXE" /H
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [cVeejh] C:\KWBLAYW.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\SYSTEM\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Programme\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [System Tray] C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\8T0J4ZOV\APPROVED.PIF
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
O16 - DPF: {7DBA2EB7-D000-8F95-11D4-56C4AF1429E2} - http://216.65.123.146/key/key.exe
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://enter.sextracker.com/German/...reedownload.exe
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...0006_cracks.cab

lösche diese dateien im abgesicherten modus:
C:\WINDOWS\SYSTEM\MSBE.DLL
C:\WINDOWS\SYSTEM\msxct.exe
C:\WINDOWS\SYSTEM\intell32.exe
C:\KWBLAYW.EXE

lösche diese ordner im abgesicherten modus:
C:\PROGRAMME\SIDEFIND
C:\PROGRAMME\SE\
C:\Programme\SaveNow\
C:\Programme\ISTsvc\ oder c:\program files\ISTSVC
C:\Programme\BullsEye Network\

neues HJT-Logfile posten

führe eScan gemäß der Anleitung aus


entferne den Trojaner Smitfraud.C gemäß dieser Anleitung