Hallo,
als ich heute meinen Virencheck (von Antivir) laufen gelassen hab, kommt die meldung, das Antivir nen Virus entdeckt hat ... die Datei heißt: npwthost.dll! sie wurde entdeckt unter folgendem Link: C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll
wenn ich dann die Eigenschaften von der "Datei" aufrufe, steht da:
Betriebssystem: Windows NT/200/XP Workstation
Suchengine: 7.01.01.02
Virendefinitionsdatei: 6.35.01.84
Meldung: Enthält Signatur des SPR/WildTangent.B.1-Programmes
so... ich weiß nich ob die Datei gefährlich ist, geschweige denn, was ich tun soll.
Bitte um antwort!!!

mOIn Tyria Thor,
lasse Datei hier
Virustotal
oder hier
Jotti
überprüfen (kann bisschen dauern),
poste die Ergebnisse mit der Angabe der größe der hochgeladenen Datei,
auch wenn nichts gefunden wurde.
MFG

also.. ich hab die datei jetzt in Quarantäne.. soll ich die da wirklich wieder rausholen?!

mOIn nochma
ich meine du kannst sie aus der Quarantäne direkt hochladen ohne sie darausholen zu müssen.
MFG

Kurz einmisch:

Hier etwas zu Wildtangens .

@Tyria Thor,

deinstalliere über Systemsteuerung/Software --> Wildtangens oder ähnlich lautende Sioftware sowie weitere Dir unbekannte Programme.

Downloade Dir
clearprog 1.4.1 final.
Adaware
Spybot S&D
Adaware und Spybot installieren und updaten.

Starte Clearprog --> Häkchen bei alles Löschen und auf Löschen klicken.

Scanne danach nacheinander Dein System mit Adaware und Spybot.

Poste ansch. ein Hijackthis-Logfile.

dartus

hi! hab jetz mit adaware gescannt, das kam dabei heraus:
der hat 22 objekte gefunden, die zur MRU-Listr gehören.. übrigens, beim scannen
mit adaware kam von Antivir wieder ne Meldung:
dieses mal steht bei Meldung: SPR/WildTangent.B.1! Bei der Datei davor, stand: enthält SIGNATUR des SPR/WildTangent.B.1... um nochmal auf adaware zurrückzukommen soll ich die in Quarantäne verschieben?
mfg...

das hier war logfile bei adaware:

Ad-Aware SE Build 1.06r1
Logfile Created onienstag, 15. August 2006 08:44:48
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R118 07.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):22 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


15.08.2006 08:44:48 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\NICK\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\automap\9.0\findmru
Description : list of recently used find queries used in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\office\10.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-4272932890-1369996657-1396397546-1007\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 296
ThreadCreationTime : 15.08.2006 06:17:37
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 344
ThreadCreationTime : 15.08.2006 06:17:41
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 368
ThreadCreationTime : 15.08.2006 06:17:42
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 412
ThreadCreationTime : 15.08.2006 06:17:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 424
ThreadCreationTime : 15.08.2006 06:17:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 580
ThreadCreationTime : 15.08.2006 06:17:43
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 15.08.2006 06:17:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 672
ThreadCreationTime : 15.08.2006 06:17:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 728
ThreadCreationTime : 15.08.2006 06:17:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 744
ThreadCreationTime : 15.08.2006 06:17:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 836
ThreadCreationTime : 15.08.2006 06:17:44
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [sndsrvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 852
ThreadCreationTime : 15.08.2006 06:17:44
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 888
ThreadCreationTime : 15.08.2006 06:17:44
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1064
ThreadCreationTime : 15.08.2006 06:17:45
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [sched.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1248
ThreadCreationTime : 15.08.2006 06:18:52
BasePriority : Normal


#:16 [avguard.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1260
ThreadCreationTime : 15.08.2006 06:18:52
BasePriority : Normal


#:17 [ccproxy.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 1284
ThreadCreationTime : 15.08.2006 06:18:52
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:18 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\
ProcessID : 1364
ThreadCreationTime : 15.08.2006 06:18:53
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:19 [nprotect.exe]
FilePath : C:\Programme\Norton Internet Security Professional\Norton AntiVirus\AdvTools\
ProcessID : 1400
ThreadCreationTime : 15.08.2006 06:18:53
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1560
ThreadCreationTime : 15.08.2006 06:18:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [symlcsvc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\
ProcessID : 1608
ThreadCreationTime : 15.08.2006 06:18:56
BasePriority : Normal
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:22 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1640
ThreadCreationTime : 15.08.2006 06:18:56
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:23 [symwsc.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\
ProcessID : 1704
ThreadCreationTime : 15.08.2006 06:18:56
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1960
ThreadCreationTime : 15.08.2006 06:18:58
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2580
ThreadCreationTime : 15.08.2006 06:21:03
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:26 [atiptaxx.exe]
FilePath : C:\Programme\ATI Technologies\ATI Control Panel\
ProcessID : 2672
ThreadCreationTime : 15.08.2006 06:21:18
BasePriority : Normal
FileVersion : 6.14.10.5102
ProductVersion : 6.14.10.5102
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:27 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2680
ThreadCreationTime : 15.08.2006 06:21:18
BasePriority : Normal
FileVersion : 5.0.12
ProductVersion : 5.0.12
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2002 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:28 [ccapp.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\
ProcessID : 2728
ThreadCreationTime : 15.08.2006 06:21:18
BasePriority : Normal
FileVersion : 2.1.10.2
ProductVersion : 2.1.10.2
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:29 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0_06\bin\
ProcessID : 2780
ThreadCreationTime : 15.08.2006 06:21:19
BasePriority : Normal


#:30 [avgnt.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 2796
ThreadCreationTime : 15.08.2006 06:21:19
BasePriority : Normal


#:31 [point32.exe]
FilePath : C:\Programme\Microsoft Hardware\Mouse\
ProcessID : 2812
ThreadCreationTime : 15.08.2006 06:21:19
BasePriority : Normal


#:32 [lgdcore.exe]
FilePath : D:\Programme\Logitech G15\
ProcessID : 2904
ThreadCreationTime : 15.08.2006 06:21:21
BasePriority : Normal
FileVersion : 1.01.112
ProductVersion : 1.01.112
ProductName : G-series Software
CompanyName : Logitech Inc.
FileDescription : Logitech G-series Profiler
InternalName : LGDCore
LegalCopyright : © 2004-2005 Logitech. All rights reserved.
LegalTrademarks : Logitech, the Logitech logo, and other Logitech marks are owned by Logitech and may be registered. All other trademarks are the property of their respective owners.
OriginalFilename : LGDCore.exe
Comments : Created by Interactive Entertainment.

#:33 [arcor.exe]
FilePath : C:\Programme\ArcorOnline\
ProcessID : 2932
ThreadCreationTime : 15.08.2006 06:21:22
BasePriority : Normal
FileVersion : 5.00.0004
ProductVersion : 5.00.0004
ProductName : Arcor-Online Butler Version 5.004
CompanyName : Arcor AG & Co. KG
FileDescription : Arcor-Online Butler Version 5.004
InternalName : Arcor
LegalCopyright : © 2005 Arcor AG & Co. KG
LegalTrademarks : Arcor AG & Co. KG
OriginalFilename : Arcor.exe
Comments : Ihr Arcor-Online Butler 5.004 für Modem, ISDN, DSL und LAN.

#:34 [lcdmon.exe]
FilePath : D:\Programme\Logitech G15\
ProcessID : 2940
ThreadCreationTime : 15.08.2006 06:21:22
BasePriority : Normal
FileVersion : 1.01.112
ProductVersion : 1.01.112
ProductName : G-series Software
CompanyName : Logitech Inc.
FileDescription : Logitech G-series LCD Monitor
InternalName : LCDMon
LegalCopyright : © 2004-2005 Logitech. All rights reserved.
LegalTrademarks : Logitech, the Logitech logo, and other Logitech marks are owned by Logitech and may be registered. All other trademarks are the property of their respective owners.
OriginalFilename : LCDMon.exe
Comments : Created by Interactive Entertainment.

#:35 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2976
ThreadCreationTime : 15.08.2006 06:21:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:36 [lcdmedia.exe]
FilePath : D:\Programme\Logitech G15\Applets\
ProcessID : 3072
ThreadCreationTime : 15.08.2006 06:21:24
BasePriority : Normal
FileVersion : 1.01.112
ProductVersion : 1.01.112
ProductName : G-series Software
CompanyName : Logitech Inc.
FileDescription : Logitech G-series Media Display
InternalName : LCDMedia
LegalCopyright : © 2004-2005 Logitech. All rights reserved.
LegalTrademarks : Logitech, the Logitech logo, and other Logitech marks are owned by Logitech and may be registered. All other trademarks are the property of their respective owners.
OriginalFilename : LCDMedia.exe
Comments : Created by Interactive Entertainment.


#:37 [lcdclock.exe]
FilePath : D:\Programme\Logitech G15\Applets\
ProcessID : 3088
ThreadCreationTime : 15.08.2006 06:21:24
BasePriority : Normal
FileVersion : 1.01.112
ProductVersion : 1.01.112
ProductName : G-series Software
CompanyName : Logitech Inc.
FileDescription : Logitech G-series LCD Clock
InternalName : LCDClock
LegalCopyright : © 2004-2005 Logitech. All rights reserved.
LegalTrademarks : Logitech, the Logitech logo, and other Logitech marks are owned by Logitech and may be registered. All other trademarks are the property of their respective owners.
OriginalFilename : LCDClock.exe
Comments : Created by Interactive Entertainment.

#:38 [firefox.exe]
FilePath : C:\Programme\Firefox\
ProcessID : 3528
ThreadCreationTime : 15.08.2006 06:21:37
BasePriority : Normal


#:39 [teatimer.exe]
FilePath : D:\Programme\Virenbekämpfung\Spybot - Search & Destroy\
ProcessID : 3020
ThreadCreationTime : 15.08.2006 06:38:17
BasePriority : Idle
FileVersion : 1, 4, 0, 2
ProductVersion : 1, 4, 0, 3
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:40 [ad-aware.exe]
FilePath : D:\Programme\Virenbekämpfung\Ad-Aware SE Personal\
ProcessID : 3632
ThreadCreationTime : 15.08.2006 06:42:36
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

Deep scanning and examining files (E
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 22




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

09:01:16 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:27.922
Objects scanned:187091
Objects identified:0
Objects ignored:0
New critical objects:0

das da oben war glaub ich net so hilfreich
hier mal Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 13:42:56, on 18.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
D:\Programme\Logitech G15\LGDCore.exe
D:\Programme\Logitech G15\LCDMon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Logitech G15\Applets\LCDMedia.exe
D:\Programme\Logitech G15\Applets\LCDClock.exe
D:\Programme\Virenbekämpfung\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ArcorOnline\Arcor.exe
C:\Programme\Firefox\firefox.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Downloads\Virenbekämpfung\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] REM C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] REM Dit.exe
O4 - HKLM\..\Run: [VOBRegCheck] REM C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [Microsoft Works Update Detection] REM C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Arcor Online] REM
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ICQ Lite] REM D:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] REM "C:\Programme\nike\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] REM "C:\Programme\Spiele\i tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [POINTER] C:\Programme\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Programme\Logitech G15\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Programme\Logitech G15\LCDMon.exe"
O4 - HKCU\..\Run: [Start WingMan Profiler] REM
O4 - HKCU\..\Run: [tunebite.exe] REM C:\Programme\Spiele\tunebite\tunebite.exe
O4 - HKCU\..\Run: [windows media player zubehör] REM C:\WINDOWS\system32\wdfmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Virenbekämpfung\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAPIControl.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1155BEB9-BE73-4757-9CC1-20170BC0A96A}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{1155BEB9-BE73-4757-9CC1-20170BC0A96A}: NameServer = 195.50.140.114 195.50.140.252
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Hallo,

lass mal bitte folgende Datei bei Virustotal auswerten:

Zitat:

C:\WINDOWS\system32\wdfmgr.exe

Poste anschliessend das Ergebnis, einfach die Auswertung mit der Maus markieren, kopieren und in einen Beitrag einfügen.

Gruß
Sunny

wdfmgr.exe = bestandteil des windows media player 10 und höher

GUA

Zitat:

Zitat von GUA

wdfmgr.exe = bestandteil des windows media player 10 und höher

GUA

Nicht unbedingt! siehe hier -> Beschreibung, dann könnte es sich um diesen hier handeln -> W32/Agobot-TB

Vertrauen ist gut, Kontrolle ist besser

Zitat:

Zitat von [Gc]Sunny

Nicht unbedingt! siehe hier -> Beschreibung...

lese mal die mitglieder bewertung, die zu deinem link geschrieben wurden

GUA

Complete scanning result of "wdfmgr.exe", received in VirusTotal at 08.20.2006, 15:49:52 (CET).

Antivirus Version Update Result
AntiVir 6.35.1.3 08.20.2006 no virus found
Authentium 4.93.8 08.19.2006 no virus found
Avast 4.7.844.0 08.18.2006 no virus found
AVG 386 08.18.2006 no virus found
BitDefender 7.2 08.20.2006 no virus found
CAT-QuickHeal 8.00 08.18.2006 no virus found
ClamAV devel-20060426 08.20.2006 no virus found
DrWeb 4.33 08.20.2006 no virus found
eTrust-InoculateIT 23.72.102 08.20.2006 no virus found
eTrust-Vet 30.3.3026 08.18.2006 no virus found
Ewido 4.0 08.19.2006 no virus found
Fortinet 2.77.0.0 08.20.2006 no virus found
F-Prot 3.16f 08.18.2006 no virus found
F-Prot4 4.2.1.29 08.19.2006 no virus found
Ikarus 0.2.65.0 08.18.2006 no virus found
Kaspersky 4.0.2.24 08.20.2006 no virus found
McAfee 4832 08.18.2006 no virus found
Microsoft 1.1560 08.17.2006 no virus found
NOD32v2 1.1716 08.20.2006 no virus found
Norman 5.90.23 08.18.2006 no virus found
Panda 9.0.0.4 08.20.2006 no virus found
Sophos 4.08.0 08.19.2006 no virus found
Symantec 8.0 08.20.2006 no virus found
TheHacker 5.9.8.195 08.18.2006 no virus found
UNA 1.83 08.18.2006 no virus found
VBA32 3.11.0 08.20.2006 no virus found
VirusBuster 4.3.7:9 08.19.2006 no virus found

Aditional Information
File size: 38912 bytes
MD5: 49501c6be752d5043ada8667ac774f7a
SHA1: ebeb5be8b8ddf2e47fbced67c4ab8f4d721c611c

da ich jetzt seit 5 tagen keine antwort bekam... weiß ich echt nicht was ich noch machen soll....